OTL logfile created on: 10/17/2009 2:20:21 PM - Run 2 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\hal\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.23 Mb Total Physical Memory | 225.05 Mb Available Physical Memory | 44.02% Memory free 1.22 Gb Paging File | 0.74 Gb Available in Paging File | 60.87% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 29.01 Gb Free Space | 74.26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 109.99 Gb Total Space | 98.33 Gb Free Space | 89.40% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FA3BB7C228E Current User Name: hal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/10/17 11:59:30 | 00,064,899 | ---- | M] () -- C:\WINDOWS\System32\servises.exe PRC - [2009/10/17 11:59:25 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe PRC - [2009/10/16 20:22:29 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hal\Desktop\OTL.exe PRC - [2009/08/10 17:06:16 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/08/10 17:06:16 | 00,761,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe PRC - [2009/08/10 17:06:16 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/08/10 17:06:16 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/08/10 17:06:16 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/08/10 17:06:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/04/14 01:42:20 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2003/04/06 01:06:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2003/04/06 00:45:10 | 00,307,200 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe PRC - [2001/08/23 04:00:00 | 00,148,992 | ---- | M] (MainConcept CO,.@ FileDescription) -- C:\WINDOWS\System32\wmdtc.exe PRC - [2001/08/23 04:00:00 | 00,069,632 | ---- | M] (keurjqulkblyiq) -- C:\WINDOWS\System32\lsm32.sys [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (UPS [On_Demand | Stopped]) SRV - File not found -- -- (SysmonLog [On_Demand | Stopped]) SRV - File not found -- -- (SCardSvr [On_Demand | Stopped]) SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped]) SRV - File not found -- -- (NVSvc [Auto | Stopped]) SRV - File not found -- -- (MSIServer [On_Demand | Stopped]) SRV - File not found -- -- (mnmsrvc [On_Demand | Stopped]) SRV - File not found -- -- (MDM [Auto | Stopped]) SRV - File not found -- -- (fastnetsrv [Auto | Stopped]) SRV - File not found -- -- (dmadmin [On_Demand | Stopped]) SRV - File not found -- -- (COMSysApp [On_Demand | Stopped]) SRV - File not found -- -- (CiSvc [On_Demand | Stopped]) SRV - [2009/08/10 17:06:16 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) SRV - [2009/08/10 17:06:16 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2008/04/14 01:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2001/08/23 04:00:00 | 00,045,568 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\BtwSrv.dll -- (BtwSrv [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.google.ca/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/10 20:23:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/10 12:31:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/16 18:07:13 | 00,000,000 | ---D | M] [2009/08/10 21:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\mozilla\Extensions [2009/08/10 21:01:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/10/16 18:07:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\mozilla\Firefox\Profiles\spcr6sqe.default\extensions [2009/10/16 13:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\mozilla\Firefox\Profiles\spcr6sqe.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/17 12:49:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/10 12:31:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/10/16 18:07:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/09/10 12:31:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/09/10 12:31:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/07/31 15:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/09/10 12:31:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/08/10 21:21:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/08/14 10:31:28 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/08/14 10:31:28 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/08/14 10:31:28 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/08/14 10:31:28 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/08/14 10:31:28 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/08/14 10:31:28 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/08/14 10:31:28 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (319159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10946 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [17378] C:\WINDOWS\System32\6.tmp.exe File not found O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation) O4 - HKLM..\Run: [servises] C:\WINDOWS\System32\servises.exe () O4 - HKCU..\Run: [servises] C:\WINDOWS\System32\servises.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) F3 - HKCU WinNT: Load - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found F3 - HKCU WinNT: Run - (C:\WINDOWS\fonts\services.exe) - C:\WINDOWS\fonts\services.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/09 23:10:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/08/10 15:53:35 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009/08/10 21:49:17 | 00,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{52f7f75e-8621-11de-93ca-001d6a45e9e1}\Shell\AutoRun\command - "" = F:\umenu.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: BtwSrv - C:\WINDOWS\System32\BtwSrv.dll (X-Ways Software Technology) NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/10/16 19:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/10/16 19:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS [2009/10/16 12:37:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/16 19:58:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2009/10/06 15:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009/10/16 12:47:23 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/10/17 11:34:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/10/16 20:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/10/17 11:35:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/10/16 20:25:06 | 00,040,960 | ---- | C] (Doug Knox) -- C:\Documents and Settings\hal\Desktop\SysRestorePoint.exe [2009/10/16 20:23:22 | 00,294,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hal\Desktop\TFC.exe [2009/10/16 20:22:28 | 00,543,232 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hal\Desktop\OTL.exe [2009/10/16 20:18:47 | 00,495,104 | ---- | C] ( ) -- C:\Documents and Settings\hal\Desktop\RootRepeal.exe [2009/10/16 20:13:25 | 00,000,000 | -HSD | C] -- C:\Config.Msi [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [3 C:\WINDOWS\System32\*.tmp files] [2009/10/17 14:18:06 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/10/17 13:38:57 | 02,103,318 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\untitled.bmp [2009/10/17 12:01:47 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\settings.dat [2009/10/17 12:00:29 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zeivmwbw7.sys [2009/10/17 11:59:30 | 00,064,899 | ---- | M] () -- C:\WINDOWS\System32\servises.exe [2009/10/17 11:58:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/17 11:58:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/10/17 11:58:37 | 53,613,7728 | -HS- | M] () -- C:\hiberfil.sys [2009/10/17 11:34:48 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zjomyvigfpah3.sys [2009/10/17 11:34:28 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\NTREGOPT.lnk [2009/10/17 11:34:28 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\ERUNT.lnk [2009/10/17 11:34:24 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zxftrnvxgb5.sys [2009/10/16 20:27:15 | 00,267,040 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/10/16 20:27:15 | 00,017,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/10/16 20:27:15 | 00,005,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/10/16 20:27:15 | 00,002,732 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/10/16 20:25:06 | 00,040,960 | ---- | M] (Doug Knox) -- C:\Documents and Settings\hal\Desktop\SysRestorePoint.exe [2009/10/16 20:23:22 | 00,294,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hal\Desktop\TFC.exe [2009/10/16 20:22:29 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hal\Desktop\OTL.exe [2009/10/16 20:18:47 | 00,495,104 | ---- | M] ( ) -- C:\Documents and Settings\hal\Desktop\RootRepeal.exe [2009/10/16 20:14:13 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\HijackThis.lnk [2009/10/16 20:06:24 | 00,000,390 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2009/10/16 20:03:57 | 00,003,717 | ---- | M] () -- C:\rollback.ini [2009/10/16 19:50:22 | 00,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/10/16 18:32:37 | 00,000,808 | ---- | M] () -- C:\WINDOWS\System32\6454584.exe [2009/10/16 18:32:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SC.INS [2009/10/16 18:30:19 | 04,809,746 | -H-- | M] () -- C:\Documents and Settings\hal\Local Settings\Application Data\IconCache.db [2009/10/16 18:29:33 | 00,000,094 | ---- | M] () -- C:\WINDOWS\wininit.ini [2009/10/16 17:57:43 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zmipvhnsdybdo5.sys [2009/10/16 17:08:45 | 42,993,323 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/10/16 13:50:02 | 00,000,519 | ---- | M] () -- C:\hpfr3420.xml [2009/10/16 12:56:16 | 00,267,152 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\zaSetup_en.exe [2009/10/16 12:50:01 | 00,177,766 | ---- | M] () -- C:\Documents and Settings\hal\My Documents\cc_20091016_124948.reg [2009/10/16 12:47:26 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\hal\Desktop\CCleaner.lnk [2009/10/16 12:36:29 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/10/16 12:36:05 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\hal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/16 10:20:44 | 00,000,808 | ---- | M] () -- C:\WINDOWS\System32\3132898.exe [2009/10/16 09:39:01 | 00,033,037 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/10/15 12:41:07 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\hal\My Documents\Creativity Vignette (WriteUp).doc [2009/10/14 22:42:13 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\hal\My Documents\Innovation and Creativity.doc [2009/10/14 21:56:05 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\hal\My Documents\Appendix A.doc [2009/10/13 21:16:26 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1249953267.job [2009/10/13 16:14:58 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\hal\My Documents\CV09_10.doc [2009/10/12 23:56:10 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/10/06 15:22:37 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [color=#E56717]========== Files - No Company Name ==========[/color] [2009/10/17 13:38:57 | 02,103,318 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\untitled.bmp [2009/10/17 11:59:30 | 00,064,899 | ---- | C] () -- C:\WINDOWS\System32\servises.exe [2009/10/17 11:59:26 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zeivmwbw7.sys [2009/10/17 11:34:28 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\NTREGOPT.lnk [2009/10/17 11:34:28 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\ERUNT.lnk [2009/10/17 11:33:45 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zjomyvigfpah3.sys [2009/10/16 20:19:00 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\settings.dat [2009/10/16 20:14:13 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\HijackThis.lnk [2009/10/16 20:06:24 | 00,000,390 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2009/10/16 20:04:11 | 00,267,040 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/10/16 20:04:11 | 00,017,696 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/10/16 20:04:11 | 00,005,696 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/10/16 20:04:11 | 00,002,732 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/10/16 20:03:57 | 00,003,717 | ---- | C] () -- C:\rollback.ini [2009/10/16 19:50:32 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zxftrnvxgb5.sys [2009/10/16 18:32:37 | 00,000,808 | ---- | C] () -- C:\WINDOWS\System32\6454584.exe [2009/10/16 18:32:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SC.INS [2009/10/16 18:29:33 | 00,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/10/16 17:56:41 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zmipvhnsdybdo5.sys [2009/10/16 12:56:16 | 00,267,152 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\zaSetup_en.exe [2009/10/16 12:49:52 | 00,177,766 | ---- | C] () -- C:\Documents and Settings\hal\My Documents\cc_20091016_124948.reg [2009/10/16 12:47:26 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\hal\Desktop\CCleaner.lnk [2009/10/16 10:20:44 | 00,000,808 | ---- | C] () -- C:\WINDOWS\System32\3132898.exe [2009/10/14 22:59:23 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\hal\My Documents\Creativity Vignette (WriteUp).doc [2009/10/14 21:56:05 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\hal\My Documents\Appendix A.doc [2009/10/14 21:53:52 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\hal\My Documents\Innovation and Creativity.doc [2009/10/13 16:14:58 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\hal\My Documents\CV09_10.doc [2009/10/06 15:22:37 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2009/09/27 23:30:17 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009/08/11 14:31:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/08/11 14:31:34 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\hal\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/10 21:44:00 | 00,021,408 | ---- | C] () -- C:\Documents and Settings\hal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/10 21:09:17 | 00,000,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/08/10 21:07:11 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2009/08/10 19:57:05 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/08/10 09:08:47 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009/08/10 09:08:39 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2009/08/10 08:57:11 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2009/08/10 00:07:25 | 04,809,746 | -H-- | C] () -- C:\Documents and Settings\hal\Local Settings\Application Data\IconCache.db [2009/08/10 00:07:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2009/08/09 23:20:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\hal\Application Data\desktop.ini [2009/08/09 18:50:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/03/09 16:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2001/08/23 04:00:00 | 00,000,628 | ---- | C] () -- C:\WINDOWS\win.ini [2001/08/23 04:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2001/08/23 04:00:00 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys [color=#E56717]========== LOP Check ==========[/color] [2009/10/16 19:58:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/08/10 21:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/08/10 17:09:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/09/27 23:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2009/10/16 20:13:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/10/16 19:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS [2009/10/16 12:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/09/20 20:21:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\hal\Application Data [2009/08/10 20:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\Ahead [2009/09/27 23:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\DAEMON Tools Lite [2009/09/20 20:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\Sony [2009/09/20 20:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\Sony Setup [2009/10/16 12:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hal\Application Data\uTorrent [2001/08/23 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/10/13 21:16:26 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1249953267.job [2009/10/16 20:06:24 | 00,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2009/10/17 11:58:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/14 01:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [3 C:\WINDOWS\system32\*.tmp files] [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [2008/04/14 01:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll [3 C:\WINDOWS\system32\*.tmp files] < End of report >