- Double click the file to run it.
- Copy the following keyname to your clipboard - either CTRL + C or right click will do.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Click Paste from Clipboard and then Query.
- A Notepad window should open with some text it - either that or you'll get a pop-up telling you to check the keyname.
- Let me have the contents of the file.
[Resolved] Need help again, nasty attacks
#31
Posted 28 October 2009 - 01:50 PM
Register to Remove
#32
Posted 28 October 2009 - 04:41 PM
#33
Posted 28 October 2009 - 05:05 PM
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
#34
Posted 28 October 2009 - 05:52 PM
#35
Posted 29 October 2009 - 02:17 PM
#36
Posted 29 October 2009 - 04:58 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:52 PM, on 10/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buckeyeplanet.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {03DC87EC-20C4-4B2D-A172-C5DB8D522792} - C:\WINDOWS\System32\dmcompos32.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://wavenet.administrative.hgtc.edu
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165073630062
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 6664 bytes
#37
Posted 30 October 2009 - 02:25 PM
Place a checkmark in the boxes to the left of the following entries, by clicking on them:
O2 - BHO: (no name) - {03DC87EC-20C4-4B2D-A172-C5DB8D522792} - C:\WINDOWS\System32\dmcompos32.dll (file missing)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
The two above are junk and get deleted as such.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following two aren't required as they just speed up the access time of the two programs by partially starting them at boot-up. Waiting a couple of seconds longer to access QuickTime and Adobe Reader isn't really a issue.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
If you prefer to keep these two, then don't add them to the top instructions, but I removed them from my system and never noticed any ill effects.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following i'm unsure about:
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I don't know what software updates HP offers, so I can't say whether you really need it running at boot-up, but I doubt it as long as you can manually check for updates every so often. If you know how to manually check for updates, and can remember to do so regularly, then check this entry too.
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
The HP backup entry presumably offers some sort of back-up option, but I don't know HP computers so I can't comment. This one you'll need to look into for yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Once you've done the above, download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish
Double click gmer.exe to begin:
- If you get a message about rootkit activity and are asked if you want to scan, click No.
- Make sure all the boxes on the right of the screen are checked, EXCEPT for
- Sections
- IAT/EAT
- Show All
- All drives except your main one, which is usually C:\.
- Click the Scan button on the right.
- When the scan has completed, (you'll have time for a snack and a cuppa!), click the Save button and pick a name and handy location.
#38
Posted 31 October 2009 - 05:01 AM
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-31 06:40:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxoqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
I deleted the other stuff, except for the HP entries as you instructed. Do you want me to run the Gmer again? It took forever (overnight) to get those results.
#39
Posted 31 October 2009 - 03:35 PM
Download SysProt by Swatkat from here and save it to your Desktop.
You will need to unzip it before you run it.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish
Shut any open programs and then open the folder(s) until you get to SysProt.exe and tyhen double click it to begin - OK any Windows confirmation that you get.
- Select the Log Tab at the top.
- Check all the boxes in the Write to log section near the top.
- Check the Hidden Objects Only box and the bottom.
- Click Create Log and then leave the PC idle.
- When a window pops up asking about []Scanning for hidden files and folders[/b], select Scan all drives and then click Start - again leave the PC idle.
- You will be informed when the scan completes.
#40
Posted 01 November 2009 - 06:25 AM
Register to Remove
#41
Posted 01 November 2009 - 01:53 PM
#42
Posted 02 November 2009 - 06:08 PM
#43
Posted 03 November 2009 - 02:26 PM
- Close all open program windows and then double click the file to run it.
- Copy and paste the following into the Custom Scans/Fixes box at the bottom:
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
- Plese don't change any of the settings.
- Click the Quick Scan button and let it do it's thing - it shouldn't take too long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please paste the contents of these two files into your next reply, checking that all the data makes it into your post - large files may get cut off.
#44
Posted 03 November 2009 - 06:25 PM
OTL logfile created on: 11/3/2009 6:35:23 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
247.52 Mb Total Physical Memory | 144.51 Mb Available Physical Memory | 58.38% Memory free
606.49 Mb Paging File | 291.49 Mb Available in Paging File | 48.06% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.74 Gb Total Space | 17.29 Gb Free Space | 54.48% Space Free | Partition Type: NTFS
Drive D: | 5.55 Gb Total Space | 0.97 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
Drive E: | 265.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-XHTR8HVC4P
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/03 18:33:50 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/03 09:50:57 | 02,028,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/23 08:52:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/23 08:52:01 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/23 08:51:27 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/31 14:23:31 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2005/07/15 16:48:33 | 00,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2003/02/21 06:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 00,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/12/02 20:08:34 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2002/12/02 19:56:10 | 00,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
========== Modules (SafeList) ==========
MOD - [2009/11/03 18:33:50 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/08/23 08:51:27 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/05/03 01:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/02/21 06:07:06 | 00,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buckeyeplanet.com/forum/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = EC 87 DC 03 C4 20 2D 4B A1 72 C5 DB 8D 52 27 92 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 10:05:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/05 17:29:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 18:26:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/22 09:32:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/01 07:20:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/01 07:20:27 | 00,000,000 | ---D | M]
[2009/03/23 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/07/10 16:32:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/23 14:11:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/01 07:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions
[2009/09/03 18:19:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/09 09:05:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2009/10/17 07:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2007/11/05 18:46:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{40397044-467d-11dc-8314-0800200c9a66}
[2009/10/14 11:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{998650b0-ec08-4197-bbf6-6011d7d8edbc}
[2009/10/31 05:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/09/12 05:13:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2009/09/19 08:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\firefox@tvunetworks.com
[2008/10/12 06:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\osutheme@coachtressel.com
[2009/01/04 06:57:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\osutoolbar@coachtressel.com
[2009/10/22 05:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\personas@christopher.beard
[2007/11/05 18:46:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\{40397044-467d-11dc-8314-0800200c9a66}\chrome\mozapps\extensions
[2008/10/12 06:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2fptymhg.default\extensions\osutheme@coachtressel.com\chrome\mozapps\extensions
[2009/10/09 14:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\e0bl8l5x.Default User\extensions
[2005/10/22 07:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\e0bl8l5x.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/14 11:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\e0bl8l5x.Default User\extensions\{998650b0-ec08-4197-bbf6-6011d7d8edbc}
[2009/11/02 17:01:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 07:20:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/27 05:53:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}(2)
[2008/04/29 18:33:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/14 17:08:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/22 09:32:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 16:13:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 17:38:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/10/29 16:50:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/01 07:20:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/01 07:20:10 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/05/06 11:42:04 | 07,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2003/10/02 12:44:00 | 00,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
[2009/07/31 14:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/07/09 14:05:52 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/11/01 07:20:15 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/01 08:33:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/09/01 08:33:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/09/01 08:33:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/08/09 08:28:19 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/09 08:28:19 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/01 17:54:07 | 00,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/08/09 08:28:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/09 08:28:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/09 08:28:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/09 08:28:21 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/09 08:28:21 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: hgtc.edu ([wavenet.administrative] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1165073630062 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/23 07:53:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/08/08 11:39:56 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/03 18:33:31 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/01 07:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SysProt
[2009/10/30 16:30:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2009/10/22 17:43:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2009/10/22 17:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\wsInspector
[2009/10/22 15:26:28 | 00,000,000 | ---D | C] -- C:\Program Files\Startup Inspector for Windows
[2009/10/22 05:20:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/10/22 05:20:30 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
========== Files - Modified Within 14 Days ==========
[2009/11/03 18:33:50 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/03 17:26:00 | 44,680,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/03 17:26:00 | 00,072,810 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/03 09:50:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/03 09:46:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 09:46:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 09:46:31 | 25,961,6768 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/02 19:41:26 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/02 19:41:25 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/01 07:06:56 | 00,354,396 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2009/11/01 06:08:15 | 00,442,796 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 06:08:14 | 00,071,936 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 06:08:13 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/30 15:33:37 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/10/22 17:46:45 | 00,001,402 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/10/22 17:43:04 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/10/22 17:43:04 | 00,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2009/10/22 17:43:04 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
[2009/10/22 17:43:03 | 00,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
[2009/10/22 15:26:43 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Startup Inspector for Windows.lnk
[2009/10/22 05:20:33 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
========== Files Created - No Company Name ==========
[2009/11/01 07:06:47 | 00,354,396 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2009/10/22 15:26:43 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Startup Inspector for Windows.lnk
[2009/10/22 05:20:32 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auslogics Disk Defrag.lnk
[2009/10/09 18:22:11 | 00,005,609 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6c44b700684C.manifest
[2009/10/09 18:22:11 | 00,001,213 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6c44b700684O.manifest
[2009/10/09 18:22:11 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6c44b700684S.manifest
[2009/10/09 18:22:10 | 00,003,010 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\6c44b700684P.manifest
[2007/02/25 18:55:39 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/08 12:05:16 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/01/08 12:01:13 | 00,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2007/01/08 12:01:13 | 00,000,343 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2006/11/25 05:57:05 | 02,113,968 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2006/11/13 08:41:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb8144.dat
[2006/11/13 08:41:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb4312.dat
[2006/11/07 12:05:16 | 00,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/07 12:04:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb7134.dat
[2006/11/07 12:04:50 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb2633.dat
[2006/11/07 12:04:50 | 00,000,049 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb41.dat
[2006/11/07 12:04:23 | 00,000,151 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb7852.dat
[2006/11/07 12:04:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb6480.dat
[2006/11/07 12:04:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb922.dat
[2006/11/07 12:04:19 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb3407.dat
[2006/11/07 12:04:14 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb2516.dat
[2006/11/07 12:04:01 | 00,000,382 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb1942.dat
[2006/11/07 12:04:01 | 00,000,023 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inifile41.ini
[2006/08/20 06:20:25 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 14:43:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/30 17:31:02 | 00,005,202 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/30 17:31:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/10 15:53:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/29 06:01:10 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mpauth.dat
[2005/08/09 17:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/10 07:26:40 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005/04/10 07:23:01 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/03/10 10:33:17 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/01/01 09:15:01 | 00,000,139 | ---- | C] () -- C:\WINDOWS\AcdStitch.INI
[2004/12/20 11:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/01 15:38:09 | 00,000,092 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/10 17:55:38 | 00,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/05/16 07:01:43 | 00,000,067 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2004/03/24 10:57:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/02/15 09:21:20 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/02/07 10:06:44 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2004/02/07 10:06:44 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2004/02/07 10:03:58 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7616F2B6AF.sys
[2004/01/01 09:07:45 | 00,000,381 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/11/29 07:51:42 | 00,000,052 | ---- | C] () -- C:\WINDOWS\SMG 01.ini
[2003/11/02 10:07:29 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/25 06:20:18 | 00,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2003/08/28 22:35:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/28 22:19:10 | 00,002,146 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/08/23 22:42:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/08/23 22:42:12 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/08/23 22:42:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/08/23 22:36:36 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/23 22:33:23 | 00,026,395 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/23 22:32:54 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/23 22:32:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/23 09:25:25 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/23 09:25:15 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/23 09:12:10 | 00,033,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/08/23 09:12:08 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 08:54:38 | 00,001,086 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/08/23 08:46:51 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/08/23 08:19:52 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/23 08:11:57 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/23 08:11:57 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/23 08:11:35 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/23 07:57:05 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/23 07:56:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/08/23 07:42:24 | 00,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/23 07:42:12 | 00,001,757 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/08/23 07:42:09 | 00,000,271 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/08/23 00:46:36 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/07/24 00:56:49 | 00,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/24 00:56:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/06/23 20:27:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/27 06:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/05/24 10:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/03/21 14:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/04/11 16:54:20 | 00,282,112 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999/01/22 14:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2004/12/31 08:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/10/08 15:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2008/12/21 06:49:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/08/24 14:33:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/15 15:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/06/21 07:24:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/12/31 08:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2009/10/22 05:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2009/05/19 08:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2004/01/16 14:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2004/02/07 10:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Corel
[2009/03/15 09:28:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2004/03/15 18:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/02/12 09:49:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/03/15 18:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2003/08/23 22:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/03/15 15:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/03/14 17:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Setup
[2003/10/19 05:50:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/12/21 06:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/10/25 07:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wsInspector
[2002/08/29 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/06/16 20:32:20 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1067084607.job
[2009/11/03 09:46:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 07:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\eapsvc.dll:SummaryInformation
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
< End of report >
and...
