My computer seems to be more sluggish then normal and keeps crashing
I also cannot run GMER – it crashed shortly after running. I get blue screen of death when running GMER. I tried to run it with just system checked, but still blue screen came up. It also comes up sometimes when I just try and run GMER.
I also cannot post the GeekstoGo from the computer. I am posting this from a different computer. The internet connection seems to be messed up.
Also, on starup, I get a RunDLL error that says "Error loading hphcp.dll
I ran Malwarebytes last night and it found several problems. I ran it again today and it said I was clean. Below are my logs.
Thank you very much for your time. I really appreciate your help and this website is very useful. THank you.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
8/4/2010 11:27:50 PM
mbam-log-2010-08-04 (23-27-50).txt
Scan type: Quick scan
Objects scanned: 122407
Time elapsed: 7 minute(s), 44 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
C:\Users\Mike\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e69fbf7-2b0b-4c2c-bf3f-26689a3caee8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e69fbf7-2b0b-4c2c-bf3f-26689a3caee8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7e69fbf7-2b0b-4c2c-bf3f-26689a3caee8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e69fbf7-2b0b-4c2c-bf3f-26689a3caee8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbioqmka (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rbioqmka (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vwivglif (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mebftpha (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lyuqoz (Trojan.Agent.U) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Mike\rbioqmka.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rbioqmka.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\hphcp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\mxrscwaeno.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\nktfiwlnv\pugyugatssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
C:\Users\Mike\AppData\Local\jyieirais\pbimxugtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\Temp\mcorxaswne.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Mike\AppData\Local\cnprxmig.dll (Trojan.Agent.U) -> Delete on reboot.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
8/5/2010 7:42:31 PM
mbam-log-2010-08-05 (19-42-31).txt
Scan type: Quick scan
Objects scanned: 121818
Time elapsed: 6 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL logfile created on: 8/5/2010 8:03:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mike\Desktop\Malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 172.20 Gb Free Space | 59.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.05 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 381.94 Gb Free Space | 41.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/05 19:27:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\Malware\OTL.exe
PRC - [2009/06/04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2009/06/04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2009/05/21 19:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
========== Modules (SafeList) ==========
MOD - [2010/08/05 19:27:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\Malware\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/06/28 12:51:54 | 000,161,032 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
MOD - [2007/06/28 12:51:52 | 000,070,920 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll
MOD - [2007/05/10 16:51:56 | 000,008,704 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTAGENT.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2010/08/04 21:42:56 | 000,019,456 | ---- | M] () [Auto | Running] -- C:\Windows\System32\msippsth.dll -- (TCPIP Pass-through Filter)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/23 14:13:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/06/28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP)
SRV - [2007/06/05 17:23:28 | 000,561,152 | ---- | M] (Lavasoft AB) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/05/11 17:32:22 | 000,142,112 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/06/04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2009/06/04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/05 12:33:10 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/16 22:51:12 | 000,019,376 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2007/11/26 14:47:44 | 000,021,832 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrSSweep.sys -- (wrssweep)
