Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have Trojan horse rootkit on my machine


  • Please log in to reply

#1
cathyl

cathyl

    New Member

  • Member
  • Pip
  • 1 posts
Hi there,

A few days ago my AVG kept popping up to say that I have Trojan horse rootkit's on my PC. I've tried to get rid of it using Unhackme and malwarebytes anti malware but no luck so far.

I've completed all the steps in your Malware-spyware-cleaning guide and please find below my logs.

I hope you can help

Many Thanks in advance

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:147855 Mo/Free:1539 Mo)
D:\ [Fixed] - FAT32 - (Total:4752 Mo/Free:1262 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

29/04/2009| 9:57

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\windows\system\hpsysdrv.exe
---------- C:\WINDOWS\system32\hphmon06.exe
---------- C:\HP\KBD\KBD.EXE
---------- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
---------- C:\WINDOWS\system32\keyhook.exe
---------- C:\WINDOWS\AGRSMMSG.exe
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe
---------- C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
---------- C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
---------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
---------- C:\WINDOWS\SOUNDMAN.EXE
---------- C:\WINDOWS\ALCWZRD.EXE
---------- C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\PROGRA~1\Yahoo!\browser\ycommon.exe
---------- C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\MSGTAG\MSGTAG.exe
---------- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
---------- C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
---------- C:\Program Files\Windows Live\Messenger\usnsvc.exe
---------- C:\Program Files\Glance\Glance.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\WINDOWS\system32\mrtMngr.EXE
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 29/04/2009| 9:58

----------------------\\ Scan completed at 9:58

OTListIt logfile created on: 29/04/2009 09:59:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.30 Mb Total Physical Memory | 215.63 Mb Available Physical Memory | 42.17% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 4000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.39 Gb Total Space | 121.51 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive D: | 4.64 Gb Total Space | 1.23 Gb Free Space | 26.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CATHYPC
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinRemote.exe (InterVideo Inc.)
PRC - C:\WINDOWS\system32\keyhook.exe (Silicon Integrated Systems Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\BT Yahoo! Help\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\TrayApplication.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Yahoo!\browser\ycommon.exe (Yahoo!, Inc.)
PRC - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\MSGTAG\MSGTAG.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe (Sunwisersoft Info., Inc.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe ()
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Glance\Glance.exe ()
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\mrtMngr.EXE (Marimba Inc.)
PRC - C:\Documents and Settings\HP_Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (ANIWZCSdService [Auto | Stopped]) -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe ()
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MSSQLServerADHelper [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ANIO [Auto | Running]) -- C:\WINDOWS\system32\ANIO.SYS (Alpha Networks Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCMNTIO [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (Cap7134 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Cap7134.sys (asus)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (MAPMEM [Auto | Running]) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PhTVTune [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PhTVTune.sys (Philips Semiconductors)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rt2500usb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (RT73 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ()
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ()
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.click-comms.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.click-comms.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {82F4A1D2-B274-4A15-A934-B5904106E3A1}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/02/09 23:23:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{82F4A1D2-B274-4A15-A934-B5904106E3A1}: C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\APPLICATION DATA\{82F4A1D2-B274-4A15-A934-B5904106E3A1} [2009/04/23 10:07:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/27 14:33:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/26 06:40:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 14:34:19 | 00,000,000 | ---D | M]

[2008/06/21 12:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions
[2008/06/21 12:26:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/27 14:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\6juxr838.default\extensions
[2007/07/24 14:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\mozilla\Firefox\Profiles\6juxr838.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/27 14:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/07/16 12:51:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/22 11:50:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/27 14:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/22 11:50:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 11:50:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/30 11:29:46 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/03/30 11:29:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/30 11:29:46 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/03/30 11:29:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/30 11:29:46 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/03/30 11:29:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/30 11:29:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/30 11:29:46 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [APL] "C:\Program Files\ACT\ACT for Win 7\APL.exe" (Best Software)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" (InterVideo Inc.)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\BTYAHO~1\SMARTB~1\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" (InterVideo Inc.)
O4 - HKLM..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [HP_Owner] C:\Documents and Settings\HP_Owner\HP_Owner.exe /i File not found
O4 - HKCU..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp.)
O4 - HKCU..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup ()
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe (Sunwisersoft Info., Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Glance.lnk = C:\Program Files\Glance\Glance.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.n...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrad...raderMediaX.cab (TraderMediaImgX Control)
O16 - DPF: {55E515F7-0FA2-4610-874E-028107E766A3} http://app.dotmailer...webeditpro3.cab (eWebEditProLibCtl3.eWebEditPro)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} http://secure.sunter...ads/svideo3.cab (Surround Video V3.0 Control Object)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://billingsbourn...et/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O33 - MountPoints2\##clicknow-dc#CDROM\Shell - "" = AutoRun
O33 - MountPoints2\##clicknow-dc#CDROM\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##clicknow-dc#CDROM\Shell\AutoRun\command - "" = Z:\setup.EXE -- File not found
O33 - MountPoints2\##clicknow-dc#CDROM\Shell\configure\command - "" = Z:\setup.EXE -- File not found
O33 - MountPoints2\##clicknow-dc#CDROM\Shell\install\command - "" = Z:\setup.EXE -- File not found
O33 - MountPoints2\{d7f4394c-7abc-11d9-9e24-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f4394c-7abc-11d9-9e24-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/29 09:58:49 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\HP_Owner\Desktop\OTListIt2.exe
[2009/04/29 09:57:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/29 09:56:14 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\Rooter.exe
[2009/04/29 09:54:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/29 09:35:31 | 00,000,622 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\NTREGOPT.lnk
[2009/04/29 09:35:30 | 00,000,603 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\ERUNT.lnk
[2009/04/29 09:35:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/29 09:29:37 | 00,000,000 | ---D | C] -- C:\v Removal
[2009/04/28 11:25:26 | 00,101,824 | ---- | C] () -- C:\MGlogs.zip
[2009/04/28 11:25:22 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/04/28 11:24:51 | 01,340,797 | ---- | C] () -- C:\MGtools.exe
[2009/04/28 11:08:39 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/28 11:08:38 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13287.exe
[2009/04/28 10:56:28 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009/04/28 10:52:55 | 00,000,194 | ---- | C] () -- C:\Boot.bak
[2009/04/28 10:52:46 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/28 10:52:43 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/28 10:50:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/28 10:50:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/28 10:50:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/28 10:50:04 | 00,113,152 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/28 10:50:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/28 10:50:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/28 10:50:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/28 10:50:04 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/28 10:49:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/28 10:48:22 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/28 10:25:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_Owner\My Documents\majorgeeks
[2009/04/27 15:13:14 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\HP_Owner\Desktop\mb.exe
[2009/04/27 15:12:02 | 03,007,805 | R--- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\ComboFix.exe
[2009/04/27 14:59:57 | 53,620,3264 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/27 14:47:29 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/27 14:37:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/23 12:49:43 | 00,000,123 | ---- | C] () -- C:\WINDOWS\rootkitno.ini
[2009/04/23 11:46:58 | 00,000,000 | ---D | C] -- C:\RootkitNO
[2009/04/23 10:10:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/04/23 10:09:01 | 00,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2009/04/23 10:08:36 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HP_Owner\My Documents\RegRun2
[2009/04/23 10:08:26 | 00,000,641 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\UnHackMe.lnk
[2009/04/23 10:08:21 | 00,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2009/04/23 10:08:18 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2009/04/23 10:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{82F4A1D2-B274-4A15-A934-B5904106E3A1}
[2009/04/23 10:06:59 | 04,094,713 | ---- | C] () -- C:\DOCUME~1\HP_Owner\Desktop\unhackme.zip
