Google Redirect Problem -- I have Read Malware and Spyware section. O |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Oct 18 2009, 03:58 PM
Post
#1
|
|
|
New Member  Posts: 3 OS: xp  |
When I use google or any other search engine, I get the same listings for results. A bunch of Spam listings.
Here is my MBAM, rootlog, and OTLs. I don't know what to do next. I also put my Hijackthis analysis at the bottom if that helps. Thanks a lot for your help. Malwarebytes' Anti-Malware 1.41 Database version: 2981 Windows 5.1.2600 Service Pack 3 10/18/2009 1:10:57 PM mbam-log-2009-10-18 (13-10-57).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 249781 Time elapsed: 2 hour(s), 19 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/18 14:51 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: Image Path: Address: 0xBA610000 Size: 98304 File Visible: No Signed: - Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: d347prt.sys Image Path: d347prt.sys Address: 0xBADB2000 Size: 5248 File Visible: - Signed: - Status: Hidden from the Windows API! Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB64A9000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBAE00000 Size: 8192 File Visible: No Signed: - Status: - Name: intelide.sys Image Path: intelide.sys Address: 0xBADAE000 Size: 5504 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB1921000 Size: 49152 File Visible: No Signed: - Status: - Name: viaide.sys Image Path: viaide.sys Address: 0xBADAC000 Size: 5376 File Visible: - Signed: - Status: Hidden from the Windows API! SSDT ------------------- #: 012 Function Name: NtAlertResumeThread Status: Hooked by "<unknown>" at address 0x8a5e3fd0 #: 013 Function Name: NtAlertThread Status: Hooked by "<unknown>" at address 0x8a5e3f98 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "<unknown>" at address 0x8a54c598 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65156b8 #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x8a5acb38 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6515574 #: 043 Function Name: NtCreateMutant Status: Hooked by "<unknown>" at address 0x8a4f8548 #: 045 Function Name: NtCreatePagingFile Status: Hooked by "d347bus.sys" at address 0xba782a20 #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x8a604278 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6515a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb651514c #: 071 Function Name: NtEnumerateKey Status: Hooked by "d347bus.sys" at address 0xba7832a8 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "d347bus.sys" at address 0xba78e910 #: 083 Function Name: NtFreeVirtualMemory Status: Hooked by "<unknown>" at address 0x8a7060b0 #: 089 Function Name: NtImpersonateAnonymousToken Status: Hooked by "<unknown>" at address 0x8a4f3b80 #: 091 Function Name: NtImpersonateThread Status: Hooked by "<unknown>" at address 0x8a3e5770 #: 108 Function Name: NtMapViewOfSection Status: Hooked by "<unknown>" at address 0x8a577d88 #: 114 Function Name: NtOpenEvent Status: Hooked by "<unknown>" at address 0x8a4f88f8 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb651564e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb651508c #: 123 Function Name: NtOpenProcessToken Status: Hooked by "<unknown>" at address 0x8a6b40c8 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65150f0 #: 129 Function Name: NtOpenThreadToken Status: Hooked by "<unknown>" at address 0x8a601e20 #: 160 Function Name: NtQueryKey Status: Hooked by "d347bus.sys" at address 0xba7832c8 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb651576e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb651572e #: 206 Function Name: NtResumeThread Status: Hooked by "<unknown>" at address 0x8a5a7118 #: 213 Function Name: NtSetContextThread Status: Hooked by "<unknown>" at address 0x8a602200 #: 228 Function Name: NtSetInformationProcess Status: Hooked by "<unknown>" at address 0x8a602488 #: 229 Function Name: NtSetInformationThread Status: Hooked by "<unknown>" at address 0x8a5fed20 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "d347bus.sys" at address 0xba78e0b0 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb65158ae #: 253 Function Name: NtSuspendProcess Status: Hooked by "<unknown>" at address 0x8a4f8e68 #: 254 Function Name: NtSuspendThread Status: Hooked by "<unknown>" at address 0x8a5faed8 #: 257 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x8a634008 #: 258 Function Name: NtTerminateThread Status: Hooked by "<unknown>" at address 0x8a5fdf30 #: 267 Function Name: NtUnmapViewOfSection Status: Hooked by "<unknown>" at address 0x8a6ce0b0 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0x8a54bae8 ==EOF== OTL Extras logfile created on: 10/18/2009 3:15:47 PM - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Spyware removal Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 38.27% Memory free 3.78 Gb Paging File | 2.68 Gb Available in Paging File | 70.92% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.38 Gb Total Space | 146.38 Gb Free Space | 65.24% Space Free | Partition Type: NTFS Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32 Drive E: | 697.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILY Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- () "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation) "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard) "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- () "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\NETAMIN\Real Baseball\patcher\fc.exe" = C:\Program Files\NETAMIN\Real Baseball\patcher\fc.exe:*:Enabled:Cal Ripken's Real Baseball SysAnalyzer -- () "C:\Program Files\NETAMIN\Real Baseball\game\RealBaseball.exe" = C:\Program Files\NETAMIN\Real Baseball\game\RealBaseball.exe:*:Enabled:RealBaseball -- (Netamin Communication) "C:\Program Files\EA Sports\FIFA 08\FIFA08.exe" = C:\Program Files\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08 -- () "C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe" = C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe:*:Enabled:SLVoice -- () "C:\Program Files\SecondLifeReleaseCandidate\SecondLifeReleaseCandidate.exe" = C:\Program Files\SecondLifeReleaseCandidate\SecondLifeReleaseCandidate.exe:*:Enabled:Second Life -- (Linden Lab) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08 "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16) "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1 "{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather™ The