Hello Emeraldnzl,
Thanks for the reply. Here's the requested scans. It did find at least one. PUM.Hijack.StartMenu
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.02.10
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.11
boss :: LASRIUS [administrator]
Protection: Enabled
1/2/2013 5:55:05 PM
mbam-log-2013-01-02 (17-55-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242061
Time elapsed: 4 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-----------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 1/2/2013 6:08:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.04 Mb Total Physical Memory | 548.08 Mb Available Physical Memory | 53.63% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 1.80 Gb Free Space | 1.85% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 32.63 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.62% Space Free | Partition Type: FAT32
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/12/27 10:29:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/24 11:01:00 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHVA.EXE
PRC - [2006/08/23 22:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 22:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2004/08/10 09:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/07/25 01:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
========== Modules (No Company Name) ========== MOD - [2006/08/23 22:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 22:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 22:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 22:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 22:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/06/09 13:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 22:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDSCO)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - File not found [Kernel | Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - File not found [Kernel | Disabled | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/14 23:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/13 23:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2006/08/23 22:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 00:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/06/05 06:17:47 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/04/18 05:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/21 03:00:00 | 000,750,952 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060321.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/03/21 03:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060321.005\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/14 12:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 05:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 04:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 19:23:52 | 000,196,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/09/19 19:23:48 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/09/19 19:23:40 | 000,031,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2005/09/19 19:23:36 | 000,027,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/09/19 19:23:32 | 000,109,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2005/09/19 19:23:26 | 000,012,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 09:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 09:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 09:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/10 09:00:00 | 000,200,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST)
DRV - [2004/08/10 09:00:00 | 000,072,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" =
http://search.yahoo....=utf-8&fr=b2ie7IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" =
http://en.wikipedia....h={searchTerms}IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" =
http://www.bing.com/...rc=IE-SearchBoxIE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" =
http://www.google.co...age={startPage}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/09 01:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/12/09 01:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2011/12/09 01:12:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/20 22:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
O1 HOSTS File: ([2004/08/10 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8D85FDC-2F63-4DE8-A44A-CF8EBE7B5205}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/01/02 17:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Malwarebytes
[2013/01/02 17:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/02 17:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/02 17:44:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/02 17:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/24 01:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\tablet
[2012/12/11 10:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Start Menu\Programs\YSIGet
[2012/12/11 10:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\YouSendIt Downloads
[2012/12/11 10:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\YSIGet
[2010/04/13 23:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ========== [2013/01/02 17:44:41 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/02 16:02:07 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/01/02 16:02:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/30 21:38:52 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2012/12/26 20:59:36 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/15 10:13:54 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\My Documents\spider.sav
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/11 11:13:31 | 000,000,518 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\My Documents\ali.wgq
[2012/12/11 10:50:32 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\YSIGet.lnk
========== Files Created - No Company Name ========== [2013/01/02 17:44:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/11 11:06:01 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\My Documents\ali.wgq
[2012/12/11 10:50:32 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\YSIGet.lnk
[2012/07/11 17:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 22:38:09 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/03/25 21:17:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/03/25 03:46:12 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF645.ini
[2011/10/16 14:06:38 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/28 22:06:42 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/28 22:06:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/08/28 22:06:40 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/28 22:06:40 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/28 22:06:40 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/22 14:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/04 23:53:04 | 000,000,382 | RHS- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 00:58:58 | 000,002,222 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 10:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/13 23:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/13 23:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/13 23:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 10:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
[2010/01/03 01:21:55 | 002,939,142 | ---- | C] () -- C:\Program Files\FLVplayr.exe
========== ZeroAccess Check ========== [2006/03/28 06:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/09/23 13:12:50 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/10 09:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/10 09:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
-----------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 1/2/2013 6:08:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.04 Mb Total Physical Memory | 548.08 Mb Available Physical Memory | 53.63% Memory free
2.40 Gb Paging File | 2.06 Gb Available in Paging File | 85.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 1.80 Gb Free Space | 1.85% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 32.63 Gb Free Space | 29.19% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.62% Space Free | Partition Type: FAT32
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hidefolder] -- C:\WINDOWS\system32\Zerox\Zerox.exe %1 (Softwares Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1313740E-0072-4E2D-A628-DEFCD38B577A}" = HP User Guides 0011
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5C52EC19-3B77-4B03-BBE8-E7F58ED92D73}" = H&R Block Standard 2011
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89" = FATE from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BarBack for Windows" = BarBack for Windows
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DED8E2B5-BA9F-448F-84E8-0AEF79876F95" = Snowboard SuperJam
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E90E3AE9-73E4-4E5C-BB0F-673989A808D0" = Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
"ESPNMotion" = ESPNMotion
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"QuickPar" = QuickPar 0.9
"QVP" = Quick View Plus
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TaxACT 2009" = TaxACT 2009
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"YSIGet" = YSIGet
"ZoneAlarm" = ZoneAlarm
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 12/5/2012 3:51:21 AM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application control.exe, version 5.1.2600.0, faulting module
qvphook.dll, version 6.0.1.1, fault address 0x000025f9.
Error - 12/6/2012 11:35:19 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
unknown, version 0.0.0.0, fault address 0x840f009c.
Error - 12/6/2012 11:35:24 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 12/7/2012 11:22:58 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.5.0, faulting module libvlc.dll,
version 0.0.0.0, fault address 0x0031a457.
Error - 12/7/2012 11:23:04 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 12/15/2012 1:18:17 AM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
mshtml.dll, version 7.0.5730.11, fault address 0x0008db0c.
Error - 12/15/2012 1:18:23 AM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 12/23/2012 1:56:07 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application control.exe, version 5.1.2600.0, faulting module
qvphook.dll, version 6.0.1.1, fault address 0x000025f9.
Error - 12/26/2012 4:15:58 AM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
mshtml.dll, version 7.0.5730.11, fault address 0x0007d844.
Error - 1/1/2013 11:02:39 PM | Computer Name = LASRIUS | Source = Application Error | ID = 1000
Description = Faulting application mpc-hc.exe, version 1.5.3.3611, faulting module
mpc-hc.exe, version 1.5.3.3611, fault address 0x00057180.
[ System Events ]
Error - 1/2/2013 6:02:15 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqwmiex with
arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
-Embedding
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Messenger service depends on the Workstation service which failed
to start because of the following error: %%1058
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Server service which failed
to start because of the following error: %%1058
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068
Error - 1/2/2013 6:02:17 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SYMTDI
Error - 1/2/2013 6:02:18 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqwmiex with
arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
Error - 1/2/2013 6:02:21 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqwmiex with
arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
Error - 1/2/2013 6:02:24 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqwmiex with
arguments "-Service" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
< End of report >
----------------------------------------------------------------------------------------------------------
Thanks again Emeraldnzl. Hope your holidays went great.
Indexx