Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer runs slow

Started by grumpygrampy , Jun 03 2014 11:04 PM

  • Please log in to reply

#1
grumpygrampy
Posted 03 June 2014 - 11:04 PM

grumpygrampy

    New Member

  • Member
  • Pip
  • 2 posts

Hi,

 

Thanks in advance for the help.

 

Other than it runs slow there is not much additional information I can provide.  As you can probably tell by going thru the logs I did post a problem on Bleeping Computer. Besides being a slow computer I was also getting a message that I was missing the cmd.exe file.  They relieved that problem but the computer is still slow.  I could try to copy and paste what I had posted there to this forum.  I ran some diagnostics and was requested additional.  I posted the logs as requested and received no response.  Apparently they figured I was all set.

 

Here I the two logs I got from running OTL

 

OTL logfile created on: 6/4/2014 12:16:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.94 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.36% Memory free
4.19 Gb Paging File | 3.17 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.45 Gb Total Space | 148.87 Gb Free Space | 83.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.37% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 359.93 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-4DACD0EA79 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/04 00:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2014/05/21 07:17:32 | 001,227,304 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
PRC - [2014/05/21 07:16:59 | 000,679,464 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
PRC - [2014/05/06 23:31:49 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2013/08/14 08:23:06 | 000,310,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
PRC - [2013/08/14 08:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
PRC - [2013/06/25 00:36:20 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
PRC - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\fshoster32.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/26 00:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/09/02 19:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/04/13 12:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [1999/08/30 08:19:12 | 000,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/21 07:17:49 | 000,278,056 | ---- | M] () -- \\?\c:\program files\charter security suite\apps\computersecurity\hips\fsumi.dll
MOD - [2014/05/21 07:16:59 | 000,949,288 | ---- | M] () -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fm4av.dll
MOD - [2013/12/10 22:12:01 | 000,212,008 | ---- | M] () -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Spam Control\fsas.dll
MOD - [2013/08/14 08:22:50 | 000,056,256 | ---- | M] () -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavures.eng
MOD - [2013/08/14 08:22:40 | 000,045,504 | ---- | M] () -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsavhres.eng
MOD - [2013/05/15 16:05:56 | 000,220,096 | ---- | M] () -- C:\Program Files\Charter Security Suite\daas2.dll
MOD - [2013/02/13 22:44:37 | 000,030,888 | ---- | M] () -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2013/02/12 18:37:13 | 000,593,464 | ---- | M] () -- C:\WINDOWS\WinSxS\x86_F-Secure.Qt462_2e112a926211c0a3_4.6.482.65_x-ww_a8ee95a1\QtMultimediaKit1.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/20 20:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 20:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005/08/03 02:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/03/11 16:35:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 08:23:06 | 000,216,000 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
SRV - [2013/07/03 15:14:16 | 000,225,280 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
SRV - [2013/06/25 00:36:20 | 000,060,352 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe -- (FSORSPClient)
SRV - [2013/06/19 11:48:47 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\fshoster32.exe -- (fshoster)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/09/02 19:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 19:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/05/21 07:17:49 | 000,073,864 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2014/04/23 20:20:19 | 000,145,960 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013/10/05 23:22:03 | 000,044,240 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2013/04/25 12:52:40 | 000,050,112 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnixp32.sys -- (fsni)
DRV - [2013/04/25 12:52:40 | 000,021,952 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnitdi32.sys -- (fsnitdi)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/25 19:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [1999/08/30 08:19:12 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 91 E9 20 1F 1E CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 38FE39AB1F1F419A929ED49A82C67364
IE - HKCU\..\SearchScopes\38FE39AB1F1F419A929ED49A82C67364: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
 
 
[2007/01/05 22:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/05 21:42:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
 
O1 HOSTS File: ([2014/03/01 22:26:31 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [BFHP] C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe File not found
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files\Charter Security Suite\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smart...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1372954540875 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remote.lifes...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFBEBDA-3F1A-48A3-AE44-01D5DD2B3233}: DhcpNameServer = 66.189.0.100 24.159.64.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/31 19:30:27 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/05/19 21:31:00 | 000,000,067 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{529fc780-1ba1-11e2-bf7c-0018f394ac14}\Shell - "" = AutoRun
O33 - MountPoints2\{529fc780-1ba1-11e2-bf7c-0018f394ac14}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{529fc780-1ba1-11e2-bf7c-0018f394ac14}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 00:15:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2014/05/22 23:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/22 20:56:54 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\HP_Administrator\My Documents\JRT.exe
[2014/05/22 20:50:58 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\tfc.exe
[2014/05/20 23:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/05/20 22:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\mbar
[2014/05/20 22:41:44 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/20 21:58:28 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/20 21:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/20 21:50:38 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/20 21:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/20 20:04:45 | 001,940,216 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
[2014/05/20 20:01:54 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.07.0.1009.exe
[2014/05/19 21:33:44 | 000,982,016 | ---- | C] (Farbar) -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2014/05/19 21:32:46 | 000,409,088 | ---- | C] (Farbar) -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2014/05/18 09:39:41 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2014/05/17 22:17:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/05/17 21:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Soft-Now bundle
[2014/05/17 21:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller_AdwCleaner_1535921
[2014/05/17 21:12:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2014/05/17 20:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Deployment
[2014/05/14 00:56:06 | 000,000,000 | ---D | C] -- C:\5799ffc8b05ad04c28fb18f4ca2896b6
[2011/02/01 09:49:28 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\gotomypc_540.exe
[2009/10/22 19:50:50 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\gotomypc_437.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/04 00:21:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F471236A-0D24-46C7-85A2-9CA039872148}.job
[2014/06/04 00:15:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2014/06/03 23:48:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/03 23:45:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/03 23:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/03 18:14:10 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/06/03 18:14:08 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/03 18:14:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/03 18:13:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/03 18:13:51 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/02 02:36:25 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/06/02 00:33:30 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\June 2 pictures.wps
[2014/06/02 00:33:30 | 000,034,388 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2014/05/26 21:29:14 | 000,001,000 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2014/05/26 13:44:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/05/22 20:56:55 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\HP_Administrator\My Documents\JRT.exe
[2014/05/22 20:55:26 | 001,326,389 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
[2014/05/22 20:50:59 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\tfc.exe
[2014/05/22 01:44:51 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\computer comparison.wps
[2014/05/20 23:01:46 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/20 22:57:43 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/05/20 22:41:44 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/20 21:56:11 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/20 20:04:46 | 001,940,216 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
[2014/05/20 20:02:02 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\HP_Administrator\Desktop\mbar-1.07.0.1009.exe
[2014/05/19 21:33:45 | 000,982,016 | ---- | M] (Farbar) -- C:\Documents and Settings\HP_Administrator\Desktop\MiniToolBox.exe
[2014/05/19 21:32:46 | 000,409,088 | ---- | M] (Farbar) -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2014/05/19 21:30:23 | 000,854,367 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2014/05/08 15:00:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/05/07 13:35:45 | 000,164,204 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Loss blurb.JPG
 
========== Files Created - No Company Name ==========
 
[2014/06/02 00:33:28 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\June 2 pictures.wps
[2014/05/22 21:26:13 | 3152,596,992 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/22 20:55:25 | 001,326,389 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
[2014/05/22 01:44:51 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\computer comparison.wps
[2014/05/20 21:56:11 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/19 21:30:21 | 000,854,367 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2014/05/07 13:35:45 | 000,164,204 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Loss blurb.JPG
[2013/09/13 12:24:30 | 000,750,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-254316208-3875008637-2640215620-1007-0.dat
[2013/09/13 12:24:21 | 000,316,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/13 22:41:07 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2013/02/13 22:39:56 | 000,019,875 | ---- | C] () -- C:\WINDOWS\prodsett_copy.ini
[2011/12/04 14:07:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\gotomypc_626.exe
[2010/10/02 13:27:38 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\a7a627f2efc772c2bd2248adcb759b3f.ocx
[2007/02/18 13:29:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/31 16:58:11 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dm.ini
[2006/12/08 18:53:43 | 000,034,388 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/12/07 22:59:32 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/24 19:01:59 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/11/24 19:01:58 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.bak
 
========== ZeroAccess Check ==========
 
[2005/08/30 23:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/10/02 14:51:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\a7a627
[2010/05/05 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ancestry.com
[2009/08/08 15:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2012/05/04 13:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2013/02/14 11:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/03/18 20:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2014/01/30 22:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/04/02 17:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2013/07/07 13:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2013/05/05 18:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/05/19 21:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/10/02 11:17:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMDQGULAGAS
[2012/07/25 16:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/09 18:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2013/02/07 22:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/09/12 21:45:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
[2011/01/29 13:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 378 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09DC8014

< End of report >

 

OTL Extras logfile created on: 6/4/2014 12:16:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.94 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.36% Memory free
4.19 Gb Paging File | 3.17 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.45 Gb Total Space | 148.87 Gb Free Space | 83.89% Space Free | Partition Type: NTFS
Drive D: | 8.84 Gb Total Space | 0.56 Gb Free Space | 6.37% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 359.93 Gb Free Space | 77.28% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-4DACD0EA79 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"33903:TCP" = 33903:TCP:*:Enabled:PORT_33903
"44457:TCP" = 44457:TCP:*:Enabled:PORT_44457
"6336:TCP" = 6336:TCP:*:Enabled:PORT_6336
"57605:TCP" = 57605:TCP:*:Enabled:PORT_57605
"27789:TCP" = 27789:TCP:*:Enabled:PORT_27789
"55426:TCP" = 55426:TCP:*:Enabled:PORT_55426
"58461:TCP" = 58461:TCP:*:Enabled:PORT_58461
"7747:TCP" = 7747:TCP:*:Enabled:PORT_7747
"34075:TCP" = 34075:TCP:*:Enabled:PORT_34075
"5895:TCP" = 5895:TCP:*:Enabled:PORT_5895
"42258:TCP" = 42258:TCP:*:Enabled:PORT_42258
"60871:TCP" = 60871:TCP:*:Enabled:PORT_60871
"15586:TCP" = 15586:TCP:*:Enabled:PORT_15586
"41376:TCP" = 41376:TCP:*:Enabled:PORT_41376
"59840:TCP" = 59840:TCP:*:Enabled:PORT_59840
"23832:TCP" = 23832:TCP:*:Enabled:PORT_23832
"47636:TCP" = 47636:TCP:*:Enabled:PORT_47636
"56746:TCP" = 56746:TCP:*:Enabled:PORT_56746
"51215:TCP" = 51215:TCP:*:Enabled:PORT_51215
"21285:TCP" = 21285:TCP:*:Enabled:PORT_21285
"21492:TCP" = 21492:TCP:*:Enabled:PORT_21492
"6633:TCP" = 6633:TCP:*:Enabled:PORT_6633
"46840:TCP" = 46840:TCP:*:Enabled:PORT_46840
"50754:TCP" = 50754:TCP:*:Enabled:PORT_50754
"53254:TCP" = 53254:TCP:*:Enabled:PORT_53254
"51008:TCP" = 51008:TCP:*:Enabled:PORT_51008
"59605:TCP" = 59605:TCP:*:Enabled:PORT_59605
"5789:TCP" = 5789:TCP:*:Enabled:PORT_5789
"52465:TCP" = 52465:TCP:*:Enabled:PORT_52465
"26945:TCP" = 26945:TCP:*:Enabled:PORT_26945
"57278:TCP" = 57278:TCP:*:Enabled:PORT_57278
"11461:TCP" = 11461:TCP:*:Enabled:PORT_11461
"16801:TCP" = 16801:TCP:*:Enabled:PORT_16801
"19738:TCP" = 19738:TCP:*:Enabled:PORT_19738
"55813:TCP" = 55813:TCP:*:Enabled:PORT_55813
"26332:TCP" = 26332:TCP:*:Enabled:PORT_26332
"61652:TCP" = 61652:TCP:*:Enabled:PORT_61652
"6473:TCP" = 6473:TCP:*:Enabled:PORT_6473
"14723:TCP" = 14723:TCP:*:Enabled:PORT_14723
"50121:TCP" = 50121:TCP:*:Enabled:PORT_50121
"43001:TCP" = 43001:TCP:*:Enabled:PORT_43001
"35617:TCP" = 35617:TCP:*:Enabled:PORT_35617
"46891:TCP" = 46891:TCP:*:Enabled:PORT_46891
"54338:TCP" = 54338:TCP:*:Enabled:PORT_54338
"7700:TCP" = 7700:TCP:*:Enabled:PORT_7700
"55578:TCP" = 55578:TCP:*:Enabled:PORT_55578
"37829:TCP" = 37829:TCP:*:Enabled:PORT_37829
"8289:TCP" = 8289:TCP:*:Enabled:PORT_8289
"31930:TCP" = 31930:TCP:*:Enabled:PORT_31930
"41261:TCP" = 41261:TCP:*:Enabled:PORT_41261
"64360:TCP" = 64360:TCP:*:Enabled:PORT_64360
"20867:TCP" = 20867:TCP:*:Enabled:PORT_20867
"48969:TCP" = 48969:TCP:*:Enabled:PORT_48969
"46938:TCP" = 46938:TCP:*:Enabled:PORT_46938
"24848:TCP" = 24848:TCP:*:Enabled:PORT_24848
"48386:TCP" = 48386:TCP:*:Enabled:PORT_48386
"42735:TCP" = 42735:TCP:*:Enabled:PORT_42735
"52496:TCP" = 52496:TCP:*:Enabled:PORT_52496
"15098:TCP" = 15098:TCP:*:Enabled:PORT_15098
"7707:TCP" = 7707:TCP:*:Enabled:PORT_7707
"9114:TCP" = 9114:TCP:*:Enabled:PORT_9114
"37532:TCP" = 37532:TCP:*:Enabled:PORT_37532
"34626:TCP" = 34626:TCP:*:Enabled:PORT_34626
"50793:TCP" = 50793:TCP:*:Enabled:PORT_50793
"47715:TCP" = 47715:TCP:*:Enabled:PORT_47715
"55980:TCP" = 55980:TCP:*:Enabled:PORT_55980
"13461:TCP" = 13461:TCP:*:Enabled:PORT_13461
"7524:TCP" = 7524:TCP:*:Enabled:PORT_7524
"7273:TCP" = 7273:TCP:*:Enabled:PORT_7273
"46164:TCP" = 46164:TCP:*:Enabled:PORT_46164
"15520:TCP" = 15520:TCP:*:Enabled:PORT_15520
"46011:TCP" = 46011:TCP:*:Enabled:PORT_46011
"21691:TCP" = 21691:TCP:*:Enabled:PORT_21691
"48851:TCP" = 48851:TCP:*:Enabled:PORT_48851
"33055:TCP" = 33055:TCP:*:Enabled:PORT_33055
"23789:TCP" = 23789:TCP:*:Enabled:PORT_23789
"63574:TCP" = 63574:TCP:*:Enabled:PORT_63574
"59355:TCP" = 59355:TCP:*:Enabled:PORT_59355
"58606:TCP" = 58606:TCP:*:Enabled:PORT_58606
"24086:TCP" = 24086:TCP:*:Enabled:PORT_24086
"52066:TCP" = 52066:TCP:*:Enabled:PORT_52066
"55751:TCP" = 55751:TCP:*:Enabled:PORT_55751
"47914:TCP" = 47914:TCP:*:Enabled:PORT_47914
"13575:TCP" = 13575:TCP:*:Enabled:PORT_13575
"28520:TCP" = 28520:TCP:*:Enabled:PORT_28520
"9180:TCP" = 9180:TCP:*:Enabled:PORT_9180
"33242:TCP" = 33242:TCP:*:Enabled:PORT_33242
"41461:TCP" = 41461:TCP:*:Enabled:PORT_41461
"33246:TCP" = 33246:TCP:*:Enabled:PORT_33246
"40090:TCP" = 40090:TCP:*:Enabled:PORT_40090
"17653:TCP" = 17653:TCP:*:Enabled:PORT_17653
"32367:TCP" = 32367:TCP:*:Enabled:PORT_32367
"46598:TCP" = 46598:TCP:*:Enabled:PORT_46598
"17305:TCP" = 17305:TCP:*:Enabled:PORT_17305
"31836:TCP" = 31836:TCP:*:Enabled:PORT_31836
"48340:TCP" = 48340:TCP:*:Enabled:PORT_48340
"59324:TCP" = 59324:TCP:*:Enabled:PORT_59324
"23148:TCP" = 23148:TCP:*:Enabled:PORT_23148
"57223:TCP" = 57223:TCP:*:Enabled:PORT_57223
"62148:TCP" = 62148:TCP:*:Enabled:PORT_62148
"49776:TCP" = 49776:TCP:*:Enabled:PORT_49776
"20254:TCP" = 20254:TCP:*:Enabled:PORT_20254
"35013:TCP" = 35013:TCP:*:Enabled:PORT_35013
"9426:TCP" = 9426:TCP:*:Enabled:PORT_9426
"26406:TCP" = 26406:TCP:*:Enabled:PORT_26406
"17566:TCP" = 17566:TCP:*:Enabled:PORT_17566
"17528:TCP" = 17528:TCP:*:Enabled:PORT_17528
"20251:TCP" = 20251:TCP:*:Enabled:PORT_20251
"41845:TCP" = 41845:TCP:*:Enabled:PORT_41845
"25204:TCP" = 25204:TCP:*:Enabled:PORT_25204
"23414:TCP" = 23414:TCP:*:Enabled:PORT_23414
"54918:TCP" = 54918:TCP:*:Enabled:PORT_54918
"33798:TCP" = 33798:TCP:*:Enabled:PORT_33798
"29883:TCP" = 29883:TCP:*:Enabled:PORT_29883
"32840:TCP" = 32840:TCP:*:Enabled:PORT_32840
"64490:TCP" = 64490:TCP:*:Enabled:PORT_64490
"39751:TCP" = 39751:TCP:*:Enabled:PORT_39751
"49211:TCP" = 49211:TCP:*:Enabled:PORT_49211
"11055:TCP" = 11055:TCP:*:Enabled:PORT_11055
"11234:TCP" = 11234:TCP:*:Enabled:PORT_11234
"19473:TCP" = 19473:TCP:*:Enabled:PORT_19473
"39080:TCP" = 39080:TCP:*:Enabled:PORT_39080
"18829:TCP" = 18829:TCP:*:Enabled:PORT_18829
"31707:TCP" = 31707:TCP:*:Enabled:PORT_31707
"57461:TCP" = 57461:TCP:*:Enabled:PORT_57461
"45305:TCP" = 45305:TCP:*:Enabled:PORT_45305
"7129:TCP" = 7129:TCP:*:Enabled:PORT_7129
"22727:TCP" = 22727:TCP:*:Enabled:PORT_22727
"18406:TCP" = 18406:TCP:*:Enabled:PORT_18406
"34386:TCP" = 34386:TCP:*:Enabled:PORT_34386
"49061:TCP" = 49061:TCP:*:Enabled:PORT_49061
"22338:TCP" = 22338:TCP:*:Enabled:PORT_22338
"45270:TCP" = 45270:TCP:*:Enabled:PORT_45270
"57325:TCP" = 57325:TCP:*:Enabled:PORT_57325
"54091:TCP" = 54091:TCP:*:Enabled:PORT_54091
"58638:TCP" = 58638:TCP:*:Enabled:PORT_58638
"44226:TCP" = 44226:TCP:*:Enabled:PORT_44226
"53395:TCP" = 53395:TCP:*:Enabled:PORT_53395
"17176:TCP" = 17176:TCP:*:Enabled:PORT_17176
"47813:TCP" = 47813:TCP:*:Enabled:PORT_47813
"57593:TCP" = 57593:TCP:*:Enabled:PORT_57593
"9754:TCP" = 9754:TCP:*:Enabled:PORT_9754
"47236:TCP" = 47236:TCP:*:Enabled:PORT_47236
"18847:TCP" = 18847:TCP:*:Enabled:PORT_18847
"5751:TCP" = 5751:TCP:*:Enabled:PORT_5751
"25818:TCP" = 25818:TCP:*:Enabled:PORT_25818
"33711:TCP" = 33711:TCP:*:Enabled:PORT_33711
"37939:TCP" = 37939:TCP:*:Enabled:PORT_37939
"51902:TCP" = 51902:TCP:*:Enabled:PORT_51902
"11404:TCP" = 11404:TCP:*:Enabled:PORT_11404
"61261:TCP" = 61261:TCP:*:Enabled:PORT_61261
"43351:TCP" = 43351:TCP:*:Enabled:PORT_43351
"55961:TCP" = 55961:TCP:*:Enabled:PORT_55961
"61195:TCP" = 61195:TCP:*:Enabled:PORT_61195
"65460:TCP" = 65460:TCP:*:Enabled:PORT_65460
"35653:TCP" = 35653:TCP:*:Enabled:PORT_35653
"20486:TCP" = 20486:TCP:*:Enabled:PORT_20486
"39633:TCP" = 39633:TCP:*:Enabled:PORT_39633
"29976:TCP" = 29976:TCP:*:Enabled:PORT_29976
"51298:TCP" = 51298:TCP:*:Enabled:PORT_51298
"10496:TCP" = 10496:TCP:*:Enabled:PORT_10496
"41254:TCP" = 41254:TCP:*:Enabled:PORT_41254
"42398:TCP" = 42398:TCP:*:Enabled:PORT_42398
"52598:TCP" = 52598:TCP:*:Enabled:PORT_52598
"65305:TCP" = 65305:TCP:*:Enabled:PORT_65305
"14481:TCP" = 14481:TCP:*:Enabled:PORT_14481
"55106:TCP" = 55106:TCP:*:Enabled:PORT_55106
"30258:TCP" = 30258:TCP:*:Enabled:PORT_30258
"51016:TCP" = 51016:TCP:*:Enabled:PORT_51016
"60922:TCP" = 60922:TCP:*:Enabled:PORT_60922
"37305:TCP" = 37305:TCP:*:Enabled:PORT_37305
"33742:TCP" = 33742:TCP:*:Enabled:PORT_33742
"25445:TCP" = 25445:TCP:*:Enabled:PORT_25445
"32117:TCP" = 32117:TCP:*:Enabled:PORT_32117
"15168:TCP" = 15168:TCP:*:Enabled:PORT_15168
"51816:TCP" = 51816:TCP:*:Enabled:PORT_51816
"6145:TCP" = 6145:TCP:*:Enabled:PORT_6145
"11070:TCP" = 11070:TCP:*:Enabled:PORT_11070
"23848:TCP" = 23848:TCP:*:Enabled:PORT_23848
"62551:TCP" = 62551:TCP:*:Enabled:PORT_62551
"51048:TCP" = 51048:TCP:*:Enabled:PORT_51048
"27582:TCP" = 27582:TCP:*:Enabled:PORT_27582
"12851:TCP" = 12851:TCP:*:Enabled:PORT_12851
"42191:TCP" = 42191:TCP:*:Enabled:PORT_42191
"33988:TCP" = 33988:TCP:*:Enabled:PORT_33988
"58285:TCP" = 58285:TCP:*:Enabled:PORT_58285
"18910:TCP" = 18910:TCP:*:Enabled:PORT_18910
"32160:TCP" = 32160:TCP:*:Enabled:PORT_32160
"47170:TCP" = 47170:TCP:*:Enabled:PORT_47170
"9133:TCP" = 9133:TCP:*:Enabled:PORT_9133
"48008:TCP" = 48008:TCP:*:Enabled:PORT_48008
"22575:TCP" = 22575:TCP:*:Enabled:PORT_22575
"41728:TCP" = 41728:TCP:*:Enabled:PORT_41728
"39903:TCP" = 39903:TCP:*:Enabled:PORT_39903
"15727:TCP" = 15727:TCP:*:Enabled:PORT_15727
"63333:TCP" = 63333:TCP:*:Enabled:PORT_63333
"28020:TCP" = 28020:TCP:*:Enabled:PORT_28020
"65480:TCP" = 65480:TCP:*:Enabled:PORT_65480
"59626:TCP" = 59626:TCP:*:Enabled:PORT_59626
"14907:TCP" = 14907:TCP:*:Enabled:PORT_14907
"51961:TCP" = 51961:TCP:*:Enabled:PORT_51961
"53039:TCP" = 53039:TCP:*:Enabled:PORT_53039
"10723:TCP" = 10723:TCP:*:Enabled:PORT_10723
"22461:TCP" = 22461:TCP:*:Enabled:PORT_22461
"40216:TCP" = 40216:TCP:*:Enabled:PORT_40216
"32113:TCP" = 32113:TCP:*:Enabled:PORT_32113
"51851:TCP" = 51851:TCP:*:Enabled:PORT_51851
"12598:TCP" = 12598:TCP:*:Enabled:PORT_12598
"42363:TCP" = 42363:TCP:*:Enabled:PORT_42363
"56039:TCP" = 56039:TCP:*:Enabled:PORT_56039
"11602:TCP" = 11602:TCP:*:Enabled:PORT_11602
"17070:TCP" = 17070:TCP:*:Enabled:PORT_17070
"6031:TCP" = 6031:TCP:*:Enabled:PORT_6031
"7176:TCP" = 7176:TCP:*:Enabled:PORT_7176
"32658:TCP" = 32658:TCP:*:Enabled:PORT_32658
"52226:TCP" = 52226:TCP:*:Enabled:PORT_52226
"8520:TCP" = 8520:TCP:*:Enabled:PORT_8520
"61811:TCP" = 61811:TCP:*:Enabled:PORT_61811
"15129:TCP" = 15129:TCP:*:Enabled:PORT_15129
"25063:TCP" = 25063:TCP:*:Enabled:PORT_25063
"37633:TCP" = 37633:TCP:*:Enabled:PORT_37633
"33938:TCP" = 33938:TCP:*:Enabled:PORT_33938
"6617:TCP" = 6617:TCP:*:Enabled:PORT_6617
"57305:TCP" = 57305:TCP:*:Enabled:PORT_57305
"28404:TCP" = 28404:TCP:*:Enabled:PORT_28404
"55266:TCP" = 55266:TCP:*:Enabled:PORT_55266
"8645:TCP" = 8645:TCP:*:Enabled:PORT_8645
"9395:TCP" = 9395:TCP:*:Enabled:PORT_9395
"61945:TCP" = 61945:TCP:*:Enabled:PORT_61945
"20551:TCP" = 20551:TCP:*:Enabled:PORT_20551
"33805:TCP" = 33805:TCP:*:Enabled:PORT_33805
"37289:TCP" = 37289:TCP:*:Enabled:PORT_37289
"43836:TCP" = 43836:TCP:*:Enabled:PORT_43836
"21344:TCP" = 21344:TCP:*:Enabled:PORT_21344
"30922:TCP" = 30922:TCP:*:Enabled:PORT_30922
"38226:TCP" = 38226:TCP:*:Enabled:PORT_38226
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-2778-5BED-8199-52EB14D8D22F}" = F-Secure CCF Reputation
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}" = Family Tree Maker 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{658FDBCA-B7A1-43E4-A849-9F0812473331}" = Computer Security 12.83.104.0 (release)
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6D4E3662-A321-4D98-84B8-934229348575}" = F-Secure Network CCF 1.02.128
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A932ABFB-1AC4-4FBF-9954-B710CABE3482}" = BCL easyConverter SDK 3 (Word Version)
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E36439A3-5F71-45B7-B515-7C79AF6A64B8}" = F-Secure CCF Scanning 1.23.124.8831 (release)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F90F7024-28DA-4EDE-9553-0B134EEC9434}" = Online Safety 2.83.1329.952
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDA0DD0-F899-4529-917C-16ADEA6550B9}" = Charter Security Suite
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 Free Solitaire_is1" = 123 Free Solitaire v10.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DAO 3.5" = DAO 3.5
"Defraggler" = Defraggler
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Maker 2014" = Family Tree Maker 2014
"F-Secure ServiceEnabler 42626" = Charter Security Suite
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"HitmanPro37" = HitmanPro 3.7
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"Revo Uninstaller" = Revo Uninstaller 1.95
"Soft-Now bundle" = Soft-Now bundle
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/31/2014 4:41:14 PM | Computer Name = YOUR-4DACD0EA79 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.
 
Error - 5/31/2014 4:41:14 PM | Computer Name = YOUR-4DACD0EA79 | Source = Application Error | ID = 1000
Description = Faulting application hpbootop.exe, version 3.0.0.0, faulting module
 hpbootop.exe, version 3.0.0.0, fault address 0x00002f04.
 
Error - 5/31/2014 4:42:57 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Anti-Virus | ID = 103
Description =
 
Error - 5/31/2014 5:12:56 PM | Computer Name = YOUR-4DACD0EA79 | Source = Application Error | ID = 1001
Description = Fault bucket 299511532.
 
Error - 6/1/2014 7:10:33 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Anti-Virus | ID = 103
Description =
 
Error - 6/1/2014 7:29:28 PM | Computer Name = YOUR-4DACD0EA79 | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\Seagate\SeagateManager\ManagerApp\stxmanager.exe
 for one of the following reasons:   there is a problem with the network connection,
 the disk that the file is stored on, or the storage   drivers installed on this computer;
 or the disk is missing.   Windows closed the program Seagate Manager because of this
 error.    Program: Seagate Manager  File: C:\Program Files\Seagate\SeagateManager\ManagerApp\stxmanager.exe

The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER.  4. If the problem persists, restore the file from a backup
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C000009C  Disk
 type: 3
 
Error - 6/1/2014 7:36:28 PM | Computer Name = YOUR-4DACD0EA79 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
 0.0.0.0, fault address 0x783320f9.
 
Error - 6/1/2014 8:57:33 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Anti-Virus | ID = 103
Description =
 
Error - 6/1/2014 9:11:23 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Anti-Virus | ID = 103
Description =
 
Error - 6/3/2014 6:28:14 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Anti-Virus | ID = 103
Description =
 
[ System Events ]
Error - 6/3/2014 10:22:09 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:22:29 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:23:51 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:24:36 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:25:35 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:26:19 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:27:01 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 10:31:42 PM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 6/3/2014 11:41:47 PM | Computer Name = YOUR-4DACD0EA79 | Source = F-Secure Gatekeeper | ID = 327681
Description =
 
Error - 6/4/2014 12:24:54 AM | Computer Name = YOUR-4DACD0EA79 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
 
< End of report >


  • 0

Advertisements

#2
grumpygrampy
Posted 05 June 2014 - 05:58 PM

grumpygrampy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

A new issue; I think a virus has taken contact list from hotmail account and is sending out emails.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP