Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Xp really slow on start-up

Started by istring , Sep 01 2011 03:07 PM

This topic is locked

#1
istring

Posted 01 September 2011 - 03:07 PM

Member

Member
36 posts

Hi my desktop PC running windows xp is non-responsive for 5 minutes after desktop appears.The PC is only 3 yrs old yet this problem is relatively new. (the last 6 months maybe). Any help would be greatly appreciated

Here's the OLT log

OTL logfile created on: 9/1/2011 5:04:19 PM - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\home\Desktop\Geeks to go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.54% Memory free
4.85 Gb Paging File | 4.16 Gb Available in Paging File | 85.88% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 126.49 Gb Free Space | 54.31% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/01 16:59:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\Geeks to go\OTL.exe
PRC - [2011/07/08 15:27:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 16:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/01/18 16:11:16 | 000,165,408 | ---- | M] (Bell) -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/01 16:57:39 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/08 15:27:01 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/02 12:54:16 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Bell\Bell Internet Security Services\BitDefender\BDCoreEngines\BDCoreSet1\avxdisk.dll
MOD - [2011/05/05 00:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/04/26 16:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/01/17 18:58:42 | 000,147,456 | ---- | M] () -- C:\Program Files\Personal Vault Backup Manager\libexpat.dll
MOD - [2009/11/06 11:53:08 | 000,202,752 | ---- | M] () -- C:\Program Files\Bell\Bell Internet Security Services\BitDefender\smartscn.dll
MOD - [2009/11/02 15:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 15:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/10/23 13:25:54 | 000,225,280 | ---- | M] () -- C:\Program Files\Bell\Bell Internet Security Services\BitDefender\bdfltlib.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/03 06:37:29 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Bell\Bell Internet Security Services\BitDefender\scan.dll -- (scan)
SRV - [2011/05/25 02:09:21 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/26 16:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Stopped] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/01/18 16:11:16 | 000,165,408 | ---- | M] (Bell) [Auto | Running] -- C:\Program Files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/18 16:10:12 | 000,371,920 | ---- | M] (Bell) [Auto | Stopped] -- C:\Program Files\Bell\Bell Internet Security Services\Fws.exe -- (RP_FWS)
SRV - [2010/01/17 19:08:58 | 000,056,400 | ---- | M] (Bell Canada) [Auto | Stopped] -- C:\Program Files\Personal Vault Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade)
SRV - [2010/01/17 19:08:54 | 001,051,728 | ---- | M] (Bell Canada) [Auto | Stopped] -- C:\Program Files\Personal Vault Backup Manager\VaultClientSRV.exe -- (VaultClientSRV)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Stopped] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/07/24 09:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 09:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2007/01/04 18:13:54 | 000,240,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006/03/30 15:58:14 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/03/30 15:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/03/30 15:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/07 01:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)

========== Driver Services (SafeList) ==========

DRV - [2011/05/20 06:51:28 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/01/19 11:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/19 11:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Bell\Bell Internet Security Services\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Bell\Bell Internet Security Services\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/19 17:59:52 | 000,533,752 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009/06/19 17:58:56 | 000,572,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/03/14 13:53:02 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/14 13:53:02 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/05 19:39:13 | 001,964,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/04/24 05:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/04/20 04:02:44 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/03/22 02:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 02:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/22 02:23:50 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/03/17 06:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/06/08 12:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/06/08 12:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 12:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 12:35:18 | 000,054,817 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004/06/08 12:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/06/08 12:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll ()
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 16:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/08 15:27:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/07 17:19:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 16:20:28 | 000,000,000 | ---D | M]

[2011/04/16 13:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
[2011/07/08 09:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 16:42:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 17:32:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 16:25:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/18 08:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/08 09:59:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/02/22 15:36:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/25 22:28:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/08 15:27:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\home\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A91D80B-CCE6-49FA-A3E5-35CCF287494A}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\home\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\home\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:16:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 13:50:18 | 000,025,856 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motoandroid.sys
[2011/08/25 13:50:16 | 000,020,480 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgp.sys
[2011/08/25 13:50:16 | 000,008,320 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motccgpfl.sys
[2011/08/25 13:50:16 | 000,006,400 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motswch.sys
[2011/08/25 13:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2011/08/25 13:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola
[2011/08/25 13:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola

========== Files - Modified Within 30 Days ==========

[2011/09/01 16:50:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 16:50:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/01 16:50:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/01 16:15:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1292428093-1801674531-1005UA.job
[2011/09/01 16:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 12:15:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1292428093-1801674531-1005Core.job
[2011/08/31 21:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/26 07:07:33 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 13:54:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/08/25 13:54:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/08/25 13:50:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/08/12 20:20:15 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2011/08/12 00:59:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[2011/08/10 03:10:23 | 000,503,430 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 03:10:23 | 000,088,778 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 03:08:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 10:55:36 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Spiral Knights.url

========== Files Created - No Company Name ==========

[2011/08/25 13:54:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/08/25 13:54:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/08/25 13:50:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2011/08/05 11:03:43 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2011/08/05 10:55:36 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\home\Desktop\Spiral Knights.url
[2011/07/08 15:32:05 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/20 06:43:40 | 000,000,157 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/02/26 10:45:46 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010/09/12 21:16:12 | 000,336,420 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-790525478-1292428093-1801674531-1005-0.dat
[2010/09/12 21:16:12 | 000,132,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/09/01 17:20:23 | 000,274,212 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/09/01 17:20:22 | 000,274,212 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/09/01 17:20:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/17 09:57:28 | 000,705,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/13 06:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/09 13:30:57 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/02/06 08:31:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/02/06 08:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/24 16:19:55 | 000,023,109 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/01/08 06:44:00 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\rx_audio.Cache
[2010/01/08 06:43:39 | 000,340,268 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\rx_image32.Cache
[2010/01/02 10:35:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/12/25 16:59:41 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/12/09 11:38:24 | 000,000,182 | ---- | C] () -- C:\WINDOWS\KA.INI
[2009/11/21 20:29:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/11/14 10:55:34 | 000,189,239 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2009/08/31 19:58:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat
[2009/08/31 19:44:55 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\home\Application Data\PnkBstrK.sys
[2009/08/07 19:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/13 16:57:16 | 000,116,840 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/07 18:19:22 | 000,176,901 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/05/07 18:19:22 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/05/02 15:52:18 | 000,030,505 | ---- | C] () -- C:\WINDOWS\SSSETUP.EXE
[2009/04/25 14:51:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 17:59:01 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/03/14 13:53:02 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/14 13:53:02 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/02/17 20:13:28 | 000,077,348 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/01/04 19:19:56 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/26 12:02:10 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/11/30 18:18:41 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2008/11/30 18:08:41 | 000,123,061 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2008/11/30 18:08:41 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2008/11/29 17:43:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/29 17:43:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/11/29 17:22:49 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/11/29 17:22:49 | 000,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/11/29 17:22:24 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/11/29 17:22:21 | 000,027,575 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/29 17:22:12 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/11/29 17:17:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/29 17:14:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/29 11:54:48 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/29 11:52:08 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,503,430 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,088,778 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/09/24 10:00:00 | 000,000,018 | ---- | C] () -- C:\WINDOWS\bcm.ini

========== LOP Check ==========

[2011/05/20 06:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/20 06:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2008/11/30 18:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/01/10 10:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/10 10:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/11/10 07:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enjoin
[2010/08/30 18:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2009/05/16 06:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2009/09/05 22:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/02/14 06:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/25 16:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2010/02/06 08:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/05/20 06:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2011/08/06 08:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/05/17 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/09/04 05:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/25 16:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/04/01 20:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\.minecraft
[2011/06/02 12:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Bell
[2011/08/01 15:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\BitTorrent
[2010/08/14 16:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\CanuckSoftware
[2009/01/10 10:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\DriverCure
[2009/12/05 18:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\FrostWire
[2009/04/12 09:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\GarageGames
[2008/11/30 18:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\InterTrust
[2010/06/29 20:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Leadertech
[2011/04/22 19:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\My Battle for Middle-earth™ II Files
[2010/07/15 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\My Games
[2010/04/17 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2010/07/24 08:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Registry Mechanic
[2009/12/25 16:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Simple Star
[2009/09/20 19:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\SPORE
[2010/04/13 07:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\SystemRequirementsLab
[2011/06/26 03:38:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Oops here's the extras log