Game "{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}" = Symantec AntiVirus "{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11 "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3 "{32A640BD-4244-4FAF-8796-EA401652E26A}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone "{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2 "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer "{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{41458D43-5C00-44ED-A138-5BC51AF8A773}" = Cal Ripken's Real Baseball "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0 "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig "{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}" = Baseball Mogul 2006 "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1 "{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK "{7A65E382-1843-4B46-861B-1BECB8354911}" = Falcon 4.0: Allied Force "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder "{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6 "{7D7251C7-EE4C-4934-90DA-14296F49F1DB}" = FRED "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" = "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9CB4387-C7DD-4008-83C6-A2F322B84B4E}" = ABIM Tutorial "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio "{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1 "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy "{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA "{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0 "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CDCDA269-A023-4318-AAC6-EFD9559BF6BA}_is1" = GTR "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers "{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes "{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic "{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari "{E8650C8D-CCB2-496E-816C-ECC54A7EE411}" = Civilization III Play the World "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player "Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem "Amazing Slow Downer" = Amazing Slow Downer (remove only) "ApecSoft 3GP Flash Video Converter_is1" = 3GP Flash Video Converter V1.33 "avast!" = avast! Antivirus "AwayMode160" = Microsoft Away Mode "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto "BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "CSCLIB" = Canon Camera Support Core Library "DISCover" = DISCover "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "ERUNT_is1" = ERUNT 1.1j "Falcon 4.0" = Falcon 4.0 "Google Calendar Sync" = Google Calendar Sync "Google Chrome" = Google Chrome "Google Updater" = Google Updater "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "HP Document Viewer" = HP Document Viewer 5.3 "HP Imaging Device Functions" = HP Imaging Device Functions 6.0 "HP Photo & Imaging" = HP Photosmart Premier Software 6.0 "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16) "InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III "IntelliMover Data Transfer Demo" = Remove IntelliMover Demo "InterActual Player" = InterActual Player "LimeWire" = LimeWire 4.12.6 "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MKSAP 14" = MKSAP 14 1.0 "MKSAP 15 Pretest Kit A" = MKSAP 15 Pretest Kit A "Money2006b" = Microsoft Money 2006 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14) "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Netscape Browser" = Netscape Browser (remove only) "Network Play System (Patching)" = Network Play System (Patching) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "Pdf995" = Pdf995 "PhotoStitch" = Canon Utilities PhotoStitch "Professor Answers" = Professor Answers "Professor Teaches Access 2003" = Professor Teaches Access 2003 "Professor Teaches Access 2007" = Professor Teaches Access 2007 "Professor Teaches Excel 2003" = Professor Teaches Excel 2003 "Professor Teaches Excel 2007" = Professor Teaches Excel 2007 "Professor Teaches FrontPage 2003" = Professor Teaches FrontPage 2003 "Professor Teaches Outlook 2007" = Professor Teaches Outlook 2007 "Professor Teaches PowerPoint 2003" = Professor Teaches PowerPoint 2003 "Professor Teaches PowerPoint 2007" = Professor Teaches PowerPoint 2007 "Professor Teaches Publisher 2003" = Professor Teaches Publisher 2003 "Professor Teaches Word 2003" = Professor Teaches Word 2003 "Professor Teaches Word 2007" = Professor Teaches Word 2007 "PS2" = PS2 "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 6.0" = RealPlayer "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SecondLifeReleaseCandidate" = SecondLifeReleaseCandidate (remove only) "SecondLifeWindLight" = SecondLifeWindLight (remove only) "Shareaza" = Shareaza "SystemRequirementsLab" = System Requirements Lab "The Jungle Media Center" = The Jungle Media Center "The Sims" = The Sims "TomTom HOME" = TomTom HOME 2.6.3.1609 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "YInstHelper" = Yahoo! Install Manager "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 10/18/2009 4:31:57 PM | Computer Name = FAMILY | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Instant Messaging provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 10/18/2009 4:31:57 PM | Computer Name = FAMILY | Source = avast! | ID = 33554522 Description = AAVM - initialization error: P2P provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. Error - 10/18/2009 4:31:57 PM | Computer Name = FAMILY | Source = avast! | ID = 33554522 Description = AAVM - initialization error: Standard Shield provider: cannot start because 'Norton Antivirus / Symantec Antivirus' is active!, 00000000. [ Application Events ] Error - 9/4/2009 8:29:03 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002 Description = Hanging application msiexec.exe, version 3.1.4001.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 9/24/2009 8:43:58 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module xpshims.dll, version 8.0.6001.18806, fault address 0x00001967. Error - 10/2/2009 7:12:42 PM | Computer Name = FAMILY | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module xpshims.dll, version 8.0.6001.18806, fault address 0x00001967. Error - 10/9/2009 4:51:01 AM | Computer Name = FAMILY | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL. [ OSession Events ] Error - 6/16/2008 11:49:07 PM | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/8/2009 9:08:52 PM | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/18/2009 12:39:16 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034 Description = The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/18/2009 12:39:16 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034 Description = The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s). Error - 10/18/2009 12:39:16 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034 Description = The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s). Error - 10/18/2009 12:39:17 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031 Description = The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error - 10/18/2009 12:39:19 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 10/18/2009 12:44:48 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Windows Search service to connect. Error - 10/18/2009 12:44:48 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 10/18/2009 12:44:52 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Error - 10/18/2009 1:36:40 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 Error - 10/18/2009 4:32:40 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ftsata2 < End of report > OTL logfile created on: 10/18/2009 3:15:47 PM - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\Spyware removal Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 38.27% Memory free 3.78 Gb Paging File | 2.68 Gb Available in Paging File | 70.92% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.38 Gb Total Space | 146.38 Gb Free Space | 65.24% Space Free | Partition Type: NTFS Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 4.99% Space Free | Partition Type: FAT32 Drive E: | 697.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FAMILY Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/18 15:14:57 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware removal\OTL.exe PRC - [2009/09/21 16:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/09/15 03:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/06/05 08:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/04/24 04:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009/04/24 04:57:28 | 00,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2009/01/05 20:50:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/10/02 09:23:16 | 00,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2008/09/16 10:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2008/09/01 08:46:14 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe PRC - [2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/04/04 13:38:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2007/10/07 18:48:40 | 00,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2007/10/07 18:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2007/10/07 18:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2007/08/28 17:04:25 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe PRC - [2007/08/24 04:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007/07/26 17:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2007/06/30 08:11:39 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/05/29 14:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2007/05/29 14:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2007/05/29 14:33:22 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2007/05/08 13:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2007/02/05 13:40:46 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2007/01/31 12:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2007/01/01 14:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe PRC - [2006/11/03 16:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006/11/03 16:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe PRC - [2006/03/20 08:34:26 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe PRC - [2006/01/24 11:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2006/01/23 03:53:16 | 15,969,280 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2005/12/18 19:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005/11/11 14:11:12 | 00,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe PRC - [2005/11/11 14:11:04 | 01,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe PRC - [2005/11/11 14:10:00 | 00,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscUpdateMgr.exe PRC - [2005/11/11 14:10:00 | 00,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe PRC - [2005/11/01 03:01:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe PRC - [2005/08/26 19:14:44 | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe PRC - [2005/08/26 19:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe PRC - [2005/08/02 17:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE PRC - [2005/08/02 17:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe PRC - [2005/06/08 09:00:16 | 00,983,040 | ---- | M] (Premiere Radio Networks, Inc.) -- C:\Program Files\The Jungle Media Center\The Jungle Media Center.exe PRC - [2005/06/06 21:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe PRC - [2005/02/02 13:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [1998/05/07 02:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe ========== Win32 Services (SafeList) ========== SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2009/09/15 03:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009/09/15 03:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009/09/15 03:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2009/09/15 03:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009/06/05 08:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2009/04/30 14:42:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c9dc86a7cfa4 [Auto | Stopped]) SRV - [2009/04/30 14:41:48 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2009/04/24 04:57:30 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running]) SRV - [2009/02/08 12:35:14 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2009/01/05 20:50:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008/12/12 09:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008/09/16 10:03:18 | 00,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0 [Auto | Running]) SRV - [2008/09/01 08:46:14 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe -- (LicCtrlService [Auto | Running]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007/10/07 18:48:36 | 00,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped]) SRV - [2007/10/07 18:48:32 | 01,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running]) SRV - [2007/10/07 18:48:24 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running]) SRV - [2007/08/28 17:04:25 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) SRV - [2007/08/28 17:04:25 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) SRV - [2007/08/27 15:14:00 | 00,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped]) SRV - [2007/08/24 03:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2007/08/24 00:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2007/07/26 17:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running]) SRV - [2007/05/29 14:33:36 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running]) SRV - [2007/05/29 14:33:26 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running]) SRV - [2007/01/31 12:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) SRV - [2006/11/03 16:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running]) SRV - [2006/10/26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006/01/24 11:15:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2005/12/18 19:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running]) SRV - [2005/08/03 19:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped]) SRV - [2005/08/02 17:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running]) SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2004/08/09 20:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped]) SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://search.shareazaweb.com/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/04 13:39:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/05 20:50:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 17:13:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/17 17:13:10 | 00,000,000 | ---D | M] [2009/05/12 16:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions [2008/11/29 12:17:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/05/12 16:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Extensions\home2@tomtom.com [2009/10/18 09:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\4gxfrjj3.default\extensions [2009/09/25 01:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\4gxfrjj3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/05/02 18:35:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\4gxfrjj3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/05/02 18:35:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\4gxfrjj3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/10/17 17:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/10/17 17:13:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/02/07 18:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2007/11/25 14:35:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009/01/05 20:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/10/17 17:13:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/10/17 17:13:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007/04/30 13:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/01/05 20:50:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/10/17 17:13:07 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 18:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/04 13:39:13 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/09/15 22:15:11 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/09/15 22:15:12 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/04 13:39:39 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2008/04/04 13:39:01 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009/10/08 05:50:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/10/08 05:50:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/10/08 05:50:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/10/08 05:50:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/10/08 05:50:00 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/10/08 05:50:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/10/08 05:50:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (343474 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.226 osguardpro.microsoft.com O1 - Hosts: 91.212.127.226 os-guardpro.com O1 - Hosts: 91.212.127.226 www.os-guardpro.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 11800 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\ARPWRMSG.EXE (Microsoft) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.) O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe File not found O4 - HKLM..\Run: [PCDrProfiler] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Start WingMan Profiler] File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [The Jim Rome Show] C:\Program Files\The Jungle Media Center\The Jungle Media Center.exe (Premiere Radio Networks, Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\lsp.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\lsp.dll () O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 98 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} http://www.playrealbaseball.com/include/la...BO_v1.1.0.0.cab (CLaunchRBO10 Object) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {519F3E3B-9086-11D4-8A03-00104B3858F3} https://ho6.anfcorp.com/UCAudioControl.cab (Lotus UC Player) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O16 - DPF: {E27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/20 08:30:28 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 07:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2005/01/25 23:03:09 | 00,000,078 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{e99e7620-0390-11de-bfd7-00173124cb39}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: MHN - C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009/10/18 08:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2009/10/18 08:45:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2009/10/18 13:28:53 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/10/18 09:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/10/16 11:44:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2009/10/16 11:44:05 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009/10/16 20:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\keevxe [2009/10/18 08:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan [2009/10/18 08:45:10 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2009/10/18 09:29:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/10/18 13:29:19 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/10/18 13:29:19 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/10/18 13:29:18 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/10/18 