DRV - [2007/08/28 20:47:02 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2007/05/11 17:30:16 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/05/11 17:29:54 | 002,142,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/05/11 17:27:58 | 002,107,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/05/11 11:21:56 | 000,329,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/05/11 11:21:44 | 000,134,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/05/11 11:21:34 | 000,101,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/05/11 11:21:24 | 000,286,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/05/11 11:21:10 | 000,174,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/05/11 11:21:00 | 000,566,568 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/05/11 11:20:48 | 000,552,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/05/11 11:20:34 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/04/04 14:59:16 | 000,020,760 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2007/03/12 11:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/23 17:53:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 17:38:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 17:38:54 | 000,000,000 | ---D | M]
[2010/03/14 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2010/08/04 23:52:51 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\yqbkjjyb.default\extensions
[2010/03/14 21:22:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\yqbkjjyb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 11:21:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/08/05 19:14:43 | 000,001,728 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DAPHelper Class) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (moigh Object) - {89F05675-59DF-4889-A02E-631DF4563E08} - C:\Windows\System32\dphcp.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\dfwavn.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Windows\System32\dfwavn.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: beatport.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{767ec77a-780d-11df-b5b8-85ee6986c0e1}\Shell - "" = AutoRun
O33 - MountPoints2\{767ec77a-780d-11df-b5b8-85ee6986c0e1}\Shell\AutoRun\command - "" = L:\IronKey.exe -- File not found
O33 - MountPoints2\{d951099f-9fd7-11de-8075-9f2976387a57}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: TCPIP Pass-through Filter - C:\Windows\System32\msippsth.dll ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 90 Days ==========
[2010/08/05 19:33:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/05 19:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/05 19:25:24 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Malware
[2010/08/05 18:41:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/08/04 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\jyieirais
[2010/08/04 21:43:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\nktfiwlnv
[2010/07/02 11:38:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\music
[2010/06/14 20:49:26 | 000,000,000 | ---D | C] -- C:\temp
[2010/05/23 17:39:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\HpUpdate
[2010/05/23 17:39:03 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010/05/20 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\RECIPES
[2010/05/16 21:32:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/16 19:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/16 19:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/16 19:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/16 18:49:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\photoshop
[2010/05/16 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Invitations
[2010/05/16 17:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/05/16 17:08:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/16 17:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/05/16 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/16 17:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/05/16 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/05/16 17:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010/05/16 16:58:57 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\HP
[2010/05/16 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\HP
[2010/05/16 16:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/05/16 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/16 16:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/16 16:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/16 16:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/06/04 01:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[6 C:\Users\Mike\Documents\*.tmp files -> C:\Users\Mike\Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/08/05 20:06:02 | 000,783,360 | ---- | M] () -- C:\Windows\System32\drivers\onztf.sys
[2010/08/05 20:04:17 | 112,378,144 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/08/05 20:03:02 | 004,456,448 | -HS- | M] () -- C:\Users\Mike\NTUSER.DAT
[2010/08/05 20:02:06 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/08/05 20:02:03 | 000,010,160 | ---- | M] () -- C:\Users\Mike\Desktop\Problems.docx
[2010/08/05 19:55:28 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/05 19:55:28 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/05 19:55:28 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/05 19:50:01 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 19:50:01 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/05 19:49:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/05 19:49:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/05 19:49:25 | 450,686,443 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/05 19:47:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2597863466-2248848350-2507271428-1000UA.job
[2010/08/05 19:30:09 | 001,510,856 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/08/05 19:30:09 | 000,054,904 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
[2010/08/05 19:30:09 | 000,054,904 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
[2010/08/05 19:30:09 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000003-00001102-00000005-002C1102}.rfx
[2010/08/05 19:14:59 | 001,890,333 | -H-- | M] () -- C:\Users\Mike\AppData\Local\IconCache.db
[2010/08/05 18:34:25 | 000,188,928 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 23:47:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2597863466-2248848350-2507271428-1000Core.job
[2010/08/04 21:43:53 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/04 21:42:56 | 000,019,456 | ---- | M] () -- C:\Windows\System32\msippsth.dll
[2010/08/04 21:42:56 | 000,008,192 | ---- | M] () -- C:\Windows\System32\dfwavn.dll
[2010/07/29 11:36:52 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010/07/29 11:36:52 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010/07/18 14:36:06 | 000,010,185 | ---- | M] () -- C:\Users\Mike\Documents\French Toast.docx
[2010/07/16 00:18:18 | 000,246,784 | ---- | M] () -- C:\Windows\System32\dphcp.dll
[2010/07/15 19:29:37 | 000,051,200 | ---- | M] () -- C:\Users\Mike\Desktop\Mike Harrison's Resume w References 7.15.10.doc
[2010/07/07 18:38:28 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/09 22:46:30 | 000,011,610 | ---- | M] () -- C:\Users\Mike\Desktop\RCI Points Password.docx
[2010/06/09 11:39:31 | 003,725,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 11:21:17 | 000,001,710 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 11:21:17 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/23 17:54:02 | 000,023,111 | ---- | M] () -- C:\Windows\hpqins15.dat
[2010/05/19 23:01:33 | 000,008,234 | ---- | M] () -- C:\Users\Mike\Desktop\Philadelphia.xlsx
[2010/05/16 21:25:46 | 001,530,048 | ---- | M] () -- C:\Users\Mike\Desktop\Doc3.rtf
[2010/05/16 19:44:19 | 000,100,640 | ---- | M] () -- C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/16 18:45:13 | 1351,975,692 | ---- | M] () -- C:\Users\Mike\Desktop\Adobe Photoshop CS5 Extended Edition.exe
[2010/05/16 17:05:04 | 000,202,514 | ---- | M] () -- C:\Windows\hpoins41.dat
[2010/05/16 16:58:51 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010/05/16 16:52:45 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/05/16 16:52:07 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/05/16 16:51:26 | 000,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/16 16:50:33 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2010/05/13 21:24:08 | 000,030,720 | ---- | M] () -- C:\Users\Mike\Desktop\shower invite.doc
[6 C:\Users\Mike\Documents\*.tmp files -> C:\Users\Mike\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/05 20:02:02 | 000,010,160 | ---- | C] () -- C:\Users\Mike\Desktop\Problems.docx
[2010/08/05 19:49:25 | 450,686,443 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/04 21:43:41 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/04 21:43:29 | 000,783,360 | ---- | C] () -- C:\Windows\System32\drivers\onztf.sys
[2010/08/04 21:42:56 | 000,019,456 | ---- | C] () -- C:\Windows\System32\msippsth.dll
[2010/08/04 21:42:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\dfwavn.dll
[2010/07/18 14:36:06 | 000,010,185 | ---- | C] () -- C:\Users\Mike\Documents\French Toast.docx
[2010/07/16 00:18:18 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dphcp.dll
[2010/07/15 17:44:25 | 000,051,200 | ---- | C] () -- C:\Users\Mike\Desktop\Mike Harrison's Resume w References 7.15.10.doc
[2010/06/09 14:21:06 | 000,011,610 | ---- | C] () -- C:\Users\Mike\Desktop\RCI Points Password.docx
[2010/06/09 11:21:17 | 000,001,710 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/09 11:21:17 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/23 17:52:40 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/19 23:01:33 | 000,008,234 | ---- | C] () -- C:\Users\Mike\Desktop\Philadelphia.xlsx
[2010/05/16 21:25:46 | 001,530,048 | ---- | C] () -- C:\Users\Mike\Desktop\Doc3.rtf
[2010/05/16 17:58:42 | 1351,975,692 | ---- | C] () -- C:\Users\Mike\Desktop\Adobe Photoshop CS5 Extended Edition.exe
[2010/05/16 16:52:45 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2010/05/16 16:52:07 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2010/05/16 16:51:26 | 000,001,934 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/16 16:50:33 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Photo Gallery.lnk
[2010/05/16 16:42:07 | 000,001,636 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/16 16:42:06 | 000,202,514 | ---- | C] () -- C:\Windows\hpoins41.dat
[2010/05/13 21:24:08 | 000,030,720 | ---- | C] () -- C:\Users\Mike\Desktop\shower invite.doc
[2009/08/23 14:33:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/06/04 01:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/09/21 12:34:57 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/09/09 18:19:32 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2008/09/09 18:19:32 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/08 02:50:46 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2007/09/30 14:02:03 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2007/09/30 14:02:03 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2007/07/06 18:46:46 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2007/07/05 21:37:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/07/05 21:06:22 | 000,675,840 | ---- | C] () -- C:\Windows\SpeakerDMO.dll
[2007/07/05 21:06:22 | 000,381,003 | ---- | C] () -- C:\Windows\H264VDecHPDll.dll
[2007/07/05 21:06:22 | 000,110,592 | ---- | C] () -- C:\Windows\IVICPS.dll
[2007/07/05 21:06:22 | 000,090,112 | ---- | C] () -- C:\Windows\IVIIADVD.dll
[2007/07/05 21:06:21 | 000,671,744 | ---- | C] () -- C:\Windows\DSPDMO.dll
[2007/07/05 21:06:21 | 000,094,208 | ---- | C] () -- C:\Windows\G726Dec.dll
[2007/07/05 21:06:21 | 000,065,536 | ---- | C] () -- C:\Windows\dmcrypto.dll
[2007/07/05 21:06:20 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2007/07/05 19:01:49 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/07/05 19:01:49 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/07/05 19:01:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/07/05 19:01:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/07/05 19:01:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/07/05 19:01:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2007/05/10 16:53:22 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2007/05/09 20:35:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/03/25 11:38:45 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/12/04 01:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs2l3.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/10/04 23:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2004/12/20 14:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/20 14:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
========== LOP Check ==========
[2007/10/16 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\BeatportDownloader
[2010/05/16 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/28 20:53:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/07/05 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\InterVideo
[2008/08/26 07:59:32 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Juniper Networks
[2008/09/21 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\pdf995
[2010/01/23 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Smart Recorder
[2008/09/21 13:13:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\TaxCut
[2010/08/05 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\uTorrent
[2010/08/05 19:29:53 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/03/03 00:25:14 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/02/21 18:28:00 | 000,004,524 | RH-- | M] () -- C:\dell.sdr
[2007/02/28 22:08:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/25 22:25:33 | 017,252,353 | ---- | M] () -- C:\Johnny D-Tramodyssee (Original).mp3
[2007/02/28 22:08:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/05 19:49:25 | 3532,681,216 | -HS- | M] () -- C:\pagefile.sys
[2007/07/01 17:41:18 | 000,000,152 | ---- | M] () -- C:\YServer.txt
[2010/08/04 21:43:53 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/23 14:48:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/20 12:23:48 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpfpp70w.dll
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2006/09/18 01:57:22 | 000,019,456 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sugs2pc.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2009/11/23 13:56:00 | 000,001,674 | -H-- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2008/11/12 01:45:54 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AUOptions" = 5
"AutoInstallMinorUpdates" = 1
"NoAutoUpdate" = 0
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-09 15:24:38
< End of report >
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
OTL Extras logfile created on: 8/5/2010 8:03:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mike\Desktop\Malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 172.20 Gb Free Space | 59.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.05 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 381.94 Gb Free Space | 41.00% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MIKE-PC
Current User Name: Mike
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2597863466-2248848350-2507271428-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D208F5C-FA7C-40D4-91B2-FF13620DE54D}" = lport=138 | protocol=17 | dir=in | app=system |
"{169F232E-7A08-4840-B56B-D4E1FD4DBC6E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{24A95841-BAEC-4C08-A7F7-24AD9753B5F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A8AC35F-8238-4DED-836D-AD27E816E554}" = lport=445 | protocol=6 | dir=in | app=system |
"{304F39C5-E90C-4E97-B6BE-722256572910}" = rport=2869 | protocol=6 | dir=out | app=system |
"{3B38B9DF-7A74-4F98-88AF-22F5A51AB1F2}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B8F7D70-63C3-43CC-A0A0-C35DC522ACAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{595ABD30-5FD1-4502-84A4-36F09B895C36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68B2FD9C-FED4-4BB4-859B-9D0C0C92A26E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{78B7A249-FA97-4F16-800D-8A1FAA008CE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{85B5D8C9-E97F-47C1-91EC-731369EAFE52}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9A0C45C8-60FE-4495-A805-91C7EF8D0CD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EB36541-B606-43A0-AD56-0532B69FCAF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{A5ADE444-4118-4BB9-8714-B62D1FA84140}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6DD8C44-650C-495E-AD14-A79969EE1D99}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B0EE1761-A2DD-4551-8F44-D7A182275845}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CFEDF158-2CC7-4940-A932-3D39CB193809}" = lport=137 | protocol=17 | dir=in | app=system |
"{E58784B2-E323-4F4C-ACEE-28C78B28904F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9FE930B-D5CD-46C7-BD1D-A7C4D01D9511}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA7E6B0-A2A2-41FE-BC57-B7FE11292360}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DF09AF-D1AF-432A-8CD3-0981B46905CA}" = protocol=58 | dir=in | [email protected],-148 |
"{066B5809-8054-4A92-BF85-0A73C4886A08}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0D694E7B-A461-43C3-885A-3C023005402F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{18A045EA-D544-46B2-8672-1B52AB1649C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{18BA1CF8-978A-45A4-A0FA-04EA964F2CF2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1A15003D-C7B6-4958-B680-53AE429C43F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1C9DD189-8502-4AB0-8E0C-028A6FC2F400}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{21B9A2EF-5674-443C-9F8D-DF5CC6C6378B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{260E3CB0-C053-4500-908E-C455FFC5DF2B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{352871ED-EF4E-4D60-8E86-1E391F3BC1D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{375AE0E6-2009-4E02-8D8C-404DD6616113}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{379D7D4E-C540-46E9-9643-E2AFE8F53A98}" = protocol=58 | dir=in | [email protected],-28545 |
"{3A66CD45-1CF5-434F-9E93-8C09EFA19D34}" = protocol=1 | dir=out | [email protected],-28544 |
"{40C0A42D-6CF6-46D5-ADCC-885CB7C5F3BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{42AE9698-6F6C-42AE-B97C-0E558229FE82}" = protocol=58 | dir=out | [email protected],-28546 |
"{46690D13-F246-41CD-87C3-B23ACF852F0D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{611ED875-BD8B-4624-A94D-EE81CD472A69}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{66F40DBA-9243-4F59-AB17-4107D309A69A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{67A70396-8797-4996-979C-308F0AF81400}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{76A5C65A-811B-4378-AFFD-80325DBD050F}" = protocol=1 | dir=in | [email protected],-28543 |
"{774D627B-3B25-4087-B101-BB90EEB17BDD}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{77F89D26-B49A-44ED-83CD-5202EC055945}" = dir=in | app=e:\setup\hpznui01.exe |
"{7A4ADA25-B878-49D7-8352-606A7E241B8D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7D9DAB9F-BD48-4E12-85A3-86A4022FDDDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{80A96BE9-2913-499D-AF37-5F1698D60590}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E6B8871-2079-48F1-87F7-2BBC68F042CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{8F4BE970-473F-4684-86D8-FD52690BA479}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8FDEB36C-E7D9-450D-94B8-1D6CE51A7BEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9683E80C-442C-4FAB-AFD5-FEB50B508155}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{97D6D68D-B81B-455A-909F-1EAA3D385F1E}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AB04B050-FBDC-4486-842B-CF7B5A8D3A9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B4A3D0FB-44C1-4EE7-85BB-9D83EAB5B3E5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CA5D480B-975D-45E8-A539-EADD07AC34FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D0252C7B-CDAF-47A1-A51C-CF0CC18A7C35}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D72B9857-448D-4FFB-9E1E-76D3A5F257B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D95A4135-099A-4C45-9AED-9C892BB67EE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{DAC9BD17-F83B-4B0D-BE21-E6C7B34266C1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC0E880B-C172-47DF-8870-57C14C810259}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F8FB72EA-9CB1-40F4-B436-BC2CEFCCB710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{15ADDCC0-6EC6-4625-AC04-7B337939B5D9}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"TCP