TL Extras logfile created on: 11/3/2009 6:35:23 PM - Run 1
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
247.52 Mb Total Physical Memory | 144.51 Mb Available Physical Memory | 58.38% Memory free
606.49 Mb Paging File | 291.49 Mb Available in Paging File | 48.06% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.74 Gb Total Space | 17.29 Gb Free Space | 54.48% Space Free | Partition Type: NTFS
Drive D: | 5.55 Gb Total Space | 0.97 Gb Free Space | 17.46% Space Free | Partition Type: FAT32
Drive E: | 265.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-XHTR8HVC4P
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\wjview.exe" = C:\WINDOWS\system32\wjview.exe:*:Disabled:Microsoft® VM Command Line Interpreter -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe" = C:\Program Files\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2 -- (Sony Creative Software Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{098637A9-C208-4398-8374-853151D35200}" = SkinsHP2
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{225af9a1-b556-88d5-94aa-0010b5426419}" = MyDSC
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 16
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{305B23E7-F8D8-4B92-83AA-5AE0D0090DE7}" = Unload
"{306AC1F8-42D9-4639-B412-ABCB7F01F85A}" = OptiPix Pro
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}" = Java SE Development Kit 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39DA87A1-0B26-4562-A70C-2A6147366E47}" =
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F46F8A1-75E1-4bbd-A02D-650C84422E87}" = HPImageZone
"{42948B02-7191-40CF-92AA-4E330869B28B}" = HPIZ Fix2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5C650855-4C2B-418F-A747-8B3D8E3FF2A8}" = TrayApp
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{62B3B82F-B9B1-4D8C-B5D1-C3DAEA1F73AA}" = PhotoGallery
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{642B473F-2584-4C21-AB10-6D1EF28BD601}" = QuickProjects
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{84464E93-0222-42E5-8CCE-A618F86210F3}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98386532-89B5-42FF-AC49-60C0D9DBD8B1}" = CreativeProjects
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}" =
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B13A7C41581B411290FBC0395694E2A9}" =
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9266252-00CB-4140-B740-DE88FC0F7609}" = hpmdtab
"{BAD59025-5B73-4E12-B789-0028C5A573C2}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C224DBAC-57F4-40FD-BB83-09DB532CCD68}" = HPSystemDiagnostics
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF07F56D-F9FD-45CB-8E2B-48786B5B5723}" = Director
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC" = GemMaster 3 from Hewlett-Packard Desktops (remove only)
"1FEF9671-50F6-4CB0-9E96-304EB14158E0" = Honeycombs from Hewlett-Packard Desktops (remove only)
"342970EF-F8DF-4E9B-8477-A1A03E3E15E1" = STX from Hewlett-Packard Desktops (remove only)
"357ECB62-CD36-4B63-B57E-769D0CA174F4" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3F34F72F-9BB0-4B73-8312-558953ACF56F" = Super Granny from Hewlett-Packard Desktops (remove only)
"4F0AE1FB-4082-4A27-8363-05D292D92FB0" = Virtual Warfare from Hewlett-Packard Desktops (remove only)
"53EF27E9-150C-4063-8343-61C45FC6BB98" = Mars Rover from Hewlett-Packard Desktops (remove only)
"5415BC25-6D6C-46C4-B34C-EA8470FE56D5" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"5F804D2B-A66D-4F0A-B64E-FBDA3F52E3F8" = Slyder from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"7CEF0F00-BA1B-4861-A102-38CC86CA622B" = Phoenix Assault from Hewlett-Packard Desktops (remove only)
"Ace Utilities_is1" = Ace Utilities
"AddressBook" =
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"AVG8Uninstall" = AVG 8.5
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C99127BE-FDE5-49BD-9621-BFE5DF19AA34" = Cannonballs from Hewlett-Packard Desktops (remove only)
"Championship Bass" = Championship Bass
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Connection Manager" =
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"Dale Earnhardt 1951-2001" = Dale Earnhardt 1951-2001
"DF479CEA-34C0-460F-9B56-93BCE4CD4086" = Excavation from Hewlett-Packard Desktops (remove only)