13:29:16 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/10/18 13:29:15 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/10/18 13:29:15 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/10/18 13:29:15 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/10/18 13:29:15 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/10/18 13:28:56 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/10/18 09:53:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/10/18 09:36:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Spyware removal [2009/10/18 09:29:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThisInstaller.exe [2009/10/18 08:45:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0203000.02C [2009/10/18 08:45:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS [2009/10/17 14:35:54 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe [2006/11/28 11:06:51 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2006/11/28 11:06:51 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys ========== Files - Modified Within 14 Days ========== [2009/10/18 14:50:14 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat [2009/10/18 14:42:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/10/18 14:05:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/10/18 13:47:50 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2009/10/18 13:42:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/10/18 13:40:50 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2009/10/18 13:34:50 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/18 13:32:53 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/18 13:32:10 | 00,000,601 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys [2009/10/18 13:32:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/18 13:31:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/18 13:31:34 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys [2009/10/18 13:29:37 | 03,175,122 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2009/10/18 13:29:19 | 00,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/18 13:29:15 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/18 10:00:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/18 09:29:31 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk [2009/10/18 09:29:01 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThisInstaller.exe [2009/10/18 08:53:43 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job [2009/10/18 08:45:16 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0203000.02C\isolate.ini [2009/10/18 02:13:05 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5A3F9053-C60A-48C6-A3B8-CEEDAF184E3A}.job [2009/10/17 17:12:23 | 00,343,474 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/10/17 14:45:35 | 00,343,474 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091017-171223.backup [2009/10/17 14:41:41 | 00,000,022 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sensible World of Soccer.zip [2009/10/17 14:36:48 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk [2009/10/17 14:35:54 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\Desktop\spybotsd162.exe [2009/10/16 21:06:12 | 00,000,022 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Premier Manager 3.zip [2009/10/16 20:55:56 | 00,000,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091017-144535.backup [2009/10/16 20:54:23 | 00,178,432 | ---- | M] () -- C:\WINDOWS\System32\lsp.dll [2009/10/16 11:45:15 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/10/16 11:37:29 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/16 09:58:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 03:11:50 | 00,524,592 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/16 03:11:50 | 00,458,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/16 03:11:50 | 00,076,144 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/16 03:07:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/10/13 15:42:40 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk ========== Files - No Company Name ========== [2009/10/18 14:50:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\settings.dat [2009/10/18 13:29:19 | 00,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/10/18 13:28:56 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/10/18 09:29:31 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk [2009/10/18 08:45:22 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job [2009/10/18 08:45:16 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0203000.02C\isolate.ini [2009/10/17 14:40:22 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sensible World of Soccer.zip [2009/10/17 14:36:48 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk [2009/10/16 21:05:31 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Premier Manager 3.zip [2009/10/16 20:54:23 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\lsp.dll [2009/10/16 11:45:15 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/07/04 10:25:38 | 00,037,900 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR [2009/01/22 08:18:13 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2009/01/22 08:07:08 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2009/01/22 08:07:08 | 00,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2008/11/10 15:19:27 | 00,009,933 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).CAL [2008/11/02 16:21:00 | 00,185,344 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2008/09/01 08:46:14 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll [2008/09/01 08:46:14 | 00,000,601 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys [2008/04/14 13:27:29 | 03,175,122 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db [2008/02/07 18:46:22 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/11/11 14:53:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI [2007/09/07 09:11:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2007/07/20 07:45:03 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini [2007/01/23 11:21:35 | 00,055,056 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT [2007/01/11 13:22:08 | 00,004,522 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/01/03 09:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/01/03 09:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/01/03 09:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/12/08 12:13:55 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\$_hpcst$.hpc [2006/11/18 20:16:36 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll [2006/10/29 05:49:41 | 00,000,486 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006/10/26 13:54:44 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/26 13:53:55 | 00,053,500 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log [2006/10/26 13:53:55 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2006/10/26 13:53:45 | 00,002,221 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log [2006/10/26 13:53:45 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2006/10/26 13:47:22 | 00,047,747 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log [2006/10/26 13:47:22 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2006/10/25 13:07:48 | 00,051,976 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/10/25 13:07:48 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat [2006/10/25 13:07:48 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini [2006/03/20 09:01:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/03/20 08:38:41 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006/03/20 08:33:35 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2006/03/20 08:33:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2006/03/20 08:31:03 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2006/03/20 08:28:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/03/20 08:18:09 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/03/20 08:16:45 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2006/03/20 08:02:19 | 00,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/03/20 08:01:21 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/03/20 07:57:45 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/03/20 07:57:45 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/03/20 07:57:45 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/03/20 07:57:45 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006/03/20 07:57:45 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006/03/20 07:57:45 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/03/20 07:57:44 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/03/20 07:56:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/03/20 07:37:44 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005/12/09 07:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/08/30 14:02:00 | 00,000,694 | ---- | C] () -- C:\WINDOWS\win.ini [2005/08/30 06:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2005/08/30 06:52:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2005/08/15 13:37:52 | 00,041,005 | ---- | C] () -- C:\WINDOWS\ucres_enu.dll [2005/08/05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/02 17:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll [2004/08/22 15:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2004/07/26 00:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== LOP Check ========== [2009/10/18 08:45:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/03/27 07:21:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009/09/15 22:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/08 08:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2006/03/20 08:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2006/03/20 08:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation [2009/02/21 12:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2009/02/08 16:20:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/06/10 13:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software [2006/03/20 08:30:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2008/06/29 18:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia [2006/10/26 13:54:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2009/10/18 08:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton [2009/10/18 08:45:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2009/01/22 08:07:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2006/03/20 07:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2006/10/25 13:32:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/05/12 16:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008/06/29 18:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia [2008/12/27 19:26:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser [2009/10/16 09:58:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/09 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/18 14:05:12 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2009/10/18 13:42:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2009/10/18 14:42:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2009/10/18 13:34:50 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/18 08:53:43 | 00,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for HP_Administrator.job [2009/10/18 13:32:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/18 02:13:05 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5A3F9053-C60A-48C6-A3B8-CEEDAF184E3A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2005/10/31 08:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe < %systemroot%\system32\eventlog.dll > [2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > < End of report > This post has been edited by Jimmycaps: Oct 18 2009, 04:23 PM |
 |
 
|
|
Oct 22 2009, 08:41 AM
Post
#2
|
|
 GeekU Teacher  Posts: 35,079 From: Dublin OS: XP |
hi
Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** |
|
|
|
|
Oct 22 2009, 08:38 PM
Post
#3
|
|
|
New Member Posts: 3 OS: xp |
Actually, for now the problem is fixed magically.
I went to my computer and my Symantec window popped up with four trojans on it and I clicked to remove them permanently. It then asked me to reboot. I did that and now the google search works perfectly. This is surprising because I did 3 full scans with Symantec, Malware, and Avast before and nothing came up. If I have further problems, I'll let you konw. |
|
|
|
|
Oct 23 2009, 07:20 AM
Post
#4
|
|
|
GeekU Teacher Posts: 35,079 From: Dublin OS: XP |
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
26 / 2,280 | 4th December 2008 - 06:37 PM iminfected started - last by Rorschach112 |
|||||
 |
2 / 386 | 16th December 2008 - 04:38 PM mark.goodin started - last by greyknight17 |
|||||
|
9 / 337 | 6th August 2009 - 10:02 AM Warhawk932 started - last by handhfan |
|||||
|
10 / 204 | 24th October 2009 - 11:48 PM Panchan started - last by heir |
|||||
|
Time is now: 21st November 2009 - 04:03 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising