[andycake]

Hi

I hope some one can help me.

Over the last few days I have noticed Google redirecting searches. Going directly to my favourites works fine. Overnight, Norton 360 instructed me that I needed help to manually remove a Trojan Horse. Duly went to their website but don't feel I want to follow their instructions.

I am also unable to run MBAM, Kaspersky Online Scanner and even Hijackthis.

The computer seems to be working fine apart from this.

Thanks
Andrew

Edited by andycake, 18 June 2009 - 01:25 PM.

[Advertisements]

Hi

After reading a post with a similar problem to mine, I have run a rooter scan and OTL scan, details below:


Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
32_bits - x86 Family 15 Model 3 Stepping 4, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:185389 Mo - Free:33756 Mo )
D:\ [Fixed-FAT32] .. ( Total:5371 Mo - Free:965 Mo )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Fixed-FAT32] .. ( Total:238414 Mo - Free:52162 Mo )
H:\ [CD_Rom]
I:\ [CD_Rom]
L:\ [Fixed-NTFS] .. ( Total:305242 Mo - Free:25443 Mo )
N:\ [Fixed-NTFS] .. ( Total:152625 Mo - Free:12744 Mo )
O:\ [Removable]
V:\ [Network] .. ( Total:0 Mo - Free:0 Mo )
W:\ [Removable]
X:\ [Removable]
Y:\ [Removable]
Z:\ [Removable]
¨
Scan : 15:09.01
Path : O:\Rooter.exe
User : Administrator ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (904)
______ \??\C:\WINDOWS\system32\csrss.exe (968)
______ \??\C:\WINDOWS\system32\winlogon.exe (992)
______ C:\WINDOWS\system32\services.exe (1040)
______ C:\WINDOWS\system32\lsass.exe (1056)
______ C:\WINDOWS\System32\Ati2evxx.exe (1236)
______ C:\WINDOWS\system32\svchost.exe (1252)
______ C:\WINDOWS\system32\svchost.exe (1320)
______ C:\WINDOWS\System32\svchost.exe (1356)
______ C:\WINDOWS\system32\svchost.exe (1580)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1676)
______ C:\WINDOWS\system32\spoolsv.exe (352)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (276)
______ C:\WINDOWS\System32\bgsvcgen.exe (1536)
______ C:\Program Files\Bonjour\mDNSResponder.exe (416)
______ C:\WINDOWS\System32\drivers\CDAC11BA.EXE (604)
______ C:\WINDOWS\System32\CTSvcCDA.EXE (632)
______ C:\WINDOWS\ehome\ehSched.exe (748)
______ C:\Program Files\iolo\common\lib\ioloServiceManager.exe (944)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2020)
______ C:\Program Files\Kontiki\KService.exe (236)
______ C:\WINDOWS\System32\svchost.exe (596)
______ C:\WINDOWS\System32\svchost.exe (964)
______ C:\WINDOWS\System32\svchost.exe (1588)
______ C:\WINDOWS\System32\wdfmgr.exe (2164)
______ C:\WINDOWS\System32\UAService7.exe (2232)
______ C:\WINDOWS\System32\MsPMSPSv.exe (2296)
______ C:\WINDOWS\System32\alg.exe (2612)
______ C:\WINDOWS\system32\Ati2evxx.exe (3016)
______ C:\WINDOWS\Explorer.EXE (2448)
______ C:\windows\system\hpsysdrv.exe (3284)
______ C:\WINDOWS\system32\ps2.exe (3360)
______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (3388)
______ C:\WINDOWS\system32\CTHELPER.EXE (3464)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (3584)
______ C:\WINDOWS\System32\svchost.exe (1876)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (4036)
______ C:\Program Files\PowerISO\PWRISOVM.EXE (1328)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2088)
______ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (1120)
______ C:\Program Files\QuickTime\qttask.exe (1852)
______ C:\Program Files\iTunes\iTunesHelper.exe (2812)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2904)
______ C:\WINDOWS\system32\ctfmon.exe (2924)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3264)
______ C:\PROGRA~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (3484)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1884)
______ C:\Program Files\MagicDisc\MagicDisc.exe (1496)
______ C:\WINDOWS\system32\svchost.exe (2616)
______ C:\Program Files\iPod\bin\iPodService.exe (2784)
______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3524)
______ C:\WINDOWS\system32\svchost.exe (668)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3332)
______ C:\Program Files\Java\jre6\bin\jucheck.exe (1460)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1396)
______ C:\PROGRA~1\Yahoo!\browser\ycommon.exe (2320)
______ O:\Rooter.exe (1776)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5643477504)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5643509760 | Length:194395299840)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 15:10.52
¨
C:\Rooter$\Rooter_1.txt - (12/06/2009 | 15:10.52)




OTL Extras logfile created on: 12/06/2009 15:12:17 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = O:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 32.97 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 50.94 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF
Drive L: | 298.09 Gb Total Space | 24.85 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 12.45 Gb Free Space | 8.35% Space Free | Partition Type: NTFS
Drive O: | 967.22 Mb Total Space | 575.23 Mb Free Space | 59.47% Space Free | Partition Type: FAT

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"35441:TCP" = 35441:TCP:*:Enabled:BitComet 35441 TCP
"35441:UDP" = 35441:UDP:*:Enabled:BitComet 35441 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\PROGRA~1\Yahoo!\MESSEN~2\YPAGER.EXE:*:Enabled:Yahoo! Messenger ()
C:\PROGRA~1\Yahoo!\MESSEN~2\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent (BitTorrent, Inc.)
C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program (Microsoft Corporation)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service (Kontiki Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Co.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify (Spotify AB)
C:\WINDOWS\explorer.exe:*:Enabled:explorer (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01546E14-7DE6-4F4B-962A-64DEDA5325C0}" = Sony Ericsson OCS
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23AE394C-63E9-4774-8E09-5F8C66A9FAFE}" = Easy CD & DVD Creator 6
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{2FF363D5-F0FC-47C1-ABB5-FB11845F474F}" = HP Image Zone for Media Center PC
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D49A2B7-04B3-451A-A1EF-3B0D3C297DD5}" = Sony Ericsson Mobile Phone Monitor
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43ED196F-AAC3-4981-A7E9-4423DD55FD77}_is1" = DAudioK 0.1.9 beta
"{44120EB1-EC80-41B1-A46F-6B8BD60F49E3}" = PC Suite
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{819509E2-9596-4BCF-9EFF-286E73252055}" = Symantec Real Time Storage Protection Component
"{83ED1E80-A1B7-4256-BCF1-AC4A88151A6B}" = Microsoft MapPoint Europe 2006
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{845AFAAF-3F2F-2F9B-4495-EBA3DFD186ED}" = TweetDeck
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DCDC0A8-2280-4F43-B290-465AFDC281BC}" = DVD-Cover Printmaster 1.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF2F7927-92AF-4F5D-8B93-658F63DF8727}" = PDF Manual NW-A10003000
"{C06F36B6-6D08-452A-BF41-29C5AAB7BE2E}" = Sony Ericsson Capability Manager
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}" = CONNECT Player Language Pack
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}" = CONNECT Player
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6C456557-97F3-42AD-A918-AD60B7BE0AC8_is1" = Revolt wfr
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Blaze Media Pro" = Blaze Media Pro
"BT Yahoo! Applications" = BT Yahoo! Applications
"BT Yahoo! Broadband Help Guides" = BT Yahoo! Broadband Help Guides
"CATraxx_is1" = CATraxx
"CD/DVD Jewel Case and Label Creator" = CD/DVD Jewel Case and Label Creator
"CdaC13Ba" = SafeCast Shared Components
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"CDRoller_is1" = CDRoller version 8.00
"Clean 5" = Clean 5
"Conexant" = HCF V9x Data Fax Voice USB Modem
"CONNECTAutoUpdate" = CONNECT Auto Update
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"coverXP" = coverXP (remove only)
"Creative Driver" = Creative Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
"D56C7EAB-BEE6-4D51-86CF-419FFC07FF11_is1" = iolo technologies' Search and Recover
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy CD Ripper_is1" = Easy CD Ripper 2.10
"EasyUse Interview Questions Generator" = EasyUse Interview Questions Generator
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR200 Reference Guide" = ESPR200 Reference Guide
"ESPR200 Software Guide" = ESPR200 Software Guide
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.1
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"FTP Commander" = FTP Commander
"GoldWave v5.08" = GoldWave v5.08
"GoldWave v5.16" = GoldWave v5.16
"HijackThis" = HijackThis 2.0.0
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Media Center PC Help" = HP Media Center PC Help
"HP Photo & Imaging" = HP Image Zone 3.5
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"IsoBuster_is1" = IsoBuster 1.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v4.9 (build 0144)" = Magic ISO Maker v4.9 (build 0144)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NoteBurner_is1" = NoteBurner 2.23
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Replay Media Catcher" = Replay Media Catcher
"SoundTap" = SoundTap Streaming Audio Recorder
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TotalRecorder" = Total Recorder 4.5
"TradersLittleHelper_is1" = Trader's Little Helper 1.1.1
"Video to audio_is1" = Video to audio 2.00
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WM Recorder 12.0" = WM Recorder 12.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Router" = Router
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2009 09:21:59 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/06/2009 02:50:48 | Computer Name = HOME | Source = comHost | ID = 65535
Description =

Error - 12/06/2009 02:51:43 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application ehrec.exe, version 5.1.2600.2180, faulting module
ehrec.exe, version 5.1.2600.2180, fault address 0x00009c08.

Error - 12/06/2009 02:56:33 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Faulting application ehrec.exe, version 5.1.2600.2180, faulting module
ehrec.exe, version 5.1.2600.2180, fault address 0x00009c08.

Error - 12/06/2009 03:31:31 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 03:34:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:22:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:28:11 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:45:50 | Computer Name = HOME | Source = comHost | ID = 65535
Description =

Error - 12/06/2009 05:23:20 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server returned an invalid or unrecognized response

[ ODiag Events ]
Error - 18/03/2009 12:06:07 | Computer Name = HOME | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 01/05/2009 09:23:31 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 176 seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:39 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:44 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:51 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:27:05 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:27:40 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/06/2009 04:44:19 | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 12/06/2009 04:46:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The COM Host service terminated with the following error: %%2147549183

Error - 12/06/2009 04:47:27 | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 12/06/2009 04:55:19 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 05:28:18 | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'DP(1)0x7e00-0x3a388a8400+f'. It has
stopped monitoring the volume.

Error - 12/06/2009 06:01:32 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 07:01:35 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 08:13:29 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 09:26:06 | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'DP(1)0x7e00-0x15060a200+1'. It has
stopped monitoring the volume.

Error - 12/06/2009 09:49:18 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.


< End of report >



OTL logfile created on: 12/06/2009 15:12:16 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = O:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 32.97 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 50.94 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF
Drive L: | 298.09 Gb Total Space | 24.85 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 12.45 Gb Free Space | 8.35% Space Free | Partition Type: NTFS
Drive O: | 967.22 Mb Total Space | 575.23 Mb Free Space | 59.47% Space Free | Partition Type: FAT

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\WINDOWS\System32\CTSvcCDA.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\UAService7.exe (Sony DADC Austria AG.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP Media Center Help\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - O:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (bgsvcgen [Auto | Running]) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTSvcCDA.EXE (Creative Technology Ltd)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Sony SCSI Helper Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (UserAccess7 [Auto | Running]) -- C:\WINDOWS\System32\UAService7.exe (Sony DADC Austria AG.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (alcan5ln [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcan5ln.sys (THOMSON)
DRV - (alcaudsl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BtAudio [On_Demand | Stopped]) -- .DS_Store ()
DRV - (BTDriver [On_Demand | Stopped]) -- .DS_Store ()
DRV - (BTWDNDIS [On_Demand | Stopped]) -- .DS_Store ()
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys (WIDCOMM, Inc.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (CdaD10BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Iviaspi [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090611.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090611.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NCHSSVAD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (ntcdrdrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys (NoteBurn Software)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ovt519 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (PCTINDIS5 [On_Demand | Stopped]) -- .DS_Store ()
DRV - (Pfc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (PRISM_A00 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PCTELSAP.SYS (PCTEL Inc.)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SaiHFF32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SaiHFF32.sys (Saitek)
DRV - (SaiIFF32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SaiIFF32.sys (Saitek)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SiSV.sys (Silicon Integrated Systems Corporation)
DRV - (sony_ssm.sys [On_Demand | Stopped]) -- .DS_Store ()
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STEC3 [Auto | Running]) -- C:\WINDOWS\System32\STEC3.sys (AntiCracking)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090610.001\symidsco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (Winacusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\winacusb.sys (Conexant)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/20 16:40:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/12/23 23:16:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 16:40:25 | 00,000,000 | ---D | M]

[2009/05/19 00:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions
[2008/11/24 16:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2008/11/24 15:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/24 16:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\[email protected]
[2009/05/20 16:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/29 19:26:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/01 22:23:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/20 16:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/06/02 00:09:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/06/01 22:23:50 | 00,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/06/01 22:23:51 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/06/01 22:23:51 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/06/01 22:23:51 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/06/01 22:23:52 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/05/31 20:28:57 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/05/31 20:28:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/05/31 20:28:57 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/05/31 20:28:57 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/05/31 20:28:57 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/05/31 20:28:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2008/11/24 20:36:11 | 00,000,000 | ---D | M]
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2008/11/24 20:36:11 | 00,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [PSP] - C:\WINDOWS\system32\lspisi.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab (webhelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{3452F251-0E14-442A-8E1A-8F6F8652D4DF}\\NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{65354124-1716-4FFB-8599-6958D04D39D2}\\NameServer = 85.255.112.142,85.255.112.187
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 20:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2006/06/21 16:34:42 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/12 15:10:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/12 13:32:00 | 00,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2009/06/12 13:32:00 | 00,015,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/12 13:32:00 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:10:59 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/06/12 11:09:18 | 00,001,446 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/06/12 10:43:07 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Invoice QU003 Quoba Aqualisa.doc
[2009/06/11 09:18:43 | 00,028,828 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\northsideagm.tif
[2009/06/09 20:09:25 | 00,000,000 | ---D | C] -- C:\ConverterOutput
[2009/06/07 05:34:17 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/03 18:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Xilisoft
[2009/05/22 18:18:47 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sandwiches.ppt
[2009/05/21 12:11:43 | 00,455,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ToolsCleaner2.exe
[2009/05/20 10:54:06 | 17,201,9414 | ---- | C] () -- C:\registrybackup.reg
[2009/05/14 12:25:57 | 01,467,392 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Product Orders Working Document 2009.xls
[2009/03/18 11:53:02 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/18 11:53:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/18 11:52:58 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/11/24 20:16:09 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/20 11:29:59 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2008/08/11 19:22:06 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/06/29 14:01:13 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/11 20:13:57 | 00,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0402.dll
[2008/04/11 20:13:57 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_11.dll
[2008/04/11 20:13:56 | 01,933,312 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32.Dll
[2008/04/11 20:13:56 | 00,008,704 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0C.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_10.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0A.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_07.dll
[2008/04/11 20:13:56 | 00,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_09.dll
[2007/11/06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/15 11:42:45 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/08/18 18:06:26 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/18 18:05:51 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/08/12 14:24:42 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2007/08/12 14:24:42 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2007/05/29 07:14:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2007/05/29 07:14:36 | 00,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[2007/05/28 12:47:27 | 00,002,202 | ---- | C] () -- C:\WINDOWS\System32\S3R521.dll
[2006/08/10 18:24:32 | 00,000,167 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/20 20:44:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/06 17:43:03 | 00,000,686 | ---- | C] () -- C:\WINDOWS\program.ini
[2006/05/06 17:41:40 | 00,070,144 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/06 17:41:40 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2006/05/06 17:41:40 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2006/05/06 17:41:40 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\VCEDIT.DLL
[2006/05/06 17:41:40 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/02/16 23:59:45 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2006/01/21 12:08:50 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/02 14:42:31 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/11/12 14:26:06 | 00,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/09 11:59:02 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2005/08/30 06:29:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/24 10:03:40 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/07/23 18:47:51 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/19 20:11:46 | 00,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2005/07/18 20:44:11 | 00,002,003 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2005/07/18 19:26:41 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2005/07/11 15:04:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/05/31 16:48:36 | 00,000,052 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/05/09 23:01:51 | 00,000,422 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005/01/19 05:18:52 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2004/12/22 18:00:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/11/17 23:34:49 | 00,000,618 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/19 22:48:25 | 00,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/10/19 21:06:57 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/10/19 21:03:31 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/10/05 23:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/09/15 20:43:29 | 00,001,080 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/09 21:25:36 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/09/09 19:11:16 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/08/30 20:29:24 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2004/08/30 17:55:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\DrvTrNTl.dll
[2004/08/29 18:01:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/29 18:01:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/29 18:01:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/29 18:01:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/29 18:01:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/29 18:01:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/29 18:00:31 | 00,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/29 18:00:29 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/05/20 16:50:14 | 01,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 20:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/13 20:02:58 | 00,014,658 | ---- | C] () -- C:\WINDOWS\System32\aud2_hp.ini
[2004/01/02 02:26:33 | 00,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/02 02:26:04 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/02 02:26:01 | 00,000,272 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/02 00:00:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 22:15:00 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/01 21:59:25 | 00,025,958 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/01 21:58:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/01 20:53:08 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 20:06:39 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 20:06:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 20:06:25 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 19:42:30 | 00,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 17:32:44 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/01 17:32:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/11/14 17:58:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/11/14 01:54:38 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/11/14 01:54:06 | 00,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/11/12 11:54:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/07 20:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/22 01:56:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/03/06 23:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2002/11/24 13:40:36 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[1999/01/23 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/12 15:00:00 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/06/12 15:00:00 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/12 13:32:00 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:10:59 | 00,001,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/06/12 10:43:08 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Invoice QU003 Quoba Aqualisa.doc
[2009/06/12 10:17:50 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/12 10:17:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/06/12 09:46:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/12 09:45:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 09:45:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/12 09:44:41 | 00,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/06/12 09:44:41 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/06/12 09:44:41 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2009/06/12 09:44:41 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2009/06/12 09:36:18 | 04,932,486 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20051102}.CDF
[2009/06/11 09:18:44 | 00,028,828 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\northsideagm.tif
[2009/06/08 19:53:12 | 00,000,000 | ---- | M] () -- C:\________
[2009/06/06 19:47:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 20:31:56 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Xilisoft DVD Ripper Ultimate 5.lnk
[2009/05/22 18:18:47 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sandwiches.ppt
[2009/05/21 12:11:49 | 00,455,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ToolsCleaner2.exe
[2009/05/20 17:10:25 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/20 10:54:57 | 17,201,9414 | ---- | M] () -- C:\registrybackup.reg
[2009/05/20 08:45:25 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vejedepi
[2009/05/18 17:17:39 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/18 17:17:39 | 00,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 12:26:14 | 01,467,392 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Product Orders Working Document 2009.xls
< End of report >

[andycake]

Hi

After reading a post with a similar problem to mine, I have run a rooter scan and OTL scan, details below:


Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
32_bits - x86 Family 15 Model 3 Stepping 4, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:185389 Mo - Free:33756 Mo )
D:\ [Fixed-FAT32] .. ( Total:5371 Mo - Free:965 Mo )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Fixed-FAT32] .. ( Total:238414 Mo - Free:52162 Mo )
H:\ [CD_Rom]
I:\ [CD_Rom]
L:\ [Fixed-NTFS] .. ( Total:305242 Mo - Free:25443 Mo )
N:\ [Fixed-NTFS] .. ( Total:152625 Mo - Free:12744 Mo )
O:\ [Removable]
V:\ [Network] .. ( Total:0 Mo - Free:0 Mo )
W:\ [Removable]
X:\ [Removable]
Y:\ [Removable]
Z:\ [Removable]
¨
Scan : 15:09.01
Path : O:\Rooter.exe
User : Administrator ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (904)
______ \??\C:\WINDOWS\system32\csrss.exe (968)
______ \??\C:\WINDOWS\system32\winlogon.exe (992)
______ C:\WINDOWS\system32\services.exe (1040)
______ C:\WINDOWS\system32\lsass.exe (1056)
______ C:\WINDOWS\System32\Ati2evxx.exe (1236)
______ C:\WINDOWS\system32\svchost.exe (1252)
______ C:\WINDOWS\system32\svchost.exe (1320)
______ C:\WINDOWS\System32\svchost.exe (1356)
______ C:\WINDOWS\system32\svchost.exe (1580)
______ C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (1676)
______ C:\WINDOWS\system32\spoolsv.exe (352)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (276)
______ C:\WINDOWS\System32\bgsvcgen.exe (1536)
______ C:\Program Files\Bonjour\mDNSResponder.exe (416)
______ C:\WINDOWS\System32\drivers\CDAC11BA.EXE (604)
______ C:\WINDOWS\System32\CTSvcCDA.EXE (632)
______ C:\WINDOWS\ehome\ehSched.exe (748)
______ C:\Program Files\iolo\common\lib\ioloServiceManager.exe (944)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2020)
______ C:\Program Files\Kontiki\KService.exe (236)
______ C:\WINDOWS\System32\svchost.exe (596)
______ C:\WINDOWS\System32\svchost.exe (964)
______ C:\WINDOWS\System32\svchost.exe (1588)
______ C:\WINDOWS\System32\wdfmgr.exe (2164)
______ C:\WINDOWS\System32\UAService7.exe (2232)
______ C:\WINDOWS\System32\MsPMSPSv.exe (2296)
______ C:\WINDOWS\System32\alg.exe (2612)
______ C:\WINDOWS\system32\Ati2evxx.exe (3016)
______ C:\WINDOWS\Explorer.EXE (2448)
______ C:\windows\system\hpsysdrv.exe (3284)
______ C:\WINDOWS\system32\ps2.exe (3360)
______ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (3388)
______ C:\WINDOWS\system32\CTHELPER.EXE (3464)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (3584)
______ C:\WINDOWS\System32\svchost.exe (1876)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (4036)
______ C:\Program Files\PowerISO\PWRISOVM.EXE (1328)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2088)
______ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (1120)
______ C:\Program Files\QuickTime\qttask.exe (1852)
______ C:\Program Files\iTunes\iTunesHelper.exe (2812)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2904)
______ C:\WINDOWS\system32\ctfmon.exe (2924)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3264)
______ C:\PROGRA~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (3484)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1884)
______ C:\Program Files\MagicDisc\MagicDisc.exe (1496)
______ C:\WINDOWS\system32\svchost.exe (2616)
______ C:\Program Files\iPod\bin\iPodService.exe (2784)
______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3524)
______ C:\WINDOWS\system32\svchost.exe (668)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3332)
______ C:\Program Files\Java\jre6\bin\jucheck.exe (1460)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (1396)
______ C:\PROGRA~1\Yahoo!\browser\ycommon.exe (2320)
______ O:\Rooter.exe (1776)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:5643477504)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5643509760 | Length:194395299840)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 15:10.52
¨
C:\Rooter$\Rooter_1.txt - (12/06/2009 | 15:10.52)




OTL Extras logfile created on: 12/06/2009 15:12:17 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = O:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 32.97 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 50.94 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF
Drive L: | 298.09 Gb Total Space | 24.85 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 12.45 Gb Free Space | 8.35% Space Free | Partition Type: NTFS
Drive O: | 967.22 Mb Total Space | 575.23 Mb Free Space | 59.47% Space Free | Partition Type: FAT

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"35441:TCP" = 35441:TCP:*:Enabled:BitComet 35441 TCP
"35441:UDP" = 35441:UDP:*:Enabled:BitComet 35441 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\PROGRA~1\Yahoo!\MESSEN~2\YPAGER.EXE:*:Enabled:Yahoo! Messenger ()
C:\PROGRA~1\Yahoo!\MESSEN~2\yserver.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:uTorrent (BitTorrent, Inc.)
C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program (Microsoft Corporation)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service (Kontiki Inc.)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Co.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify (Spotify AB)
C:\WINDOWS\explorer.exe:*:Enabled:explorer (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01546E14-7DE6-4F4B-962A-64DEDA5325C0}" = Sony Ericsson OCS
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23AE394C-63E9-4774-8E09-5F8C66A9FAFE}" = Easy CD & DVD Creator 6
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{2FF363D5-F0FC-47C1-ABB5-FB11845F474F}" = HP Image Zone for Media Center PC
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D49A2B7-04B3-451A-A1EF-3B0D3C297DD5}" = Sony Ericsson Mobile Phone Monitor
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43ED196F-AAC3-4981-A7E9-4423DD55FD77}_is1" = DAudioK 0.1.9 beta
"{44120EB1-EC80-41B1-A46F-6B8BD60F49E3}" = PC Suite
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4EAF566E-1712-433C-A1C2-7517845107CC}" = DVD Architect Pro 5.0
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{819509E2-9596-4BCF-9EFF-286E73252055}" = Symantec Real Time Storage Protection Component
"{83ED1E80-A1B7-4256-BCF1-AC4A88151A6B}" = Microsoft MapPoint Europe 2006
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{845AFAAF-3F2F-2F9B-4495-EBA3DFD186ED}" = TweetDeck
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D4942F1-D5EB-40A7-9D7B-07F8ED1B71E9}" = TMPGEnc DVD Author 3 with DivX Authoring
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{90AD8C11-ED4A-4AE7-BB70-7740C452C999}" = Visual J# .NET Redistributable Package
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DCDC0A8-2280-4F43-B290-465AFDC281BC}" = DVD-Cover Printmaster 1.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF2F7927-92AF-4F5D-8B93-658F63DF8727}" = PDF Manual NW-A10003000
"{C06F36B6-6D08-452A-BF41-29C5AAB7BE2E}" = Sony Ericsson Capability Manager
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D67B1C57-0E05-4F8C-9011-1C8BAE293782}" = Samsung PC Studio
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}" = CONNECT Player Language Pack
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}" = CONNECT Player
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"6C456557-97F3-42AD-A918-AD60B7BE0AC8_is1" = Revolt wfr
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Blaze Media Pro" = Blaze Media Pro
"BT Yahoo! Applications" = BT Yahoo! Applications
"BT Yahoo! Broadband Help Guides" = BT Yahoo! Broadband Help Guides
"CATraxx_is1" = CATraxx
"CD/DVD Jewel Case and Label Creator" = CD/DVD Jewel Case and Label Creator
"CdaC13Ba" = SafeCast Shared Components
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"CDRoller_is1" = CDRoller version 8.00
"Clean 5" = Clean 5
"Conexant" = HCF V9x Data Fax Voice USB Modem
"CONNECTAutoUpdate" = CONNECT Auto Update
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"coverXP" = coverXP (remove only)
"Creative Driver" = Creative Driver
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
"D56C7EAB-BEE6-4D51-86CF-419FFC07FF11_is1" = iolo technologies' Search and Recover
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Monkeys Audio Codec" = dBpoweramp Monkeys Audio Codec
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy CD Ripper_is1" = Easy CD Ripper 2.10
"EasyUse Interview Questions Generator" = EasyUse Interview Questions Generator
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR200 Reference Guide" = ESPR200 Reference Guide
"ESPR200 Software Guide" = ESPR200 Software Guide
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.6.1
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"FTP Commander" = FTP Commander
"GoldWave v5.08" = GoldWave v5.08
"GoldWave v5.16" = GoldWave v5.16
"HijackThis" = HijackThis 2.0.0
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Media Center PC Help" = HP Media Center PC Help
"HP Photo & Imaging" = HP Image Zone 3.5
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA}" = OpenMG Secure Module 4.3.00
"IsoBuster_is1" = IsoBuster 1.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic ISO Maker v4.9 (build 0144)" = Magic ISO Maker v4.9 (build 0144)
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"mkwACT" = mkw Audio Compression Toolkit
"Mozilla Firefox (2.0.0.4)" = Mozilla Firefox (2.0.0.4)
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NoteBurner_is1" = NoteBurner 2.23
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Replay Media Catcher" = Replay Media Catcher
"SoundTap" = SoundTap Streaming Audio Recorder
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"TotalRecorder" = Total Recorder 4.5
"TradersLittleHelper_is1" = Trader's Little Helper 1.1.1
"Video to audio_is1" = Video to audio 2.00
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WM Recorder 12.0" = WM Recorder 12.0
"Xilisoft DVD Ripper Ultimate 5" = Xilisoft DVD Ripper Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Router" = Router
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/06/2009 09:21:59 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 12/06/2009 02:50:48 | Computer Name = HOME | Source = comHost | ID = 65535
Description =

Error - 12/06/2009 02:51:43 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application ehrec.exe, version 5.1.2600.2180, faulting module
ehrec.exe, version 5.1.2600.2180, fault address 0x00009c08.

Error - 12/06/2009 02:56:33 | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Faulting application ehrec.exe, version 5.1.2600.2180, faulting module
ehrec.exe, version 5.1.2600.2180, fault address 0x00009c08.

Error - 12/06/2009 03:31:31 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 03:34:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:22:07 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:28:11 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/06/2009 04:45:50 | Computer Name = HOME | Source = comHost | ID = 65535
Description =

Error - 12/06/2009 05:23:20 | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server returned an invalid or unrecognized response

[ ODiag Events ]
Error - 18/03/2009 12:06:07 | Computer Name = HOME | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 01/05/2009 09:23:31 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 176 seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:39 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:44 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:26:51 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:27:05 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error - 01/05/2009 09:27:40 | Computer Name = HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/06/2009 04:44:19 | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 12/06/2009 04:46:02 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The COM Host service terminated with the following error: %%2147549183

Error - 12/06/2009 04:47:27 | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 12/06/2009 04:55:19 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 05:28:18 | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'DP(1)0x7e00-0x3a388a8400+f'. It has
stopped monitoring the volume.

Error - 12/06/2009 06:01:32 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 07:01:35 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 08:13:29 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.

Error - 12/06/2009 09:26:06 | Computer Name = HOME | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'DP(1)0x7e00-0x15060a200+1'. It has
stopped monitoring the volume.

Error - 12/06/2009 09:49:18 | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
SONY-VAIO that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3452F251-0E14-442A. The master browser is stopping or an election is
being forced.


< End of report >



OTL logfile created on: 12/06/2009 15:12:16 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = O:\
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.00% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.04 Gb Total Space | 32.97 Gb Free Space | 18.21% Space Free | Partition Type: NTFS
Drive D: | 5.25 Gb Total Space | 0.94 Gb Free Space | 17.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 50.94 Gb Free Space | 21.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 703.12 Mb Total Space | 703.12 Mb Free Space | 100.00% Space Free | Partition Type: CDUDF
Drive L: | 298.09 Gb Total Space | 24.85 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive N: | 149.05 Gb Total Space | 12.45 Gb Free Space | 8.35% Space Free | Partition Type: NTFS
Drive O: | 967.22 Mb Total Space | 575.23 Mb Free Space | 59.47% Space Free | Partition Type: FAT

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\WINDOWS\System32\CTSvcCDA.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\UAService7.exe (Sony DADC Austria AG.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\HP Media Center Help\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - O:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (bgsvcgen [Auto | Running]) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (C-DillaCdaC11BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTSvcCDA.EXE (Creative Technology Ltd)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KService [Auto | Running]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Sony SCSI Helper Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (SSScsiSV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\WINDOWS\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (UserAccess7 [Auto | Running]) -- C:\WINDOWS\System32\UAService7.exe (Sony DADC Austria AG.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp [Auto | Running]) -- C:\WINDOWS\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (YPCService [On_Demand | Stopped]) -- C:\WINDOWS\system32\YPcservice.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (alcan5ln [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcan5ln.sys (THOMSON)
DRV - (alcaudsl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BtAudio [On_Demand | Stopped]) -- .DS_Store ()
DRV - (BTDriver [On_Demand | Stopped]) -- .DS_Store ()
DRV - (BTWDNDIS [On_Demand | Stopped]) -- .DS_Store ()
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys (WIDCOMM, Inc.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (CdaC15BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS (Macrovision Europe Ltd)
DRV - (CdaD10BA [Auto | Running]) -- C:\WINDOWS\System32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hap16v2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (hcwPVRP2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\hcwPVRP2.sys (Hauppauge Computer Works, Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Iviaspi [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (mcdbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys (MagicISO, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090611.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090611.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NCHSSVAD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (ntcdrdrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys (NoteBurn Software)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys (Microsoft Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ovt519 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (PCTINDIS5 [On_Demand | Stopped]) -- .DS_Store ()
DRV - (Pfc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (PRISM_A00 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PCTELSAP.SYS (PCTEL Inc.)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SaiHFF32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SaiHFF32.sys (Saitek)
DRV - (SaiIFF32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SaiIFF32.sys (Saitek)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSV [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SiSV.sys (Silicon Integrated Systems Corporation)
DRV - (sony_ssm.sys [On_Demand | Stopped]) -- .DS_Store ()
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STEC3 [Auto | Running]) -- C:\WINDOWS\System32\STEC3.sys (AntiCracking)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090610.001\symidsco.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys (Roxio)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc.)
DRV - (Winacusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\winacusb.sys (Conexant)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/20 16:40:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/12/23 23:16:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.4\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 16:40:25 | 00,000,000 | ---D | M]

[2009/05/19 00:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions
[2008/11/24 16:05:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2008/11/24 15:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/24 16:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\mkwzfwu0.default\extensions\[email protected]
[2009/05/20 16:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/29 19:26:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/06/01 22:23:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/20 16:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2007/06/02 00:09:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/06/01 22:23:50 | 00,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/06/01 22:23:51 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/06/01 22:23:51 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/06/01 22:23:51 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/06/01 22:23:52 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/05/31 20:28:57 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/05/31 20:28:57 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/05/31 20:28:57 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/05/31 20:28:57 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/05/31 20:28:57 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/05/31 20:28:57 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe [2008/11/24 20:36:11 | 00,000,000 | ---D | M]
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe [2008/11/24 20:36:11 | 00,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PSDrvCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\PROGRA~1\HPMEDI~1\Pavilion\XPEWWBS4\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [PSP] - C:\WINDOWS\system32\lspisi.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yaho...mail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec....rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} http://ax.phobos.app.../ITDetector.cab (iTunesDetector Class)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab (webhelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{3452F251-0E14-442A-8E1A-8F6F8652D4DF}\\NameServer = 85.255.112.142,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{65354124-1716-4FFB-8599-6958D04D39D2}\\NameServer = 85.255.112.142,85.255.112.187
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 20:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2006/06/21 16:34:42 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/12 15:10:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/12 13:32:00 | 00,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys
[2009/06/12 13:32:00 | 00,015,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/12 13:32:00 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:10:59 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2009/06/12 11:09:18 | 00,001,446 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/06/12 10:43:07 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Invoice QU003 Quoba Aqualisa.doc
[2009/06/11 09:18:43 | 00,028,828 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\northsideagm.tif
[2009/06/09 20:09:25 | 00,000,000 | ---D | C] -- C:\ConverterOutput
[2009/06/07 05:34:17 | 00,000,274 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/03 18:31:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Xilisoft
[2009/05/22 18:18:47 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Sandwiches.ppt
[2009/05/21 12:11:43 | 00,455,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ToolsCleaner2.exe
[2009/05/20 10:54:06 | 17,201,9414 | ---- | C] () -- C:\registrybackup.reg
[2009/05/14 12:25:57 | 01,467,392 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Product Orders Working Document 2009.xls
[2009/03/18 11:53:02 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/18 11:53:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/18 11:52:58 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/11/24 20:16:09 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/20 11:29:59 | 00,000,053 | ---- | C] () -- C:\WINDOWS\REGKEYNT.INI
[2008/08/11 19:22:06 | 00,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/06/29 14:01:13 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/11 20:13:57 | 00,007,168 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0402.dll
[2008/04/11 20:13:57 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_11.dll
[2008/04/11 20:13:56 | 01,933,312 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32.Dll
[2008/04/11 20:13:56 | 00,008,704 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0C.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_10.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_0A.dll
[2008/04/11 20:13:56 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_07.dll
[2008/04/11 20:13:56 | 00,007,680 | R--- | C] () -- C:\WINDOWS\System32\SaiCFF32_09.dll
[2007/11/06 21:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/15 11:42:45 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/08/18 18:06:26 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/18 18:05:51 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2007/08/12 14:24:42 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2007/08/12 14:24:42 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2007/05/29 07:14:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2007/05/29 07:14:36 | 00,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[2007/05/28 12:47:27 | 00,002,202 | ---- | C] () -- C:\WINDOWS\System32\S3R521.dll
[2006/08/10 18:24:32 | 00,000,167 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/20 20:44:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/06 17:43:03 | 00,000,686 | ---- | C] () -- C:\WINDOWS\program.ini
[2006/05/06 17:41:40 | 00,070,144 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/06 17:41:40 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2006/05/06 17:41:40 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2006/05/06 17:41:40 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\VCEDIT.DLL
[2006/05/06 17:41:40 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/02/16 23:59:45 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2006/01/21 12:08:50 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/02 14:42:31 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/11/12 14:26:06 | 00,000,067 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/09/09 11:59:02 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2005/08/30 06:29:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/24 10:03:40 | 00,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/07/23 18:47:51 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/07/19 20:11:46 | 00,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2005/07/18 20:44:11 | 00,002,003 | ---- | C] () -- C:\WINDOWS\Payroll.INI
[2005/07/18 19:26:41 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2005/07/11 15:04:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2005/05/31 16:48:36 | 00,000,052 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2005/05/09 23:01:51 | 00,000,422 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005/01/19 05:18:52 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2004/12/22 18:00:38 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/11/17 23:34:49 | 00,000,618 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/19 22:48:25 | 00,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2004/10/19 21:06:57 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/10/19 21:03:31 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/10/05 23:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/09/15 20:43:29 | 00,001,080 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/09/09 21:25:36 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/09/09 19:11:16 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/08/30 20:29:24 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDER200Euro.ini
[2004/08/30 17:55:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\DrvTrNTl.dll
[2004/08/29 18:01:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/29 18:01:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/29 18:01:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/29 18:01:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/29 18:01:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/29 18:01:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/29 18:00:31 | 00,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/08/29 18:00:29 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/05/20 16:50:14 | 01,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/01 20:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/13 20:02:58 | 00,014,658 | ---- | C] () -- C:\WINDOWS\System32\aud2_hp.ini
[2004/01/02 02:26:33 | 00,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/02 02:26:04 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/02 02:26:01 | 00,000,272 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/02 00:00:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/01 22:15:00 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/01 21:59:25 | 00,025,958 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/01 21:58:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/01 20:53:08 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/01 20:06:39 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/01 20:06:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/01 20:06:25 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/01 19:42:30 | 00,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/01 17:32:44 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/01 17:32:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/11/14 17:58:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/11/14 01:54:38 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/11/14 01:54:06 | 00,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2003/11/12 11:54:00 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/07 20:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/22 01:56:12 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/03/06 23:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2002/11/24 13:40:36 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[1999/01/23 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/06/12 15:00:00 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/06/12 15:00:00 | 00,000,274 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/12 13:32:00 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/12 11:10:59 | 00,001,446 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/06/12 10:43:08 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Invoice QU003 Quoba Aqualisa.doc
[2009/06/12 10:17:50 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/12 10:17:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/06/12 09:46:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/12 09:45:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/12 09:45:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/12 09:44:41 | 00,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000004-00001102-00000004-20051102}.rfx
[2009/06/12 09:44:41 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/06/12 09:44:41 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/06/12 09:44:41 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2009/06/12 09:44:41 | 00,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000004-20051102}.dat
[2009/06/12 09:36:18 | 04,932,486 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000004-00001102-00000004-20051102}.CDF
[2009/06/11 09:18:44 | 00,028,828 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\northsideagm.tif
[2009/06/08 19:53:12 | 00,000,000 | ---- | M] () -- C:\________
[2009/06/06 19:47:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 20:31:56 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Xilisoft DVD Ripper Ultimate 5.lnk
[2009/05/22 18:18:47 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Sandwiches.ppt
[2009/05/21 12:11:49 | 00,455,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ToolsCleaner2.exe
[2009/05/20 17:10:25 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/20 10:54:57 | 17,201,9414 | ---- | M] () -- C:\registrybackup.reg
[2009/05/20 08:45:25 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vejedepi
[2009/05/18 17:17:39 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/18 17:17:39 | 00,000,272 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 12:26:14 | 01,467,392 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Product Orders Working Document 2009.xls
< End of report >

[andycake]

Please can someone help

Thanks in advance