Query User{64732AA5-309C-45F2-84AB-6866B15A02E7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{86F88EF2-A287-4367-B6F9-AF45B0AF5261}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{874E6687-6A90-4C56-8E3B-BD0A02DE2E99}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{95269206-116C-4B33-83D0-0319E44CC7D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B5130B3F-9325-47EC-A6D9-279F3A67FB88}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"TCP Query User{BCD7D4C4-1102-4D76-A09A-34B10D9224FA}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{CF8D3ECE-2808-469C-AD6F-2650418A5F68}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{FFE54A6D-AFFF-4395-9257-481C128AF0B1}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{0B8ECA89-F3DA-4D51-AC06-5E7E27C2FF75}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{1D7B9933-A6EF-464D-9225-C2E594855A88}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3C38ABD7-96C5-48BB-AB8E-5BDFFF51BF50}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"UDP Query User{4E696E1A-828D-4D94-A920-FBE8C49445A1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{553E77DD-A8C4-4484-A4F7-32A0E657911A}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{6ADC4721-E1B2-4E56-8838-2574867950C3}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{7919E8E7-C886-4D9A-9182-3870AC15F9E4}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{8E5D48DE-16F7-413F-9515-2342BFAB9FF9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{9A4C2506-7474-43CF-BAD0-2E04ADA3C853}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{141154CC-B23D-40E0-8242-1A747CA9B482}" = Sid Meier's Railroads!
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62FC357F-022B-4F90-9376-7A0DF9FBE7A1}" = Sonic Foundry Sound Forge 6.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio Control Panel
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"Sid Meier's Pirates!" = Sid Meier's Pirates!
"Smart Recorder" = Creative Smart Recorder
"SysInfo" = Creative System Information
"TaxCut Premium 2006" = TaxCut Premium 2006
"WaveStudio 7" = Creative WaveStudio 7
"Window Washer" = Window Washer
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"JuniperSetupClient" = Juniper Networks Setup Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/11/2010 10:36:06 AM | Computer Name = Mike-PC | Source = Google Update | ID = 20
Description =
Error - 4/13/2010 3:52:11 AM | Computer Name = Mike-PC | Source = VSS | ID = 12293
Description =
Error - 4/13/2010 3:52:11 AM | Computer Name = Mike-PC | Source = System Restore | ID = 8193
Description =
Error - 4/13/2010 3:52:11 AM | Computer Name = Mike-PC | Source = System Restore | ID = 8210
Description =
Error - 4/14/2010 12:00:22 AM | Computer Name = Mike-PC | Source = VSS | ID = 12293
Description =
Error - 4/14/2010 12:00:23 AM | Computer Name = Mike-PC | Source = System Restore | ID = 8193
Description =
Error - 4/14/2010 12:00:23 AM | Computer Name = Mike-PC | Source = System Restore | ID = 8210
Description =
Error - 4/14/2010 1:05:03 PM | Computer Name = Mike-PC | Source = VSS | ID = 12293
Description =
Error - 4/14/2010 1:05:03 PM | Computer Name = Mike-PC | Source = System Restore | ID = 8193
Description =
Error - 4/14/2010 1:05:03 PM | Computer Name = Mike-PC | Source = System Restore | ID = 8210
Description =
[ OSession Events ]
Error - 8/29/2007 7:42:32 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/7/2007 10:02:10 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1536
seconds with 420 seconds of active time. This session ended with a crash.
Error - 9/24/2008 6:40:35 PM | Computer Name = Mike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1049. This session lasted 2189
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/5/2010 6:34:50 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 8/5/2010 6:34:50 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 8/5/2010 6:34:50 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 8/5/2010 6:34:50 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 8/5/2010 6:37:19 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/5/2010 7:17:36 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/5/2010 7:28:10 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/5/2010 7:32:33 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/5/2010 7:49:41 PM | Computer Name = Mike-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:47:04 PM on 8/5/2010 was unexpected.
Error - 8/5/2010 7:51:07 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Sign In
Create Account