OTL Extras logfile created on: 9/1/2011 4:59:38 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.20% Memory free
4.85 Gb Paging File | 4.20 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 126.49 Gb Free Space | 54.32% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"18139:TCP" = 18139:TCP:*:Enabled:File Sync Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\CDS\Nero\Installation\SetupX.exe" = D:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager
"C:\Program Files\THQ\Titan Quest\Titan Quest.exe" = C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\patchget.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
"C:\NGM\NGM.exe" = C:\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- ()
"C:\Program Files\Roxio 2010\Venue\Venue.exe" = C:\Program Files\Roxio 2010\Venue\Venue.exe:*:Enabled:Roxio Venue -- (Sonic Solutions)
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer
"C:\Westwood\RA2\game.exe" = C:\Westwood\RA2\game.exe:*:Enabled:Main executable for Red Alert 2
"C:\Westwood\RA2\mph.exe" = C:\Westwood\RA2\mph.exe:*:Enabled:mph
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\home\Application Data\Microsoft\Installer\{784585EB-52E6-4FD7-A87A-D8DD2A9AAC10}\_39C296558B7FE245744512.exe" = C:\Documents and Settings\home\Application Data\Microsoft\Installer\{784585EB-52E6-4FD7-A87A-D8DD2A9AAC10}\_39C296558B7FE245744512.exe:*:Enabled:_39C296558B7FE245744512 -- ()
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\LMI1A2.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI1A2.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\lost planet extreme condition\LostPlanetDX9.exe" = C:\Program Files\Steam\SteamApps\common\lost planet extreme condition\LostPlanetDX9.exe:*:Enabled:Lost Planet: Extreme Condition -- (CAPCOM CO., LTD.)
"C:\Program Files\Steam\SteamApps\common\lost planet extreme condition\LostPlanetDX10.exe" = C:\Program Files\Steam\SteamApps\common\lost planet extreme condition\LostPlanetDX10.exe:*:Enabled:Lost Planet: Extreme Condition -- (CAPCOM CO., LTD.)
"C:\Program Files\Steam\SteamApps\common\spiral knights\java_vm\bin\javaw.exe" = C:\Program Files\Steam\SteamApps\common\spiral knights\java_vm\bin\javaw.exe:*:Enabled:Spiral Knights -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06C32EA0-4A22-4919-979A-8700715865B8}" = Microsoft LifeCam
"{073786F2-18E0-439B-9A31-312B71FA48D5}" = MyInvoices & Estimates Deluxe
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1A722192-4AEA-4911-9F71-EBECEDC970B5}" = Newsflash
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34699808-5D74-40E4-AD81-2F07F3313ECE}" = RPS RpsCore
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content
"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A233F59-110E-4B71-913C-FEBF78E53044}" = Roxio Creator 2009 Special Edition
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Special Edition
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784585EB-52E6-4FD7-A87A-D8DD2A9AAC10}" = File Sync
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Special Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C44365D5-634A-4D55-9B9C-346FF6ED76BE}" = Bell Internet Security Services
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD2EA1EE-6CAE-4227-A944-C9F9B43AA950}" = RPS PerfectDiskStub
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"7-Zip" = 7-Zip 4.65
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"Ares" = Ares 2.1.1
"BellCanada" = Bell Internet Check-up
"BitTorrent" = BitTorrent
"DungeonSiege2" = Dungeon Siege 2
"ERUNT_is1" = ERUNT 1.1j
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"jZip" = jZip
"KG_2.4b" = JumpStart Kindergarten v2.4b
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Roxio PhotoShow" = Roxio PhotoShow
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 6510" = Lost Planet: Extreme Condition
"Steam App 99900" = Spiral Knights
"SystemRequirementsLab" = System Requirements Lab
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2011 10:12:25 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
hpqtra08.exe, version 110.0.180.0, fault address 0x0000adf3.

Error - 8/3/2011 10:40:32 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 110.0.180.0, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

Error - 8/10/2011 3:29:10 AM | Computer Name = OFFICE | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 8/17/2011 4:14:43 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/17/2011 4:14:43 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/17/2011 4:14:43 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/24/2011 6:09:23 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/24/2011 6:09:23 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/24/2011 6:09:38 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 8/24/2011 6:09:38 PM | Computer Name = OFFICE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Palm Novacom service terminated unexpectedly. It has done this
1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The PC Tools Startup and Shutdown Monitor service service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The ForceWare user log service service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The ServicepointService service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Personal Vault Backup Manager Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Personal Vault Backup Manager Upgrade Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/1/2011 4:57:11 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The ForceWare Intelligent Application Manager (IAM) service terminated
unexpectedly. It has done this 1 time(s).

< End of report >

Edited by istring, 01 September 2011 - 03:09 PM.

#2
Render

Posted 07 September 2011 - 10:26 AM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select No.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

#3
istring

Posted 07 September 2011 - 02:43 PM

Member

Topic Starter
Member
36 posts

Sorry Render;

I accidentally downloaded avast virus definitions hope i doesn't ruin things.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-07 16:28:29
-----------------------------
16:28:29.661 OS Version: Windows 5.1.2600 Service Pack 3
16:28:29.661 Number of processors: 2 586 0x4303
16:28:29.661 ComputerName: OFFICE UserName: home
16:28:29.943 Initialize success
16:28:34.224 AVAST engine defs: 11090700
16:28:40.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007b
16:28:40.021 Disk 0 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
16:28:40.052 Disk 0 MBR read successfully
16:28:40.052 Disk 0 MBR scan
16:28:40.083 Disk 0 Windows XP default MBR code
16:28:40.083 Disk 0 scanning sectors +488376000
16:28:40.146 Disk 0 scanning C:\WINDOWS\system32\drivers
16:28:48.974 Service scanning
16:28:49.864 Modules scanning
16:28:57.396 Disk 0 trace - called modules:
16:28:57.443 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
16:28:57.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a62a9c0]
16:28:57.443 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a662ac0]
16:28:57.443 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000007b[0x8a5ee030]
16:28:57.739 AVAST engine scan C:\WINDOWS
16:29:12.380 AVAST engine scan C:\WINDOWS\system32
16:31:38.380 AVAST engine scan C:\WINDOWS\system32\drivers
16:31:54.536 AVAST engine scan C:\Documents and Settings\home
16:38:41.802 AVAST engine scan C:\Documents and Settings\All Users
16:40:24.958 Scan finished successfully
16:40:53.255 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\home\Desktop\MBR.dat"
16:40:53.255 The log file has been saved successfully to "C:\Documents and Settings\home\Desktop\aswMBR.txt"

#4
Render

Posted 07 September 2011 - 03:11 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

I accidentally downloaded avast virus definitions hope i doesn't ruin things.

No, it's OK only the scan took longer.

Seems clean to me. I mean nothing jumps out at me so far.

I would recommend replacing AVG antivirus with some other - no so resources hungry thingy. But is up to you. Are you happy with AVG?

Please proceed with following steps:

Step 1

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.

Under the Custom Scans/Fixes box copy and paste this in:

:OTL
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Posted Image

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware.
Select the Update tab.
Click on Check for Updates button.
Click on OK.
Select the Scanner tab.
Select Perform quick scan, then click on Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:

OTL fix log
MBAM log

#5
istring

Posted 07 September 2011 - 05:15 PM

Member

Topic Starter
Member
36 posts

Didn't think i had AVG.At least I don't remember downloading it.Thought I had one from my internet provider.(bell)
What antivirus would you reccommmend
Also, after the otl fix reboot, I was able to open programs alot quicker,however the little icon for local area connection took a while to appear thus not allowing internet access for 5 mins or so.

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\home\Desktop\Geeks to go\cmd.bat deleted successfully.
C:\Documents and Settings\home\Desktop\Geeks to go\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: home
->Temp folder emptied: 619233 bytes
->Temporary Internet Files folder emptied: 50560 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19696771 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 709968 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7606 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 871 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: home
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09072011_184622

Files\Folders moved on Reboot...
C:\WINDOWS\temp\ZKT{F54F51A2-8C6C-4356-9624-CCC44A1DD82D}.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZKT{FDCAB747-5735-43A0-87ED-52596219E57A}.tmp not found!

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\home\Desktop\Geeks to go\cmd.bat deleted successfully.
C:\Documents and Settings\home\Desktop\Geeks to go\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: home
->Temp folder emptied: 619233 bytes
->Temporary Internet Files folder emptied: 50560 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19696771 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 709968 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7606 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 871 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: home
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.27.0 log created on 09072011_184622

Files\Folders moved on Reboot...
C:\WINDOWS\temp\ZKT{F54F51A2-8C6C-4356-9624-CCC44A1DD82D}.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZKT{FDCAB747-5735-43A0-87ED-52596219E57A}.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7673

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/7/2011 7:13:23 PM
mbam-log-2011-09-07 (19-13-23).txt

Scan type: Quick scan
Objects scanned: 182351
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6
Render

Posted 07 September 2011 - 05:40 PM

Trusted Helper

Malware Removal
4,195 posts

OK. Please follow instructions here to assign a static address of your machine's local IP to speed up network connectivity after boot up. Your default gateway address is: 192.168.2.1

I recommend following antivirus programs:

NOTE: Make sure you only use one, though!

NEXT...

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download AVPTool from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#7
istring

Posted 08 September 2011 - 06:57 AM

Member

Topic Starter
Member
36 posts

Phew ok the Kapersky scan found no threats.There was nothing in the detected threat tab to save.Same with the disinfection tab (no zip file). I take it this is good.As for the static address, when i followed the steps I couldn't connect to the internet.

Maybe i'm doing something wrong in both cases?

Gathering system information: completed 5 minutes ago (events: 250, time: 00:01:44)
9/8/2011 8:51:15 AM Task started Gathering system information
9/8/2011 8:51:17 AM Main script of analysis
9/8/2011 8:51:18 AM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
9/8/2011 8:51:18 AM System Restore: enabled
9/8/2011 8:51:18 AM 1.1 Searching for user-mode API hooks
9/8/2011 8:51:18 AM Analysis: kernel32.dll, export table found in section .text
9/8/2011 8:51:18 AM IAT modification detected: CreateProcessA - 00BD0010<>7C80236B
9/8/2011 8:51:18 AM IAT modification detected: GetModuleFileNameA - 00BD0080<>7C80B56F
9/8/2011 8:51:19 AM IAT modification detected: FreeLibrary - 00BD00F0<>7C80AC7E
9/8/2011 8:51:19 AM IAT modification detected: GetModuleFileNameW - 00BD0160<>7C80B475
9/8/2011 8:51:19 AM IAT modification detected: CreateProcessW - 00BD01D0<>7C802336
9/8/2011 8:51:19 AM IAT modification detected: LoadLibraryW - 00BD02B0<>7C80AEEB
9/8/2011 8:51:19 AM IAT modification detected: LoadLibraryA - 00BD0320<>7C801D7B
9/8/2011 8:51:19 AM IAT modification detected: GetProcAddress - 00BD0390<>7C80AE40
9/8/2011 8:51:19 AM Analysis: ntdll.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: user32.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: advapi32.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: ws2_32.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: wininet.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: rasapi32.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: urlmon.dll, export table found in section .text
9/8/2011 8:51:19 AM Analysis: netapi32.dll, export table found in section .text
9/8/2011 8:51:20 AM 1.2 Searching for kernel-mode API hooks
9/8/2011 8:51:20 AM Driver loaded successfully
9/8/2011 8:51:20 AM SDT found (RVA=085700)
9/8/2011 8:51:20 AM Kernel ntkrnlpa.exe found in memory at address 804D7000
9/8/2011 8:51:20 AM SDT = 8055C700
9/8/2011 8:51:20 AM KiST = 80504480 (284)
9/8/2011 8:51:20 AM Function NtAdjustPrivilegesToken (0B) intercepted (805EC464->9897A690), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtClose (19) intercepted (805BC530->9897AF94), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtConnectPort (1F) intercepted (805A45D0->9897BDC8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateEvent (23) intercepted (8060EF4E->9897C312), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateFile (25) intercepted (805790A8->9897B270), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateKey (29) intercepted (806240F0->98979500), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateMutant (2B) intercepted (8061769E->9897C1F8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateNamedPipeFile (2C) intercepted (805790E2->9897A27E), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreatePort (2E) intercepted (805A50EC->9897C0CC), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateSection (32) intercepted (805AB3C8->9897A426), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateSemaphore (33) intercepted (8061504E->9897C432), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateThread (35) intercepted (805D1018->9897AC1C), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtCreateWaitablePort (38) intercepted (805A5110->9897C162), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtDebugActiveProcess (39) intercepted (80643B30->9897DB1A), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtDeleteKey (3F) intercepted (8062458C->98979B0A), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtDeleteValueKey (41) intercepted (8062475C->98979EBE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtDeviceIoControlFile (42) intercepted (8057926E->9897B6F2), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtDuplicateObject (44) intercepted (805BE008->9897ED26), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtEnumerateKey (47) intercepted (8062493C->9897A00A), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtEnumerateValueKey (49) intercepted (80624BA6->9897A0A2), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtFsControlFile (54) intercepted (805792A2->9897B500), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtLoadDriver (61) intercepted (80584160->9897DC0C), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtLoadKey (62) intercepted (80626314->989794DC), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtLoadKey2 (63) intercepted (80625F20->989794EE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtMapViewOfSection (6C) intercepted (805B203A->9897E374), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtNotifyChangeKey (6F) intercepted (806262DE->9897A1CE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenEvent (72) intercepted (8060F04E->9897C3A8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenFile (74) intercepted (8057A1A6->9897B016), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenKey (77) intercepted (806254CE->989796C0), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenMutant (78) intercepted (80617776->9897C288), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenProcess (7A) intercepted (805CB440->9897A8CC), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenSection (7D) intercepted (805AA3EC->9897E10E), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenSemaphore (7E) intercepted (80615148->9897C4C8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtOpenThread (80) intercepted (805CB6CC->9897A7BE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtQueryKey (A0) intercepted (80625810->9897A13A), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtQueryMultipleValueKey (A1) intercepted (8062323E->98979D72), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtQuerySection (A7) intercepted (805B85E0->9897E6AE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtQueryValueKey (B1) intercepted (80622314->9897999C), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtQueueApcThread (B4) intercepted (805D1276->9897DFA0), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtRenameKey (C0) intercepted (80623B12->98979C2C), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtReplaceKey (C1) intercepted (806261C4->98978F16), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtReplyPort (C2) intercepted (805A54EC->9897C82C), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtReplyWaitReceivePort (C3) intercepted (805A64B4->9897C6F2), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtRequestWaitReplyPort (C8) intercepted (805A2D76->9897D8B4), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtRestoreKey (CC) intercepted (80625AD0->9897928E), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtResumeThread (CE) intercepted (805D49BA->9897EBC8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSaveKey (CF) intercepted (80625BCC->98978EAE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSecureConnectPort (D2) intercepted (805A3D64->9897BB0E), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSetContextThread (D5) intercepted (805D173A->9897AE38), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSetInformationToken (E6) intercepted (805FA7B4->9897D154), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSetSecurityObject (ED) intercepted (805C062E->9897DDAA), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSetSystemInformation (F0) intercepted (8060FD06->9897E7FE), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSetValueKey (F7) intercepted (80622662->98979816), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSuspendProcess (FD) intercepted (805D4A82->9897E8F0), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSuspendThread (FE) intercepted (805D48F4->9897EA2A), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtSystemDebugControl (FF) intercepted (806180BA->9897DA3E), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtTerminateProcess (101) intercepted (805D29E2->9897AA68), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtTerminateThread (102) intercepted (805D2BDC->9897A9C8), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtUnmapViewOfSection (10B) intercepted (805B2E48->9897E552), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function NtWriteVirtualMemory (115) intercepted (805B43CC->9897AB52), hook C:\WINDOWS\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM >>> Hook code blocked
9/8/2011 8:51:20 AM Function FsRtlCheckLockForReadAccess (804EAF84) - machine code modification Method of JmpTo. jmp 9896CFD0 \SystemRoot\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:20 AM Function IoIsOperationSynchronous (804EF912) - machine code modification Method of JmpTo. jmp 9896D3AC \SystemRoot\system32\DRIVERS\1207006drv.sys, driver recognized as trusted
9/8/2011 8:51:20 AM >>> Function restored successfully !
9/8/2011 8:51:21 AM Functions checked: 284, intercepted: 60, restored: 62
9/8/2011 8:51:21 AM 1.3 Checking IDT and SYSENTER
9/8/2011 8:51:21 AM Analysis for CPU 1
9/8/2011 8:51:21 AM Analysis for CPU 2
9/8/2011 8:51:21 AM CmpCallCallBacks = 00093D84
9/8/2011 8:51:21 AM Disable callback OK
9/8/2011 8:51:21 AM Checking IDT and SYSENTER - complete
9/8/2011 8:51:21 AM 1.4 Searching for masking processes and drivers
9/8/2011 8:51:21 AM Checking not performed: extended monitoring driver (AVZPM) is not installed
9/8/2011 8:51:21 AM 1.5 Checking of IRP handlers
9/8/2011 8:51:21 AM Driver loaded successfully
9/8/2011 8:51:21 AM Checking - complete
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: Messenger (Messenger)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: Alerter (Alerter)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
9/8/2011 8:51:48 AM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
9/8/2011 8:51:48 AM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
9/8/2011 8:51:48 AM >> Security: disk drives' autorun is enabled
9/8/2011 8:51:48 AM >> Security: administrative shares (C$, D$ ...) are enabled
9/8/2011 8:51:48 AM >> Security: anonymous user access is enabled
9/8/2011 8:51:48 AM >> Security: sending Remote Assistant queries is enabled
9/8/2011 8:51:50 AM >> Timeout of "Not Responding" verdict for processes is out of admissible values
9/8/2011 8:51:50 AM >> Disable HDD autorun
9/8/2011 8:51:50 AM >> Disable autorun from network drives
9/8/2011 8:51:51 AM >> Disable CD/DVD autorun
9/8/2011 8:51:51 AM >> Disable removable media autorun
9/8/2011 8:51:51 AM >> Windows Explorer - show extensions of known file types
9/8/2011 8:51:51 AM System Analysis in progress
9/8/2011 8:52:59 AM System Analysis - complete
9/8/2011 8:52:59 AM Deleting service/driver: utk0mtm3
9/8/2011 8:52:59 AM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\utk0mtm3
9/8/2011 8:52:59 AM Delete file:C:\WINDOWS\system32\Drivers\utk0mtm3.sys
9/8/2011 8:52:59 AM Deleting service/driver: ujk0mtm3
9/8/2011 8:52:59 AM Main script of analysis
9/8/2011 8:52:59 AM Task completed Gathering system information

Edited by istring, 08 September 2011 - 07:05 AM.

#8
Render

Posted 08 September 2011 - 07:41 AM

Trusted Helper

Malware Removal
4,195 posts

OK. So original problem is still apparent?

Please download MiniToolBox and run it.

Checkmark following checkboxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log

Click Go and post the result (Result.txt).

#9
istring

Posted 08 September 2011 - 03:28 PM

Member

Topic Starter
Member
36 posts

MiniToolBox by Farbar
Ran by home (administrator) on 08-09-2011 at 17:27:48
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost"
"network.proxy.type", 0
========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=static addr=192.168.0.1 mask=255.255.255.0
set dns name="Local Area Connection 2" source=static addr=none register=PRIMARY
set wins name="Local Area Connection 2" source=static addr=none

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : OFFICE

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2

Physical Address. . . . . . . . . : 00-18-F3-73-D6-4B

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-18-F3-73-CA-51

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.10

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Thursday, September 08, 2011 5:24:34 PM

Lease Expires . . . . . . . . . . : Sunday, September 11, 2011 5:24:34 PM

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.82, 74.125.226.83, 74.125.226.80, 74.125.226.84
74.125.226.81

Pinging google.com [74.125.226.82] with 32 bytes of data:

Reply from 74.125.226.82: bytes=32 time=10ms TTL=55

Reply from 74.125.226.82: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.226.82:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 13ms, Average = 11ms

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=76ms TTL=53

Reply from 209.191.122.70: bytes=32 time=51ms TTL=53

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 76ms, Average = 63ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 73 d6 4b ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
0x3 ...00 18 f3 73 ca 51 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 20
192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 20
224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 20
255.255.255.255 255.255.255.255 192.168.2.10 2 1
255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/07/2011 09:50:16 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4 0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/07/2011 09:17:07 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/07/2011 09:15:39 PM) (Source: Microsoft Security Client) (User: )
Description: Microsoft Security Client failed to apply security policy: "FEP clean-up policy". Error: . Error Code: 0x80040154.

Error: (09/07/2011 09:12:04 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 09:01:51 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 08:59:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 08:59:43 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x800106baupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/07/2011 08:57:42 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80004004updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/07/2011 08:55:28 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/07/2011 04:18:59 PM) (Source: Application Error) (User: )
Description: Faulting application hpqtra08.exe, version 110.0.180.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [hpqtra08.exe!ws!]

System errors:
=============
Error: (09/08/2011 05:27:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (09/08/2011 05:26:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (09/08/2011 05:26:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (09/08/2011 05:26:37 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2011 05:25:45 PM) (Source: DCOM) (User: UpdatusUser)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user OFFICE\UpdatusUser SID (S-1-5-21-790525478-1292428093-1801674531-1007). This security permission can be modified using the Component Services administrative tool.

Microsoft Office Sessions:
=========================
Error: (09/07/2011 09:50:16 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0moaccapability3.0.8402.000unspecifiedunspecifiedNILNILNIL

Error: (09/07/2011 09:17:07 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (09/07/2011 09:15:39 PM) (Source: Microsoft Security Client)(User: )
Description: Microsoft Security ClientFEP clean-up policy0x80040154

Error: (09/07/2011 09:12:04 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 09:01:51 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 08:59:58 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80070424startservicecmainwindow__onantimalwareenabled0security essentialsNILNILNIL

Error: (09/07/2011 08:59:43 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x800106baupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/07/2011 08:57:42 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80004004updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (09/07/2011 08:55:28 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset3.0.8402.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (09/07/2011 04:18:59 PM) (Source: Application Error)(User: )
Description: hpqtra08.exe110.0.180.0ntdll.dll5.1.2600.6055000101b3

**** End of log ****

#10
Render

Posted 08 September 2011 - 03:42 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Hi my desktop PC running windows xp is non-responsive for 5 minutes after desktop appears.

Besides this problem, do you have any other issues that point at malware?

Download and run Puran Disc Defragmenter.
For the first run I would recommend a boot defrag and disk check.
Posted Image