Since then my cpu is running pretty slow, especially when I log onto my profile it takes like 2-3 minutes to "load my personal network."
I run avast free edition and regularly use ccleaner. I took the reccomended steps except the GMER scanner wouldn't work, also I tried scanning with Trend Micro online but the exe file wouldn't run. Here are the logs:
OTL logfile created on: 3/22/2010 9:13:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Dirk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.13 Gb Total Space | 13.67 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
Drive D: | 5.38 Gb Total Space | 0.69 Gb Free Space | 12.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP
Current User Name: Dirk
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
PRC - [2010/03/09 05:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/16 11:28:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/04/18 20:35:38 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 20:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/07 02:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/05 22:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/02/27 17:02:06 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/02/27 17:00:58 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/17 00:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2005/12/20 17:51:40 | 001,187,840 | ---- | M] () -- C:\WINDOWS\SMINST\Recguard.exe
PRC - [2005/08/31 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe
========== Modules (SafeList) ==========
MOD - [2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/02/26 04:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2006/12/04 10:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PCA)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/16 11:28:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/18 20:53:56 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/18 20:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 02:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/22 06:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlservr.exe -- (MSSQL$TRANSAMERICA)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe -- (MSSQL$ALZMOBILITY)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlagent.EXE -- (SQLAgent$TRANSAMERICA)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlagent.EXE -- (SQLAgent$ALZMOBILITY)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {031d3073-ff27-44d8-a805-a78e9664b53e}:1.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.6
FF - prefs.js..keyword.URL: "http://www.bing.com/...FORM=VE3D01&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/02/21 13:41:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/02/21 13:41:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 10:56:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/21 13:41:55 | 000,000,000 | ---D | M]
[2008/12/08 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Extensions
[2008/12/08 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Extensions\[email protected]
[2010/01/14 15:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions
[2009/12/03 15:32:54 | 000,000,000 | ---D | M] (AlphaTicker) -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\{031d3073-ff27-44d8-a805-a78e9664b53e}
[2009/08/29 13:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 15:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\[email protected]
[2009/12/16 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\[email protected]
[2009/08/06 10:55:50 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\searchplugins\bing.xml
[2008/12/16 10:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/11/20 16:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr...ads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://mt202.centra....raUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} http://www.j2kdvr.co...B/WebPlayer.cab (WebBackupPlayer Control)
O16 - DPF: {439AF17B-E5CF-41D4-963A-87F849576092} https://www.securian.../SOConfig32.cab (SOConfig Class)
O16 - DPF: {517049B1-E505-11D6-A0DA-00500484D146} https://www.lockwood...hirlPoolMPS.cab (Decline Class)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} http://www.j2kdvr.co.../RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1192418731812 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {82082E6E-1C85-11D5-9370-0002B30B243A} https://www.lockwood...h/pwcontrol.CAB (AARiskAnalyzer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {964448D5-2CE6-4B1D-87B2-E5C877D48674} https://www.lockwood...Wealth/WAPE.CAB (WAPE.CashFlowGraph)
O16 - DPF: {9C57F717-5659-4657-89B7-5BA6F0EB37E1} https://www.securian...tOfficeLink.cab (SmartBridge Class)
O16 - DPF: {B757DCF1-8CD9-4E0A-B96D-784AEFA6D55E} https://www.lockwood.../XActivator.cab (CObjectActivator Object)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CBB030D5-4C7C-4341-A132-5B5F42903C3D} https://clientconnec.../wordbinder.cab (WordBinder Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://securian.web...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 04:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/01 18:10:02 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/22 08:59:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454785745649664)
========== Files/Folders - Created Within 14 Days ==========
[2010/03/21 12:53:52 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/21 12:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/20 14:43:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dirk\Recent
[2010/03/16 09:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dirk\Local Settings\Application Data\Citrix
[2010/03/16 09:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/03/15 09:35:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/15 09:35:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 09:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/15 09:34:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/15 09:19:11 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
[2010/03/15 09:15:57 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\TFC.exe
[2010/03/14 11:15:24 | 000,344,064 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX4OLE11.OCX
[2010/03/14 11:15:23 | 000,661,504 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\TDBG5.OCX
[2010/03/14 11:15:23 | 000,659,456 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GRAPHS32.OCX
[2010/03/14 11:15:23 | 000,465,920 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSTABS32.OCX
[2010/03/14 11:15:23 | 000,324,600 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED20.OCX
[2010/03/14 11:15:23 | 000,323,584 | ---- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSTEXT32.OCX
[2010/03/14 11:15:23 | 000,237,568 | ---- | C] (SoftArtisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFILE.DLL
[2010/03/14 11:15:23 | 000,218,112 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSDOCK32.OCX
[2010/03/14 11:15:23 | 000,208,896 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_png.flt
[2010/03/14 11:15:23 | 000,172,032 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_jpg.flt
[2010/03/14 11:15:23 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_tif.flt
[2010/03/14 11:15:23 | 000,049,152 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_gif.flt
[2010/03/14 11:15:23 | 000,033,280 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_wmf.flt
[2010/03/14 11:15:23 | 000,030,720 | ---- | C] (DBS GmbH) -- C:\WINDOWS\System32\PGRUL.OCX
[2010/03/14 11:15:22 | 000,667,648 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSPROP32.DLL
[2010/03/14 11:15:22 | 000,495,616 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_PDF.DLL
[2010/03/14 11:15:22 | 000,348,160 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_DOC.DLL
[2010/03/14 11:15:22 | 000,339,968 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_OBJ.DLL
[2010/03/14 11:15:22 | 000,303,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_XML.DLL
[2010/03/14 11:15:22 | 000,294,912 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_CSS.DLL
[2010/03/14 11:15:22 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_RTF.DLL
[2010/03/14 11:15:22 | 000,208,896 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_HTM.DLL
[2010/03/14 11:15:22 | 000,122,880 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_TLS.DLL
[2010/03/14 11:15:22 | 000,102,400 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_IC.DLL
[2010/03/14 11:15:22 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_WND.DLL
[2010/03/14 11:15:22 | 000,049,152 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_bmp.flt
[2010/03/14 11:15:21 | 000,434,176 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSW32.EXE
[2010/03/14 11:15:21 | 000,253,952 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSWAG32.DLL
[2010/03/14 11:15:21 | 000,200,704 | ---- | C] (EllTech Development, Inc.) -- C:\WINDOWS\System32\CP5DLL32.DLL
[2010/03/14 11:15:21 | 000,167,936 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSWDLL32.DLL
[2010/03/14 11:15:21 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL
[2010/03/14 11:15:21 | 000,022,528 | ---- | C] (Blue Sky Software Corp.) -- C:\WINDOWS\System32\RHMMPLAY.DLL
[2009/09/01 14:04:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/01 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/12/19 11:50:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2008/08/29 10:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/05/24 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/10 12:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2008/05/10 12:03:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/10 12:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/06/22 12:06:46 | 000,010,240 | ---- | C] ( ) -- C:\Program Files\Common Files\JH_Killer.exe
========== Files - Modified Within 14 Days ==========
[2010/03/22 09:02:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Dirk\NTUSER.DAT
[2010/03/22 09:02:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/22 08:59:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 08:59:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 08:59:05 | 3623,276,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 08:58:01 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Dirk\NTUSER.bak
[2010/03/22 08:58:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dirk\ntuser.ini
[2010/03/20 19:41:07 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/03/19 23:59:50 | 000,000,551 | ---- | M] () -- C:\WINDOWS\RemoteWebInfo.INF
[2010/03/16 19:56:06 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices2.doc
[2010/03/16 16:27:09 | 000,784,960 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\IV01CS1008.pdf
[2010/03/16 16:23:11 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices.doc
[2010/03/16 09:13:43 | 000,402,060 | ---- | M] () -- C:\Documents and Settings\Dirk\My Documents\cc_20100316_091330.reg
[2010/03/15 15:08:46 | 003,553,035 | ---- | M] () -- C:\Documents and Settings\Dirk\My Documents\Backup-(2010-03-15).ipd
[2010/03/15 15:04:05 | 271,060,312 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\501_b049_multilanguage.exe
[2010/03/15 09:35:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/15 09:33:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\NTREGOPT.lnk
[2010/03/15 09:33:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\ERUNT.lnk
[2010/03/15 09:20:13 | 000,084,684 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Virus Instructions.pdf
[2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
[2010/03/15 09:15:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\TFC.exe
[2010/03/15 08:59:02 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/14 11:15:02 | 000,000,906 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 11:02:53 | 000,617,494 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 11:02:53 | 000,509,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 11:02:53 | 000,096,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 14:44:09 | 000,053,169 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Tire replace reciept.pdf
[2010/03/09 05:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 05:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 05:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 05:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 05:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
========== Files Created - No Company Name ==========
[2010/03/21 12:34:57 | 3623,276,544 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/21 12:02:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\gmer.exe
[2010/03/16 19:56:05 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices2.doc
[2010/03/16 16:27:05 | 000,784,960 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\IV01CS1008.pdf
[2010/03/16 09:13:34 | 000,402,060 | ---- | C] () -- C:\Documents and Settings\Dirk\My Documents\cc_20100316_091330.reg
[2010/03/15 23:36:15 | 000,000,551 | ---- | C] () -- C:\WINDOWS\RemoteWebInfo.INF
[2010/03/15 23:10:01 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices.doc
[2010/03/15 15:08:46 | 003,553,035 | ---- | C] () -- C:\Documents and Settings\Dirk\My Documents\Backup-(2010-03-15).ipd
[2010/03/15 15:03:57 | 271,060,312 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\501_b049_multilanguage.exe
[2010/03/15 09:35:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/15 09:33:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\NTREGOPT.lnk
[2010/03/15 09:33:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\ERUNT.lnk
[2010/03/15 09:20:11 | 000,084,684 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Virus Instructions.pdf
[2010/03/14 11:15:23 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\TX11.DLL
[2010/03/14 11:15:23 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\TX11_IC.INI
[2010/03/14 11:15:22 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13N.DLL
[2010/03/14 11:15:22 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/03/14 11:15:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/03/14 11:15:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WH2ROBO.DLL
[2010/03/13 14:44:07 | 000,053,169 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Tire replace reciept.pdf
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/22 09:44:37 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2008/12/19 11:50:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\ISP.INI
[2008/12/19 11:50:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SIEngine.INI
[2008/12/19 11:50:24 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Docobj.dll
[2008/12/19 11:50:21 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/12/08 12:15:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\fusioncache.dat
[2008/07/24 10:55:26 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 10:28:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\AtStart.txt
[2008/05/10 12:03:19 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2008/03/27 18:32:06 | 001,044,480 | ---- | C] () -- C:\WINDOWS\System32\SkinManager.dll
[2008/03/27 18:05:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\RemoteSocket.dll
[2008/02/27 10:50:28 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/06 14:49:35 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2007/10/22 09:22:20 | 000,005,244 | ---- | C] () -- C:\WINDOWS\System32\TX162011.DLL
[2007/10/22 09:22:09 | 000,012,154 | ---- | C] () -- C:\WINDOWS\System32\GS162011.DLL
[2007/10/15 15:40:38 | 000,000,982 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/15 00:06:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/10/15 00:06:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/10/14 23:58:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/14 23:58:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/14 23:58:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/14 23:58:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/14 23:58:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/14 23:58:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/14 23:56:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll
[2007/10/14 23:54:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/08 09:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006/09/20 02:45:34 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/27 16:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/01 04:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/12/09 10:14:40 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\msioq32.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/28 18:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
========== LOP Check ==========
[2010/01/31 13:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/12 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2009/12/01 17:53:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/01 18:10:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2007/10/14 23:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008/12/08 12:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JohnHancock
[2009/01/12 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leimberg
[2008/12/19 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetLife
[2007/10/17 09:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnesota Life
[2007/12/20 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/04/22 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transamerica
[2010/02/21 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/28 09:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/05 17:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Amazon
[2008/09/04 08:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Blackberry Desktop
[2008/11/14 09:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Centra
[2008/10/02 10:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/20 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\eM Client
[2008/12/21 19:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Foxit
[2008/07/19 10:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Infineon
[2010/02/12 14:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\IsolatedStorage
[2009/01/12 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Leimberg
[2009/01/14 12:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Liveoffice
[2008/12/19 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\MetLife
[2010/02/23 01:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Pershing
[2008/12/08 15:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Prism
[2008/08/27 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Research In Motion
[2008/11/18 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Saba
[2006/09/20 03:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\SampleView
[2008/07/20 09:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Smith Micro
[2009/01/08 10:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\SumatraPDF
[2008/12/20 17:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Thunderbird
[2009/09/01 13:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Windows Desktop Search
[2009/09/02 09:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Windows Search
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\I386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:AGP440.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\I386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:atapi.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\SwSetup\HDD\iastor.sys
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\WINDOWS\SMINST\RPFiles\MiniNT\System32\Drivers\iastor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2007/10/16 21:05:56 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004/08/07 00:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 00:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
< >
< End of report >
OTL Extras logfile created on: 3/22/2010 9:13:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Dirk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.13 Gb Total Space | 13.67 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
Drive D: | 5.38 Gb Total Space | 0.69 Gb Free Space | 12.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP
Current User Name: Dirk
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Minnesota Life\Harmony\illus.exe" = C:\Program Files\Minnesota Life\Harmony\illus.exe:*:Enabled:Harmony Illustrations Application -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Lincoln Financial Group\Lincoln DesignIt - Lincoln Financial Distributors\bin\DesktopController.exe" = C:\Program Files\Lincoln Financial Group\Lincoln DesignIt - Lincoln Financial Distributors\bin\DesktopController.exe:*:Enabled:Lincoln DesignIt Desktop -- (Lincoln Financial Group)
"C:\Fiserv Life Portraits\FipWebServer.exe" = C:\Fiserv Life Portraits\FipWebServer.exe:*:Enabled:FipWebServer -- (FIPSCO)
"C:\Program Files\LiveOffice\IMC Messenger\mtc.exe" = C:\Program Files\LiveOffice\IMC Messenger\mtc.exe:*:Enabled:IMC Meeting -- (Liveoffice Corp)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Dirk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Dirk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07E5F8FF-EA1C-1CBC-A7E4-27893B7C281D}" = Catalyst Control Center Localization Polish
"{09908B2B-C536-731B-5598-B113BC084ABC}" = Catalyst Control Center Graphics Full Existing
"{0CD37EDD-A8E8-A5FB-4F40-1EB45EA4AB2D}" = CCC Help Danish
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 08.6.5
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{116E1853-BB7C-C687-3467-37F671924292}" = Catalyst Control Center Localization Spanish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{126A97A2-D56E-324B-07D0-D09C939E675E}" = CCC Help German
