Hello,
I have that dang bankerfox/nugel 32 virus. I cannot access anything on that computer without the pop ups telling me I have a virus. Please help.
Here is OTL extras log:
OTL Extras logfile created on: 2/11/2010 10:01:36 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Owner-PC\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 32.19 Gb Free Space | 43.19% Space Free | Partition Type: NTFS
Drive D: | 72.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 122.10 Mb Total Space | 11.29 Mb Free Space | 9.25% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BG86CGGLETO3J
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{543FE736-1810-48FA-9CF1-4660ACD1050B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B8280B-9967-431C-917A-E7B3FF037E99}" = protocol=17 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\updatemgr.exe |
"{4E8FA855-5CB4-4795-8295-7B9178A1F66F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A7461D5-9FA7-4CBB-B334-5191E6420D30}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{95443F1A-2C95-4162-9775-A164485BC7B7}" = protocol=6 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\ttax.exe |
"{AF90A648-0E59-46B3-B468-066750BE4F5C}" = protocol=17 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\ttax.exe |
"{B6041FAE-EB29-4EE6-A10C-28CDEF1F189C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E49FC9AD-B5DD-4043-B67C-F1FC8547D15A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F301DA69-11CB-42A0-8C7B-CBD56BFC1A63}" = protocol=6 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\updatemgr.exe |
"{F5D439DD-8FDA-4B49-A32D-BD2999A3A351}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FD77A277-6F41-43C3-80C7-F855D687E9F3}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"TCP Query User{07419801-BDB3-4413-8CFA-2A0C261BBDD2}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{5D5035C1-2520-44A3-B575-966AF53134C1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BFEDBB4-EB48-48FB-8F9B-3DD58A210550}C:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe |
"UDP Query User{17FB1D4D-C467-4DCB-B172-3567937EA264}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{C4E0BF50-A90A-4980-B7F6-A46CA9A7D04B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED411D02-9B5F-4EA3-A672-639CDCEB7F38}C:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1FCC7185-DCF3-4478-86AD-C2F2D1116BE3}" = 7300
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A7C1F27-206B-46EE-A43B-7245A5B6E828}" = 7200_Help
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{616A66CD-D36D-4E24-8B67-33AFDFF48061}" = Palm Outlook Conduits Updater
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}" = Microsoft MapPoint North America 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2BD08B2-46B5-418A-8C97-67B59EF20A87}" = 7200
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD66335B-EF80-4A09-A479-AD24E5655A49}" = 7200Trb
"{B68ED296-D899-4573-AFFC-D3F6904785D4}" = HP Driver Diagnostics
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 with GPS Locator
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Basic 2007" = TurboTax Basic 2007
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:09 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:09 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:10 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7026
Description =
Error - 2/12/2010 12:01:03 AM | Computer Name = BG86CGGLETO3J | Source = DCOM | ID = 10005
Description =
< End of report >
I have that dang bankerfox/nugel 32 virus. I cannot access anything on that computer without the pop ups telling me I have a virus. Please help.
Here is OTL extras log:
OTL Extras logfile created on: 2/11/2010 10:01:36 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Owner-PC\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 1500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 32.19 Gb Free Space | 43.19% Space Free | Partition Type: NTFS
Drive D: | 72.93 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 122.10 Mb Total Space | 11.29 Mb Free Space | 9.25% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BG86CGGLETO3J
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{543FE736-1810-48FA-9CF1-4660ACD1050B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B8280B-9967-431C-917A-E7B3FF037E99}" = protocol=17 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\updatemgr.exe |
"{4E8FA855-5CB4-4795-8295-7B9178A1F66F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A7461D5-9FA7-4CBB-B334-5191E6420D30}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{95443F1A-2C95-4162-9775-A164485BC7B7}" = protocol=6 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\ttax.exe |
"{AF90A648-0E59-46B3-B468-066750BE4F5C}" = protocol=17 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\ttax.exe |
"{B6041FAE-EB29-4EE6-A10C-28CDEF1F189C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E49FC9AD-B5DD-4043-B67C-F1FC8547D15A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F301DA69-11CB-42A0-8C7B-CBD56BFC1A63}" = protocol=6 | dir=in | app=c:\program files\turbotax\basic 2007\32bit\updatemgr.exe |
"{F5D439DD-8FDA-4B49-A32D-BD2999A3A351}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FD77A277-6F41-43C3-80C7-F855D687E9F3}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"TCP Query User{07419801-BDB3-4413-8CFA-2A0C261BBDD2}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{5D5035C1-2520-44A3-B575-966AF53134C1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6BFEDBB4-EB48-48FB-8F9B-3DD58A210550}C:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe |
"UDP Query User{17FB1D4D-C467-4DCB-B172-3567937EA264}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{C4E0BF50-A90A-4980-B7F6-A46CA9A7D04B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED411D02-9B5F-4EA3-A672-639CDCEB7F38}C:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\owner-pc\appdata\local\temp\lmi7477.tmp\lmi_rescue.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}" = Sprint SmartView
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1FCC7185-DCF3-4478-86AD-C2F2D1116BE3}" = 7300
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{377739AE-00D9-4E80-8ECB-4C8A7EFFE526}" = 7300Trb
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A7C1F27-206B-46EE-A43B-7245A5B6E828}" = 7200_Help
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{616A66CD-D36D-4E24-8B67-33AFDFF48061}" = Palm Outlook Conduits Updater
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83ED1E80-A1B7-4246-BCF1-AC4A88151A6B}" = Microsoft MapPoint North America 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2BD08B2-46B5-418A-8C97-67B59EF20A87}" = 7200
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AD66335B-EF80-4A09-A479-AD24E5655A49}" = 7200Trb
"{B68ED296-D899-4573-AFFC-D3F6904785D4}" = HP Driver Diagnostics
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 with GPS Locator
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OUTLOOKR" = Microsoft Office Outlook 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax Basic 2007" = TurboTax Basic 2007
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:08 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:09 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:09 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/20/2009 7:38:10 PM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11/22/2009 1:01:28 AM | Computer Name = BG86CGGLETO3J | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7001
Description =
Error - 2/12/2010 12:00:50 AM | Computer Name = BG86CGGLETO3J | Source = Service Control Manager | ID = 7026
Description =
Error - 2/12/2010 12:01:03 AM | Computer Name = BG86CGGLETO3J | Source = DCOM | ID = 10005
Description =
< End of report >