"DirectAnimation" =
"DirectDrawEx" =
"D-Link DMP-110 2.01.004" = D-Link DMP-110 2.01.004
"DXM_Runtime" =
"ebateswebsavings0.xml" = Web Savings from Ebates
"ESET Online Scanner" = ESET Online Scanner v3
"Fontcore" =
"GameChannel" = WildTangent GameChannel (remove only)
"GoldWave v4.26" = GoldWave v4.26
"GoogleVideoPlayer" = Google Video Player
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"HPTOOLKIT" = toolkit
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"Indeo® software" = Indeo® software
"InfraRecorder" = InfraRecorder
"InstallShield Uninstall Information" =
"InstallShield_{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" =
"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"JFK Reloaded" = JFK Reloaded 1.1
"LimeWire" = LimeWire 5.1.2
"Liv Tyler" = Liv Tyler
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marx Brothers" = Marx Brothers Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Microsoft NetShow Player 2.0" =
"MobileOptionPack" =
"Monty Python Screen Saver" = Monty Python Screen Saver
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"MSN Music Assistant" = MSN Music Assistant
"NASCAR Racing 1999 Edition" = NASCAR Racing 1999 Edition
"NetMeeting" =
"Network Play System" = EA Network Play System
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Gart Driver" = NVIDIA Gart Driver
"osu-fiesta-screensaver.scr" = osu-fiesta-screensaver
"OutlookExpress" =
"PCHealth" =
"Pinball Master" = Pinball Master
"Product_Name" = Impossible Golf
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RecordNow.exe" =
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Sarah Michelle Gellar" = Sarah Michelle Gellar
"SchedulingAgent" =
"SGTRAY.EXE" =
"Sierra Utilities" = Sierra Utilities
"SMG 01" = SMG 01
"SopCast" = SopCast 1.1.2
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.1
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/23/2009 6:25:57 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/29/2009 5:39:14 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Error | ID = 1000
Description = Faulting application javara.exe, version 1.15.0.1745, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 10/29/2009 6:29:47 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/30/2009 5:32:36 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15163, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/30/2009 5:32:36 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15163, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/31/2009 6:48:38 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/31/2009 6:48:38 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/31/2009 6:52:09 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/31/2009 6:55:59 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/31/2009 7:26:08 PM | Computer Name = YOUR-XHTR8HVC4P | Source = Application Hang | ID = 1002
Description = Hanging application SysProt.exe, version 1.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/30/2009 9:59:47 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start
due to the following error: %%1058
Error - 10/30/2009 9:59:47 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 10/31/2009 7:28:33 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start
due to the following error: %%1058
Error - 10/31/2009 7:28:33 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/1/2009 7:02:37 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start
due to the following error: %%1058
Error - 11/1/2009 7:02:37 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/2/2009 11:21:45 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start
due to the following error: %%1058
Error - 11/2/2009 11:21:45 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
Error - 11/3/2009 10:47:42 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The D-Link DMP-110 NtJCMp3.Sys MP3 USB driver service failed to start
due to the following error: %%1058
Error - 11/3/2009 10:47:42 AM | Computer Name = YOUR-XHTR8HVC4P | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2
< End of report >
#45
Posted 04 November 2009 - 02:41 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users