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18649553-A2D8-3C4E-44B0-B8B387E19E66}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2460F42B-8315-FFE5-C895-F34C25298F8D}" = Skins
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 15
"{2ACC38C3-BF3C-4D41-BE50-44D993CDBF05}" = MetWINS
"{2D28AB6E-87C6-4CDE-AB20-79D6F78C5A28}" = HP User Guides 0021
"{2D69DEF9-3CEC-4980-9A8E-28276A385ABF}" = LPES Desktop - AVIVA USA
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31EDCBB1-22DF-7CE2-651F-1B70084B045B}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{33E26EA7-8EBA-0199-1682-B61491A06640}" = CCC Help Portuguese
"{3437885F-0A95-4C2C-AAEB-B6BFBDE7A31C}" = NetX360
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42311A03-EC26-4D23-F27C-F0F18B9BF92A}" = CCC Help Chinese Standard
"{4459FAA9-4313-12FE-75CC-E639E5EE805E}" = CCC Help Finnish
"{44AF704F-E94E-04D9-5601-CAAC23602E8A}" = CCC Help English
"{491A1587-7C4C-5D8A-6440-FF11E2C11AA2}" = Catalyst Control Center Localization Norwegian
"{49A98DB5-1EBE-F4A4-F938-B6896F6520FD}" = Catalyst Control Center Localization Thai
"{4B326775-476E-4856-8418-C74565BA174F}" = JH Illustrator Crystal Report net
"{4DFAB9CA-0168-042A-7004-43BF08C47017}" = CCC Help Thai
"{4E506833-6266-07AF-59E3-46B2970866F1}" = Catalyst Control Center Localization Chinese Traditional
"{5000DC20-6CF9-5000-AE08-500F40FE5000}" = JH Illustrator - John Hancock's Illustration System
"{5020DC20-6CF9-5020-AE09-502F40FE5020}" = JH Illustrator - John Hancock's Illustration System
"{50A8B257-F83A-37C0-7BAA-A9D94AA570A5}" = Catalyst Control Center Localization Turkish
"{522DAB8E-9ED2-4737-9557-E4DE8E7191F7}" = Windows Live Sync
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{55C98239-914A-46C1-B19D-83E90F7E00CC}" = Fingerprint Sensor Minimum Install
"{5646121C-36D4-FF4C-3FFB-C21F1B8050FE}" = CCC Help Chinese Traditional
"{589FC32F-0AC7-069C-1706-C1AF6D1ED2F1}" = Catalyst Control Center Localization Czech
"{594CEB81-AE2F-66F4-17D6-7A4CD49E3F62}" = CCC Help Russian
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63ED7A1D-6DED-1E09-290C-E49160DC7D56}" = Catalyst Control Center Localization Portuguese
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{674A8796-3464-4785-A245-9C759F5BEDDF}" = Catalyst Control Center Localization Finnish
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (TRANSAMERICA)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E6F4A80-B698-2FB1-3D73-A8F1C3D2AD0A}" = Catalyst Control Center Localization Japanese
"{71676F9D-5EC9-A413-AE93-CD9D0571EA5D}" = CCC Help Turkish
"{71FA95D1-AE8B-DBD8-A85B-D919F45FE9C0}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736278ED-A2F7-EFCE-04C6-E169F1979F3C}" = CCC Help Greek
"{746F4376-04A8-BA11-30F7-FF59E1BEF830}" = CCC Help Spanish
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}" = HP Broadband Wireless Modules
"{7869EC3D-E579-40F6-94BB-15D666FA5700}" = Transamerica Life Products Illustration System- TransWare
"{7F06FB3E-C21D-5BD9-E613-3BC824219A3C}" = CCC Help Norwegian
"{7F2DA597-5F9C-4D63-5E8B-010E3E8A1592}" = Catalyst Control Center Localization Italian
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82B1AC0A-004C-A393-C423-D13C20C9C4DB}" = CCC Help Japanese
"{84C88205-C97A-8697-7FEB-E4B5520525F6}" = CCC Help Dutch
"{858C52B5-33C9-3550-71BB-CB03A98A18AE}" = Catalyst Control Center Localization Hungarian
"{88E8B29D-5F57-9F86-076B-03DEDC353596}" = Catalyst Control Center Localization Dutch
"{899DDD05-3440-5C6D-8E85-20B6651C54ED}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FEACDA-6450-441D-A4F4-77B6A94B3BD2}" = Transamerica Life Products Illustration System TransWare Prerequisite
"{9598741E-CA95-BFE9-4B90-84D4EF9CD759}" = CCC Help French
"{962C52AD-2E43-2E98-F974-1C7405371E06}" = CCC Help Swedish
"{A0D167EF-163B-260E-6001-76627CC18F35}" = Catalyst Control Center Graphics Full New
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB418484-7892-6EF7-30F9-AD47C368B973}" = CCC Help Hungarian
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 Lite
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 G1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE92BC4A-A018-09BB-0D2A-882F0D5C4769}" = CCC Help Polish
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B256C753-09EB-40AA-B6CA-AC72F4D1B543}" = BlackBerry USB Drivers
"{B55C1C58-D28C-EEBE-78A7-2593C1675B50}" = ccc-core-static
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C5A2EFB8-2D96-D4FA-8243-CC3087DD4BE1}" = Catalyst Control Center Localization Greek
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5A879-9647-4A05-A366-29E6DBF0D868}" = Laser App Enterprise
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDC0B97-C98E-4449-A08F-B8AF3F4E29C8}" = Fingerprint Sensor Minimum Install
"{CD038E1D-1823-50AC-ACCC-AACBD04BC04B}" = Catalyst Control Center Localization Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D906FDC5-C96E-AAB2-2F82-241F180F6D75}" = Catalyst Control Center Core Implementation
"{D9835F86-E1A6-893A-63D4-64DF64D30771}" = Catalyst Control Center Localization Danish
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE01F047-C168-4C9A-F9C2-06C385383E92}" = CCC Help Czech
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E27FEFC6-E659-0B3F-8617-D2CC2A3B6B63}" = Catalyst Control Center Localization Swedish
"{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}" = HP Support Phone Numbers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2AA62A1-9E2D-828D-F113-627CCAC4D2D9}" = CCC Help Italian
"{F378039C-4330-19BF-F960-7F941211A725}" = Catalyst Control Center Localization French
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8599AC9-2F28-6C85-4BE2-FAA8B0722778}" = ccc-core-preinstall
"{FAE43BBC-3A2B-095D-E8E1-3C6E1F53EDD5}" = Catalyst Control Center Localization Russian
"{FAE4E0F4-AA19-148E-213E-F6C72F2B6625}" = ccc-utility
"{FF580DE1-02C0-4A46-869A-E1E4F6FB79F1}" = Google Desktop Plugin - leCalendar
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Multilife Processor (AMP)" = Advanced Multilife Processor (AMP)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CentraClient" = Centra Client
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ForeSight ULSG Wrapper" = ForeSight ULSG Wrapper
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ING Presents" = ING Presents
"InstallShield_{5000DC20-6CF9-5000-AE08-500F40FE5000}" = JH Illustrator - John Hancock's Illustration System
"InstallShield_{5020DC20-6CF9-5020-AE09-502F40FE5020}" = JH Illustrator - John Hancock's Illustration System
"InstallShield_{7869EC3D-E579-40F6-94BB-15D666FA5700}" = Transamerica Life Products Illustration System- TransWare
"InstallShield_{94FEACDA-6450-441D-A4F4-77B6A94B3BD2}" = Transamerica Life Products Illustration System TransWare Prerequisite
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Integrated Software Platform (ISP) System and Components" = Integrated Software Platform (ISP) System and Components
"Keir Practice Test_is1" = Keir Practice Test 2.04.49
"Kettley's Professional Advisor Series for 2009" = Kettley's Professional Advisor Series for 2009
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lincoln DesignIt - Lincoln Financial Distributors" = Lincoln DesignIt - Lincoln Financial Distributors
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NumberCruncher" = NumberCruncher
"PDF to JPG Converter" = PDF to JPG Converter 1.0
"PruSelect Products" = PruSelect Products
"QuickLink Mobile" = QuickLink Mobile
"State Death Tax Manager" = State Death Tax Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 08.6.5
"GoToMeeting" = GoToMeeting 4.5.0.452
"IMCMessenger" = IMC Messenger (remove only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 7/1/2008 12:09:30 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 8/3/2008 10:43:18 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 12/31/2008 1:50:46 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 2/11/2009 5:10:45 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 2/12/2009 6:08:39 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 4/7/2009 11:11:10 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
Error - 9/3/2009 10:11:02 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 3/4/2010 10:52:15 AM | Computer Name = HP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\SCANS\NEW FOLDER> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 3/4/2010 10:52:17 AM | Computer Name = HP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\SCANS\NEW FOLDER> in the hash map cannot be updated.
Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)
Error - 3/7/2010 12:35:20 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0000980f.
Error - 3/16/2010 5:26:41 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.
Error - 3/16/2010 5:26:52 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.
Error - 3/16/2010 5:27:12 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.
Error - 3/16/2010 5:27:27 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.
Error - 3/20/2010 4:02:33 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/20/2010 4:04:27 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/21/2010 1:04:15 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ Credential Manager Events ]
Error - 3/14/2009 11:56:16 AM | Computer Name = HP | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
Dirk@HP Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.
Error - 9/5/2009 9:57:15 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.
Error - 9/5/2009 9:57:25 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.
Error - 9/5/2009 9:57:36 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.
Error - 12/9/2009 1:19:35 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.
[ System Events ]
Error - 3/21/2010 1:20:06 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL
Error - 3/21/2010 1:22:52 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/21/2010 1:30:56 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 3/21/2010 1:34:08 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 3/21/2010 1:35:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3
Error - 3/21/2010 1:35:30 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL
Error - 3/22/2010 9:31:34 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3
Error - 3/22/2010 9:31:40 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL
Error - 3/22/2010 9:59:30 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3
Error - 3/22/2010 9:59:37 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL
< End of report >
Malwarebytes' Anti-Malware 1.44
Database version: 3870
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/15/2010 9:45:17 AM
mbam-log-2010-03-15 (09-45-17).txt
Scan type: Quick Scan
Objects scanned: 156907
Time elapsed: 5 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup\6_1_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.