[2009/04/15 13:59:57 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 13:59:57 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 13:59:56 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 13:59:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 13:59:55 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 13:59:55 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 13:59:54 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 13:59:54 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 13:59:53 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 13:59:08 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 13:59:07 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 13:59:07 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2007/09/06 09:20:33 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2007/06/20 17:43:51 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/06 12:58:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/10/01 17:41:45 | 00,001,734 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/01 17:41:45 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BF0EC72374.sys
[2006/03/21 17:25:08 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/16 17:44:06 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/15 14:30:25 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005/06/01 11:23:01 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2005/05/17 12:19:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2005/04/08 10:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2005/04/08 10:29:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2005/02/15 10:18:44 | 00,000,191 | ---- | C] () -- C:\WINDOWS\WinHlp32.ini
[2005/02/15 10:18:14 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\vba6.dll
[2005/02/09 21:40:25 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/02/09 19:15:40 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\wvjava.dll
[2005/02/09 18:49:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/08 15:44:38 | 00,007,912 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2004/06/29 06:58:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/02/27 18:10:30 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/01/02 09:03:28 | 00,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/02 09:03:10 | 00,001,118 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/02 09:03:09 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/02 08:06:15 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/02 06:50:22 | 00,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/02 06:50:22 | 00,100,528 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/02 04:18:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/02 04:17:53 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/02 04:17:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/02 04:13:13 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/02 04:12:02 | 00,025,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/02 04:11:27 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/02 03:56:54 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/01/02 03:56:54 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/01/02 03:56:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/01/02 03:56:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/01/02 03:56:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/01/02 03:56:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/01/02 03:22:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/02 03:11:58 | 00,131,072 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/01/02 03:11:58 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/02 02:36:58 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/02 02:36:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/02 02:36:42 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/02 02:19:39 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/06 23:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[1999/01/23 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/29 09:58:50 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\HP_Owner\Desktop\OTListIt2.exe
[2009/04/29 09:56:15 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\Rooter.exe
[2009/04/29 09:55:27 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/29 09:48:36 | 00,000,594 | ---- | M] () -- C:\DOCUME~1\HP_Owner\My Documents\My Sharing Folders.lnk
[2009/04/29 09:45:44 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/29 09:44:53 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/29 09:44:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/29 09:44:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/29 09:44:13 | 53,620,3264 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/29 09:35:31 | 00,000,622 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\NTREGOPT.lnk
[2009/04/29 09:35:30 | 00,000,603 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\ERUNT.lnk
[2009/04/29 09:30:06 | 35,538,614 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/29 09:30:06 | 00,042,380 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/28 11:27:11 | 00,101,824 | ---- | M] () -- C:\MGlogs.zip
[2009/04/28 11:24:52 | 01,340,797 | ---- | M] () -- C:\MGtools.exe
[2009/04/28 11:15:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/28 11:14:36 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009/04/28 11:14:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/28 11:08:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF13287.exe
[2009/04/28 11:08:19 | 03,007,805 | R--- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\ComboFix.exe
[2009/04/28 10:52:55 | 00,000,264 | RHS- | M] () -- C:\boot.ini
[2009/04/28 01:28:42 | 00,113,152 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 15:13:19 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\HP_Owner\Desktop\mb.exe
[2009/04/27 14:37:14 | 00,001,118 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/27 14:37:14 | 00,000,194 | ---- | M] () -- C:\Boot.bak
[2009/04/23 12:49:43 | 00,000,123 | ---- | M] () -- C:\WINDOWS\rootkitno.ini
[2009/04/23 10:09:01 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/23 10:09:01 | 00,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/04/23 10:09:01 | 00,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2009/04/23 10:08:26 | 00,000,641 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\UnHackMe.lnk
[2009/04/23 10:07:09 | 04,094,713 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\unhackme.zip
[2009/04/20 10:22:15 | 00,002,471 | ---- | M] () -- C:\DOCUME~1\HP_Owner\Desktop\Microsoft Excel.lnk
[2009/04/18 08:13:38 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/16 03:22:25 | 00,501,282 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 03:22:25 | 00,422,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 03:22:25 | 00,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/14 15:35:06 | 00,044,682 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2009/04/06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/04 20:39:48 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
< End of report >


OTListIt Extras logfile created on: 29/04/2009 09:59:19 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.30 Mb Total Physical Memory | 215.63 Mb Available Physical Memory | 42.17% Memory free
1.22 Gb Paging File | 0.71 Gb Available in Paging File | 58.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 4000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.39 Gb Total Space | 121.51 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive D: | 4.64 Gb Total Space | 1.23 Gb Free Space | 26.55% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CATHYPC
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\yahoo!\messenger\ypager.exe:*:Enabled:Yahoo! Messenger ()
C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL File not found
C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger ()
C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe File not found
C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home File not found
C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing (Microsoft Corporation)
C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft Fax Console (Microsoft Corporation)
C:\Program Files\ACT\ACT for Win 7\Act7.exe:*:Disabled:ACT! 7.x/2005 (Best Software)
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe File not found
C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ENABLE (Malwarebytes Corporation)
C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe:*:Enabled:ENABLE (Malwarebytes Corporation)
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe:*:Enabled:ENABLE ()
C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:ENABLE (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgscanx.exe:*:Enabled:ENABLE (AVG Technologies CZ, s.r.o.)
C:\WINDOWS\system32\ssflwbox.scr:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\Common Files\System\Mapi\1033\NT\MAPISP32.EXE:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ENABLE (Mozilla Corporation)
C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\UnHackMe\reanimator.exe:*:Enabled:ENABLE (Greatis Software)
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe:*:Enabled:ENABLE File not found
C:\WINDOWS\system32\keyhook.exe:*:Enabled:ENABLE (Silicon Integrated Systems Corporation)
C:\WINDOWS\AGRSMMSG.exe:*:Enabled:ENABLE (Agere Systems)
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe:*:Enabled:ENABLE (ATI Technologies, Inc.)
C:\Program Files\BT Yahoo! Help\SmartBridge\MotiveSB.exe:*:Enabled:ENABLE (Motive Communications, Inc.)
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe:*:Enabled:ENABLE (Nokia Mobile Phones Ltd.)
C:\Program Files\Nokia\Nokia PC Suite 6\TrayApplication.exe:*:Enabled:ENABLE ()
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe:*:Enabled:ENABLE (Microsoft® Corporation)
C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ENABLE (Realtek Semiconductor Corp.)
C:\WINDOWS\ALCWZRD.EXE:*:Enabled:ENABLE (RealTek Semicoductor Corp.)
C:\WINDOWS\ALCMTR.EXE:*:Enabled:ENABLE (Realtek Semiconductor Corp.)
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe:*:Enabled:ENABLE (Nokia.)
C:\Program Files\Yahoo!\browser\ybrwicon.exe:*:Enabled:ENABLE (Yahoo!, Inc.)
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe:*:Enabled:ENABLE (Adobe Systems Incorporated)
C:\Program Files\Yahoo!\browser\ycommon.exe:*:Enabled:ENABLE (Yahoo!, Inc.)
C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:ENABLE (AVG Technologies CZ, s.r.o.)
C:\Program Files\QuickTime\QTTask.exe:*:Enabled:ENABLE (Apple Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ENABLE (Sun Microsystems, Inc.)
C:\Program Files\Help and Support Additions\Pavilion\XPHWWBF4\plugin\bin\pchbutton.exe:*:Enabled:ENABLE (Motive Communications, Inc.)
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe:*:Enabled:ENABLE ()
C:\Program Files\MSGTAG\MSGTAG.exe:*:Enabled:ENABLE ()
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:ENABLE (SUPERAntiSpyware.com)
C:\Program Files\UnHackMe\hackmon.exe:*:Enabled:ENABLE (Greatis Software)
C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:ENABLE (Skype Technologies)
C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe:*:Enabled:ENABLE (Sunwisersoft Info., Inc.)
C:\Program Files\Glance\Glance.exe:*:Enabled:ENABLE ()
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:ENABLE (Hewlett-Packard Co.)
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe:*:Enabled:ENABLE ()
C:\WINDOWS\system32\mrtMngr.EXE:*:Enabled:ENABLE (Marimba Inc.)
C:\Program Files\AVG\AVG8\avgcsrvx.exe:*:Enabled:ENABLE (AVG Technologies CZ, s.r.o.)
C:\WINDOWS\system32\netsh.exe:*:Enabled:ENABLE (Microsoft Corporation)
C:\Program Files\UnHackMe\UnHackMe.exe:*:Enabled:ENABLE (Greatis Software)
C:\WINDOWS\system32\hphmon06.exe:*:Enabled:ENABLE (Hewlett-Packard)
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe:*:Enabled:ENABLE (InterVideo Inc.)
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe:*:Enabled:ENABLE (InterVideo Inc.)
C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ENABLE ()
C:\windows\system\hpsysdrv.exe:*:Enabled:ENABLE (Hewlett-Packard Company)
C:\HP\KBD\KBD.EXE:*:Enabled:ENABLE (Hewlett-Packard Company)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:ENABLE (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{045A0044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard - WE 2004
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D643CD2-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{6926D1B2-4B5B-4693-A5FF-2FA7F32395F0}" = ACT!
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E149-54BA-11D6-91B1-00500462BE80}" = Microsoft Money System Pack
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks 2001 Pro
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A20EF228-8545-45D8-8E2E-6D067948727E}" = Digimax Viewer 1.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Standard 9
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{EBBC0077-C104-4B85-B02A-BF252318C06F}" = Glance
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.0
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Yahoo! Help
"CCleaner" = CCleaner (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"InstallShield_{6926D1B2-4B5B-4693-A5FF-2FA7F32395F0}" = ACT! ® 2005
"InstallShield_{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSGTAG_is1" = MSGTAG
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Photo Standard 9
"PLATINUM WorldView for Internet Explorer" = PLATINUM WorldView for Internet Explorer
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SiS VGA Driver" = SiS VGA Utilities
"Skype_is1" = eBay UK - Skype 3.1
"UnHackMe_is1" = UnHackMe 5.00 release
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/04/2009 07:22:56 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 27/04/2009 09:08:55 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 27/04/2009 09:33:58 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 27/04/2009 10:07:03 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 28/04/2009 05:23:06 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 43.1.5.0, faulting module
unknown, version 0.0.0.0, fault address 0x7ca28c56.

Error - 28/04/2009 06:08:58 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 28/04/2009 06:15:30 | Computer Name = CATHYPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8001010D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 28/04/2009 06:23:12 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 28/04/2009 06:34:58 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

Error - 29/04/2009 04:51:41 | Computer Name = CATHYPC | Source = Application Error | ID = 1000
Description = Faulting application qbdagent2001.exe, version 9.0.0.0, faulting module
mrtproc.dll, version 1.10.0.0, fault address 0x00001d9d.

[ System Events ]
Error - 27/04/2009 09:58:41 | Computer Name = CATHYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 27/04/2009 09:58:56 | Computer Name = CATHYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 27/04/2009 09:59:11 | Computer Name = CATHYPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 27/04/2009 17:53:16 | Computer Name = CATHYPC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'sqlite_j0csxddA2szzW8O' on the volume 'HarddiskVolume2'.
It has stopped monitoring the volume.

Error - 28/04/2009 05:05:50 | Computer Name = CATHYPC | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 28/04/2009 05:39:31 | Computer Name = CATHYPC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 28/04/2009 05:39:46 | Computer Name = CATHYPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SISAGP viaagp1

Error - 28/04/2009 06:05:11 | Computer Name = CATHYPC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 8059fed7, parameter3
ed1cbcac, parameter4 00000000.

Error - 28/04/2009 06:19:41 | Computer Name = CATHYPC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 8059fed7, parameter3
ec18ccac, parameter4 00000000.

Error - 28/04/2009 06:31:22 | Computer Name = CATHYPC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 8059fed7, parameter3
ec85ecac, parameter4 00000000.


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP