Hi pwgib,
I have disabled Tea Timer, installed Avira Antivirus, MWB and OTL and have run the scans you requested. The logs from those scans appear below. The day after my initial Avira scan, Avira detected an additional infection while operating in Guard Mode. This detection occurred after the Avira and MWB scans, but before the OTL scan. Here is the test from the event log for that detection:
Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O40STXOT\2[1].htm.
Action performed: Deny access
I took no action on this detection so the infected file still exists in the form in which it was detected.
AVIRA LOG:
Avira AntiVir Personal
Report file date: Wednesday, December 16, 2009 13:37
Scanning for 1452463 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FRED
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 17:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:33:57
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 19:33:57
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 19:33:57
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 19:33:57
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 19:33:57
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 19:33:57
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 19:33:57
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 19:33:57
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 19:33:57
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 19:33:57
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 19:33:57
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 19:33:57
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 19:33:57
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 19:33:58
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 19:33:58
VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 19:33:58
VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 19:33:58
VBASE018.VDF : 7.10.1.248 2048 Bytes 12/15/2009 19:33:58
VBASE019.VDF : 7.10.1.249 2048 Bytes 12/15/2009 19:33:59
VBASE020.VDF : 7.10.1.250 2048 Bytes 12/15/2009 19:33:59
VBASE021.VDF : 7.10.1.251 2048 Bytes 12/15/2009 19:33:59
VBASE022.VDF : 7.10.1.252 2048 Bytes 12/15/2009 19:33:59
VBASE023.VDF : 7.10.1.253 2048 Bytes 12/15/2009 19:33:59
VBASE024.VDF : 7.10.1.254 2048 Bytes 12/15/2009 19:33:59
VBASE025.VDF : 7.10.1.255 2048 Bytes 12/15/2009 19:33:59
VBASE026.VDF : 7.10.2.0 2048 Bytes 12/15/2009 19:33:59
VBASE027.VDF : 7.10.2.1 2048 Bytes 12/15/2009 19:33:59
VBASE028.VDF : 7.10.2.2 2048 Bytes 12/15/2009 19:33:59
VBASE029.VDF : 7.10.2.3 2048 Bytes 12/15/2009 19:33:59
VBASE030.VDF : 7.10.2.4 2048 Bytes 12/15/2009 19:33:59
VBASE031.VDF : 7.10.2.11 96256 Bytes 12/16/2009 19:34:00
Engineversion : 8.2.1.114
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 13:38:52
AESCRIPT.DLL : 8.1.3.3 586106 Bytes 12/16/2009 19:34:02
AESCN.DLL : 8.1.3.0 127348 Bytes 12/16/2009 19:34:01
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 13:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/16/2009 19:34:01
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 13:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 13:38:38
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 12/16/2009 19:34:01
AEHELP.DLL : 8.1.9.0 237943 Bytes 12/16/2009 19:34:00
AEGEN.DLL : 8.1.1.81 369014 Bytes 12/16/2009 19:34:00
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 13:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 12/16/2009 19:34:00
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 13:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 21:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 18:25:47
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Wednesday, December 16, 2009 13:37
Starting search for hidden objects.
'52336' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'S3apphk.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '66' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\381beve2.exe.bac_a00328
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Chris\.housecall6.6\Quarantine\381beve2.exe.bac_a00328
[DETECTION] Is the TR/Dldr.Zlob.pea.1 Trojan
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\7z87a7rv.exe.bac_a00328
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Chris\.housecall6.6\Quarantine\7z87a7rv.exe.bac_a00328
[DETECTION] Is the TR/Agent.zvh Trojan
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\ciq94k8t.exe.bac_a01292
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\e5e0nu51.exe.bac_a00328
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Chris\.housecall6.6\Quarantine\e5e0nu51.exe.bac_a00328
[DETECTION] Is the TR/Agent.zvh Trojan
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\llxfnkho.exe.bac_a00328
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Chris\.housecall6.6\Quarantine\llxfnkho.exe.bac_a00328
--> Object
[DETECTION] Is the TR/Dldr.Zlob.AC.8.A Trojan
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\sii8z2lt.exe.bac_a01292
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-2f51254e.zip
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.A.41 exploit
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.A.39 exploit
C:\Documents and Settings\Owner\Desktop\SpyInstall.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Program Files\HPSelect\hp learning adventure.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP478\A0050345.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>
D:\I386\APPS\APP18716\App18716.exe
[0] Archive type: ZIP SFX (self extracting)
--> hp/tmp/Desktop.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> hp/tmp/hp learning adventure.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
Beginning disinfection:
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\381beve2.exe.bac_a00328
[NOTE] The file was moved to '4b5a4af9.qua'!
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\7z87a7rv.exe.bac_a00328
[NOTE] The file was moved to '4b614b3b.qua'!
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\ciq94k8t.exe.bac_a01292
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was moved to '4b9a4b2b.qua'!
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\e5e0nu51.exe.bac_a00328
[NOTE] The file was moved to '4b8e4af7.qua'!
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\llxfnkho.exe.bac_a00328
[NOTE] The file was moved to '4ba14b2e.qua'!
C:\Documents and Settings\Chris\.housecall6.6\Quarantine\sii8z2lt.exe.bac_a01292
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was moved to '4b924b2b.qua'!
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-2f51254e.zip
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.A.41 exploit
[NOTE] The file was moved to '4b964b38.qua'!
C:\Documents and Settings\Owner\Desktop\SpyInstall.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4ba24b32.qua'!
C:\Program Files\HPSelect\hp learning adventure.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to '4b494b33.qua'!
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP478\A0050345.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b594af3.qua'!
D:\I386\APPS\APP18716\App18716.exe
[NOTE] The file was moved to '4b994b33.qua'!
End of the scan: Wednesday, December 16, 2009 15:01
Used time: 1:24:00 Hour(s)
The scan has been done completely.
6468 Scanned directories
373928 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
11 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
373913 Files not concerned
22416 Archives were scanned
2 Warnings
13 Notes
52336 Objects were scanned with rootkit scan
0 Hidden objects were found
MWB LOG:
Malwarebytes' Anti-Malware 1.42
Database version: 3360
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
12/16/2009 11:52:32 PM
mbam-log-2009-12-16 (23-52-32).txt
Scan type: Quick Scan
Objects scanned: 119540
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL LOG:
OTL logfile created on: 12/17/2009 6:56:54 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.52 Mb Total Physical Memory | 179.59 Mb Available Physical Memory | 35.18% Memory free
864.73 Mb Paging File | 535.01 Mb Available in Paging File | 61.87% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.36 Gb Total Space | 35.54 Gb Free Space | 67.87% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.91 Gb Free Space | 18.76% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FRED
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2009/12/17 06:55:20 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
PRC - [2009/12/16 21:41:32 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/28 22:31:38 | 00,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/05/12 15:18:56 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/10/31 12:38:50 | 00,442,368 | ---- | M] (Home) -- C:\Program Files\Desktop Calendar\Desktop Calendar.exe
PRC - [2002/03/15 23:51:02 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\S3apphk.exe
PRC - [2002/03/14 11:25:00 | 00,102,455 | ---- | M] (VERITAS Software, Inc.) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2002/03/12 04:28:06 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2002/03/12 04:20:02 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2001/07/06 21:56:56 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\KBD.EXE
PRC - [1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
========== Modules (SafeList) ========== MOD - [2009/12/17 06:55:20 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
MOD - [2002/03/15 23:51:02 | 00,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3appdll.dll
MOD - [2001/10/04 16:50:08 | 00,040,820 | ---- | M] (SoundMAX) -- C:\WINDOWS\system32\Syncor11.dll
========== Win32 Services (SafeList) ========== SRV - [2009/11/06 09:20:16 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/04/02 17:21:54 | 00,131,072 | ---- | M] (Sprint Spectrum, L.L.C) [Disabled | Stopped] -- C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService)
SRV - [2004/03/18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/03/09 17:53:00 | 00,061,440 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
========== Driver Services (SafeList) ========== DRV - [2009/07/28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 12:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/09 08:52:08 | 00,037,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/02/22 16:26:46 | 00,071,168 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2007/01/12 13:26:42 | 00,102,144 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2004/08/03 23:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/22 08:05:12 | 00,051,088 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004/06/22 08:05:12 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/06/22 08:05:12 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/04/03 17:24:26 | 00,459,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2002/03/27 16:17:20 | 00,069,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2002/03/27 16:17:10 | 00,087,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2002/03/27 16:16:08 | 00,077,181 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/03/26 19:20:22 | 00,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/20 23:35:56 | 00,144,860 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)
DRV - [2002/03/19 03:18:26 | 00,187,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/14 11:25:00 | 00,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/03/14 11:25:00 | 00,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/03/14 11:25:00 | 00,052,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/03/14 11:25:00 | 00,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/03/14 11:25:00 | 00,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/03/14 11:25:00 | 00,013,847 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/03/14 11:25:00 | 00,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/03/14 11:25:00 | 00,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/03/14 11:25:00 | 00,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/03/09 17:53:00 | 00,909,501 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/26 10:02:00 | 00,016,288 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2002/02/15 11:21:00 | 00,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/02/12 10:56:00 | 00,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/01/29 01:04:04 | 00,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/01/29 01:03:18 | 00,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/12/27 04:52:58 | 00,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/07 22:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 22:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2001/08/08 14:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 14:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 14:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 14:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 14:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 14:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 14:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 14:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 14:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 14:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 14:00:00 | 00,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://srch-us5.hpwis.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://srch-us5.hpwis.com/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\S-1-5-21-3410288154-3383965429-2669302297-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.google.com/" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 21:41:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 21:41:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/24 09:52:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/17 14:04:53 | 00,000,000 | ---D | M]
[2008/09/08 13:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2009/12/16 13:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ig68gkx.default\extensions
[2008/06/01 09:59:19 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ig68gkx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2008/12/29 16:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ig68gkx.default\extensions\LogMeInClient@logmein(2).com
[2009/01/24 10:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\3ig68gkx.default\extensions\LogMeInClient@logmein.com
[2008/09/09 04:39:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 11:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
O1 HOSTS File: (291955 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10055 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe (Home)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\NPJPI150_09.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3410288154-3383965429-2669302297-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53}
http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71}
http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B}
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3}
http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/microsoftupdat...b?1231274630796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1231274614687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}
https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/19 22:16:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2009/12/17 06:55:16 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/12/16 13:27:31 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/12/16 13:27:31 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/16 13:27:31 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/12/16 13:27:31 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/12/16 13:27:26 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/12/16 13:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/12/16 13:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/12/14 16:04:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\Malwarebytes
[2009/12/14 16:04:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/14 16:04:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/14 16:04:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/14 16:04:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 21:59:23 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Chris\Desktop\RootRepeal.exe
[2009/12/01 13:56:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/11/19 23:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Downloads
[2008/09/17 18:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/07/04 10:05:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/02/19 15:10:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2002/04/19 22:19:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2009/12/17 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/12/17 06:55:20 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2009/12/17 06:01:46 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/17 06:00:39 | 00,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/17 06:00:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/17 06:00:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/17 06:00:07 | 53,539,2256 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 23:54:14 | 07,340,032 | ---- | M] () -- C:\Documents and Settings\Chris\ntuser.dat
[2009/12/16 23:54:14 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2009/12/16 23:53:46 | 06,418,728 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\IconCache.db
[2009/12/16 23:37:58 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Word.lnk
[2009/12/16 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2009/12/16 22:02:08 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Delivery List for Thursday 12-17.doc
[2009/12/16 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2009/12/16 21:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2009/12/16 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2009/12/16 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2009/12/16 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009/12/16 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009/12/16 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009/12/16 15:00:01 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009/12/16 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009/12/16 13:28:12 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/12/16 13:07:54 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Truck Loading Chart.xls
[2009/12/16 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009/12/16 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/12/16 08:41:19 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\To Do 12-16-09.doc
[2009/12/16 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/12/16 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009/12/16 00:16:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/16 00:00:02 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Appliance Parts Needed.xls
[2009/12/15 15:40:15 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Delivery List for Saturday 12-19.doc
[2009/12/15 12:29:37 | 00,000,087 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Fisher Paykel Dryer DE05-US2 - Appliance Service Manual Requests - Do-It-Yourself Appliance Repair Help - ApplianceGuru.com .URL
[2009/12/15 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/12/15 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/12/15 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/12/14 16:04:10 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 16:02:48 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\firefox hijack removal.doc
[2009/12/13 10:15:14 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\GE Profile Dryer 549.doc
[2009/12/11 08:19:27 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Jim's list for 12-11.doc
[2009/12/10 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/12/08 15:20:31 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Notes for Board Meeting.doc
[2009/12/08 13:10:30 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Bing Maps.URL
[2009/12/06 09:21:41 | 00,000,748 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Ad Copy.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 22:03:05 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\settings.dat
[2009/12/01 21:59:23 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Chris\Desktop\RootRepeal.exe
[2009/12/01 21:47:21 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/11/30 10:34:58 | 02,784,361 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Use and Care Guide - 8535541.pdf
[2009/11/30 10:32:37 | 00,881,478 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Installation Instructions - 8573158.pdf
[2009/11/30 10:30:49 | 01,452,939 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Repair Part List - 8194240.pdf
[2009/11/28 09:21:54 | 00,104,567 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2009/11/28 09:21:16 | 00,000,675 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/20 20:14:50 | 00,002,471 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Microsoft Excel.lnk
[2009/11/19 23:04:16 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2009/11/19 22:49:14 | 00,358,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/19 22:49:14 | 00,312,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/19 22:49:14 | 00,040,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/18 11:43:55 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/18 11:33:03 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FVIR Water Heater Troubleshooting.prn
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/16 13:28:12 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/12/15 23:09:03 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\To Do 12-16-09.doc
[2009/12/15 12:29:37 | 00,000,087 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Fisher Paykel Dryer DE05-US2 - Appliance Service Manual Requests - Do-It-Yourself Appliance Repair Help - ApplianceGuru.com .URL
[2009/12/14 16:04:10 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/14 16:02:46 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\firefox hijack removal.doc
[2009/12/13 10:15:13 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\GE Profile Dryer 549.doc
[2009/12/10 20:43:49 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Jim's list for 12-11.doc
[2009/12/08 15:20:31 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Notes for Board Meeting.doc
[2009/12/08 13:10:30 | 00,000,063 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Bing Maps.URL
[2009/12/06 09:21:41 | 00,000,748 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Ad Copy.lnk
[2009/12/01 21:59:36 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\settings.dat
[2009/12/01 21:47:20 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2009/11/30 10:34:56 | 02,784,361 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Use and Care Guide - 8535541.pdf
[2009/11/30 10:32:36 | 00,881,478 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Installation Instructions - 8573158.pdf
[2009/11/30 10:30:45 | 01,452,939 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Repair Part List - 8194240.pdf
[2009/11/19 23:04:16 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\housecall.guid.cache
[2009/11/18 11:43:55 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/11/18 11:33:03 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FVIR Water Heater Troubleshooting.prn
[2009/03/22 16:26:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SMMVSplitter.INI
[2009/03/22 13:48:47 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2009/03/22 13:48:32 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/28 16:07:40 | 00,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/28 16:06:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2009/02/28 16:06:56 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/02/28 14:30:08 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/09 08:52:08 | 00,037,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/09 23:21:22 | 00,002,162 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2007/02/19 12:16:35 | 00,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2007/02/19 11:31:11 | 00,000,106 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/19 11:18:18 | 00,002,642 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/02/19 09:41:40 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/25 21:23:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/20 18:16:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/04/20 18:16:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/04/20 00:28:06 | 00,000,449 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/20 00:19:46 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/19 23:25:32 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/04/19 22:20:31 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/19 22:12:23 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/04/19 22:04:05 | 00,000,666 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/29 19:49:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/27 15:37:52 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/03/12 04:25:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/08/31 23:33:58 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 14:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Chris\My Documents\USB Wireless Adapter Manual.zip:SummaryInformation
< End of report >
OTL EXTRAS LOG:
OTL Extras logfile created on: 12/17/2009 6:56:54 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.52 Mb Total Physical Memory | 179.59 Mb Available Physical Memory | 35.18% Memory free
864.73 Mb Paging File | 535.01 Mb Available in Paging File | 61.87% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.36 Gb Total Space | 35.54 Gb Free Space | 67.87% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.91 Gb Free Space | 18.76% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: FRED
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3410288154-3383965429-2669302297-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = HP DLA
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{31F60389-C3FA-4C7D-86C5-225937ACA63A}" = TaxCut Wisconsin 2008
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{33AE85D9-0386-41AD-BD99-FDF3ABC19DBB}" =
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{6DCBB845-0FA4-4723-A40A-1F320C221C30}" = Sprint Mobile Broadband (Sierra)
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 845G Chipset Graphics Driver Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Desktop Calendar_is1" = Desktop Calendar 0.42b
"EPSON Printer and Utilities" = EPSON Printer Software
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OLYMPUS CAMEDIA Master 1.0" = OLYMPUS CAMEDIA Master 1.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SolveigMM Video Splitter" = SolveigMM Video Splitter
"TaxCut Premium 2006" = TaxCut Premium 2006
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3410288154-3383965429-2669302297-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 5.4.0" = Juniper Networks Cache Cleaner 5.4.0
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/9/2009 8:21:03 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: dBase Files - Word, ODBC error 6: Component not found in the
registry. Verify that the file dBase Files - Word exists and that you can access
it.
Error - 6/9/2009 8:21:03 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: FoxPro Files - Word, ODBC error 6: Component not found in the
registry. Verify that the file FoxPro Files - Word exists and that you can access
it.
Error - 6/9/2009 8:21:25 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: MS Access Database, ODBC error 6: Component not found in the
registry. Verify that the file MS Access Database exists and that you can access
it.
Error - 6/9/2009 8:21:26 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: dBASE Files, ODBC error 6: Component not found in the registry.
Verify that the file dBASE Files exists and that you can access it.
Error - 6/9/2009 8:21:27 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: Excel Files, ODBC error 6: Component not found in the registry.
Verify that the file Excel Files exists and that you can access it.
Error - 6/9/2009 8:21:28 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: Visual FoxPro Database, ODBC error 6: Component not found in
the registry. Verify that the file Visual FoxPro Database exists and that you can
access it.
Error - 6/9/2009 8:21:29 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: Visual FoxPro Tables, ODBC error 6: Component not found in the
registry. Verify that the file Visual FoxPro Tables exists and that you can access
it.
Error - 6/9/2009 8:21:30 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: dBase Files - Word, ODBC error 6: Component not found in the
registry. Verify that the file dBase Files - Word exists and that you can access
it.
Error - 6/9/2009 8:21:31 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11919
Description = Product: Microsoft Office 2000 Professional -- Error 1919. Error configuring
ODBC data source: FoxPro Files - Word, ODBC error 6: Component not found in the
registry. Verify that the file FoxPro Files - Word exists and that you can access
it.
Error - 6/10/2009 8:21:33 AM | Computer Name = FRED | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.
[ System Events ]
Error - 12/16/2009 7:00:00 PM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402
Error - 12/16/2009 8:00:00 PM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402
Error - 12/16/2009 9:00:00 PM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402
Error - 12/16/2009 10:00:00 PM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402
Error - 12/16/2009 11:00:01 PM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402
Error - 12/17/2009 | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402
Error - 12/17/2009 1:00:00 AM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402
Error - 12/17/2009 8:00:36 AM | Computer Name = FRED | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 12/17/2009 8:00:36 AM | Computer Name = FRED | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 12/17/2009 9:00:00 AM | Computer Name = FRED | Source = Schedule | ID = 7901
Description = The At8.job command failed to start due to the following error: %%2147942402
< End of report >