[jshull]

I have noticed recently that my HP Pavillion laptop is slow to boot up. It seems that it doesn't get to normal speed until Trend Micro antivirus software has loaded...often 2-3 minutes after turning the laptop on. From my limited research, I keep seeing a theme about checking the hijack log. I have already performed the disk clean up and degrag functions, and have scanned with Trend recently.

here is my log...not sure if this is what you need:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:25 PM, on 2/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Documents and Settings\test\Temporary Internet Files\Content.IE5\NIYDZ8CJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...Fix/tgctlsr.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://ra.53.com/Ci...ca32/icaweb.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.3.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197830139984
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 13641 bytes


Thanks!

[schrauber]

Hello and :welcome: to 247Fixes.com

My name is Thomas and I will be helping you. (Tom is fine, if you like.)

You may want to keep the link to this topic in your favourites. Alternatively, you can click the http://i517.photobucket.com/albums/u338/Eextremeboy/watch247pic.jpg button at the top bar of this topic and choose the notification you wish and click Proceed. Your subscription will be added and the topics you are subscribed/tracked to can be found in your Control Panel on this page

Please take note of the following guidelines:

• In the meantime, please refrain from making any changes to your computer.
  
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
  
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  
• Old topics are closed after 3-5 days with no reply, and working topics are closed after 5-7 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  
• Finally, please reply using the http://i517.photobucket.com/albums/u338/Eextremeboy/addreply_icon247.jpg button in the lower left hand corner of your screen.

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
  
  
• Save it to your desktop.
  
• Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  
• Push the Quick Scan button.
  
• Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized

[jshull]

Thomas -
I have pasted both reports here...one first then the next.

Thanks for your help!

John


REPORT 1, OTL

OTL logfile created on: 2/5/2010 8:14:20 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\test\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 20.01 Gb Free Space | 20.19% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0CDC4F5844
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/05 20:13:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
PRC - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/09/02 20:42:48 | 001,144,072 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OE.exe
PRC - [2009/09/02 20:42:48 | 001,020,248 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/09/02 20:42:48 | 000,689,416 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/09/02 20:42:48 | 000,497,008 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/02 20:42:48 | 000,492,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2009/09/02 20:42:48 | 000,345,352 | ---- | M] () -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/09/02 20:42:47 | 000,715,368 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/17 10:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/17 10:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/08 05:38:14 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/01 11:05:42 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/01 11:05:42 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 14:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:27 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2008/04/13 19:12:27 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/20 01:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/07/20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/07/19 17:14:20 | 000,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/27 21:31:34 | 000,102,400 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
PRC - [2006/06/19 13:33:12 | 000,163,840 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/06/17 00:22:46 | 000,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/04 00:58:26 | 000,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2006/03/22 15:17:50 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/03/22 15:17:04 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2006/03/22 15:13:40 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/01/19 08:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005/09/24 10:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/08/11 18:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/09/03 03:58:48 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe


========== Modules (SafeList) ==========

MOD - [2010/02/05 20:13:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2009/09/02 20:42:51 | 000,128,264 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 17:09:25 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/11/13 13:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/02 20:42:48 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/09/02 20:42:48 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/02 20:42:48 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/09/02 20:42:47 | 000,715,368 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/23 18:57:57 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/01 11:05:42 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/18 10:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/04/13 19:12:27 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2008/04/13 19:12:27 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/07/20 20:38:26 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/06/12 15:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/02 17:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2006/01/19 08:22:20 | 000,049,152 | ---- | M] (Pinnacle Systems) [Auto | Running] -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/10/06 20:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/05/03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005/04/04 02:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/02 20:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/02 20:14:56 | 000,000,000 | ---D | M]

[2008/07/12 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Extensions
[2008/07/12 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/12/28 17:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o5smxid3.default\extensions
[2009/12/28 17:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/04 16:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/02/04 16:26:34 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/02/04 16:26:36 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/02/04 16:26:41 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/02/04 16:26:52 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/02/04 16:26:55 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll

O1 HOSTS File: ([2006/03/15 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...Fix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://ra.53.com/Ci...ca32/icaweb.cab (Citrix ICA Client)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1197830139984 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 23:11:39 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/01/24 20:03:30 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{034f9058-d6c0-11dd-bb62-0018dec55114}\Shell\AutoRun\command - "" = F:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{6b1103d3-c1b6-11dd-bb24-0018dec55114}\Shell\AutoRun\command - "" = G:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell - "" = AutoRun
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{eaa9053b-5027-11dd-9921-0018dec55114}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/12/11 23:20:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56016913389584384)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/05 20:13:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2010/02/04 22:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/23 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/23 17:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/05 21:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/11/23 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2008/02/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/16 12:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/11 23:34:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2007/12/11 22:54:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/11 22:54:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/12/11 22:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/09/24 10:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/05 20:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/05 20:13:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2010/02/05 19:48:59 | 000,001,253 | ---- | M] () -- C:\hpqp.ini
[2010/02/05 19:47:44 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/05 19:47:21 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/05 19:47:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 19:47:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/05 19:47:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/05 19:47:14 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/05 00:11:24 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\test\NTUSER.DAT
[2010/02/05 00:11:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\test\ntuser.ini
[2010/02/04 22:29:52 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\test\Desktop\HiJackThis.lnk
[2010/02/04 22:21:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/04 21:54:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 21:39:23 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/02 00:02:08 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Generic label.zdl
[2010/02/01 23:46:49 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010/01/31 11:57:54 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/31 11:56:34 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 15:27:18 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Word.lnk
[2010/01/24 14:12:44 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Weekly Menu for jan 4.doc
[2010/01/23 09:56:53 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 22:29:52 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\test\Desktop\HiJackThis.lnk
[2010/02/04 22:21:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/02 00:02:07 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Generic label.zdl
[2009/11/23 19:19:39 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/10/14 23:24:33 | 000,004,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2009/10/14 21:58:13 | 000,003,198 | ---- | C] () -- C:\Documents and Settings\test\Application Data\xobni_install.log
[2009/06/18 08:23:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2009/06/18 08:23:18 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2008/09/10 21:15:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2008/09/08 23:54:56 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/09/08 23:23:17 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008/09/08 23:11:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/09/08 23:11:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/09/08 23:11:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/09/08 23:11:38 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/09/08 23:11:38 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/08/20 22:11:20 | 000,000,460 | ---- | C] () -- C:\Program Files\HP Pavilion Webcam.lnk
[2008/08/14 19:38:40 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\test\Application Data\wklnhst.dat
[2008/05/09 21:49:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/18 22:18:42 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\test\Application Data\ViewerApp.dat
[2008/04/18 21:21:27 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/04/18 21:02:33 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/02/10 16:27:23 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/16 19:00:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/12/16 09:23:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/15 13:46:57 | 000,003,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/15 11:37:06 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/12/15 09:51:36 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/12 13:00:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\FnF4.txt
[2007/12/11 23:30:11 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\fusioncache.dat
[2007/12/11 23:30:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\DSwitch.txt
[2007/12/11 23:30:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\AtStart.txt
[2007/12/11 23:30:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\QSwitch.txt
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/12 02:29:34 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 02:25:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 02:10:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 01:57:52 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/06 05:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 14:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:49:18 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/15 23:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/03/15 23:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/03/15 23:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/03/15 23:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/03/15 23:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/03/04 02:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 13:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 13:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/06/07 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2008/12/01 21:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/02/22 10:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/09/08 23:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/09/08 23:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2008/09/09 00:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/07/12 10:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/05 21:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2009/12/05 21:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/10/15 00:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/09/21 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/12/26 21:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\GARMIN
[2009/01/28 23:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\ICAClient
[2007/12/15 12:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Leadertech
[2008/12/01 22:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\muvee Technologies
[2009/10/14 21:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\OpenCandy
[2008/09/09 00:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Pinnacle Systems
[2008/03/02 22:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Research In Motion
[2008/07/06 16:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Smith Micro
[2008/12/14 19:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Snapfish
[2008/08/14 19:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Template
[2008/07/12 10:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\TomTom
[2008/05/09 22:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\W Photo Studio Viewer
[2009/12/05 21:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Western Digital

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/03/15 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2006/03/15 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/25 15:25:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/25 15:25:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2006/03/15 23:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/25 15:25:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/25 15:25:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 04:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 04:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/15 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/03/15 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< >
< End of report >


















REPORT 2, Extras
OTL Extras logfile created on: 2/5/2010 8:14:20 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\test\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 20.01 Gb Free Space | 20.19% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0CDC4F5844
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{28F451B0-44E5-48C0-8706-84114249F5B4}" = LightScribe 1.4.109.1
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}" = First Step Guide
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.6.2.1586
"VZAccess Manager" = VZAccess Manager
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"XobniMain" = Xobni
"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/27/2010 8:25:05 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
inetcomm.dll, version 6.0.2900.5579, fault address 0x000148c1.

Error - 1/30/2010 5:39:10 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application studio.exe, version 10.8.0.4641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2010 5:42:33 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2010 5:42:45 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application studio.exe, version 10.8.0.4641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/31/2010 3:35:11 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x000045ea.

Error - 1/31/2010 3:40:46 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application studio.exe, version 10.8.0.4641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2010 8:33:37 PM | Computer Name = YOUR-0CDC4F5844 | Source = ESENT | ID = 490
Description = svchost (1824) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/3/2010 12:23:14 AM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 8:55:11 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 9:09:14 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
inetcomm.dll, version 6.0.2900.5579, fault address 0x000148c1.

[ System Events ]
Error - 2/1/2010 5:54:15 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro Unauthorized
Change Prevention Service service to connect.

Error - 2/1/2010 5:54:15 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Unauthorized Change Prevention Service service failed
to start due to the following error: %%1053

Error - 2/1/2010 8:32:43 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service
service to connect.

Error - 2/1/2010 8:32:43 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Proxy Service service failed to start due to the following
error: %%1053

Error - 2/3/2010 12:17:56 AM | Computer Name = YOUR-0CDC4F5844 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/5/2010 8:49:29 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/5/2010 8:49:29 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 2/5/2010 8:49:29 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 2/5/2010 8:53:50 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service
service to connect.

Error - 2/5/2010 8:53:50 PM | Computer Name = YOUR-0CDC4F5844 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro Proxy Service service failed to start due to the following
error: %%1053


< End of report >

[schrauber]

Hi,


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of [B]Java Runtime Environment (JRE) Version 6[/B] and save it to your desktop.
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on [B]Add/Remove Programs[/B] and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.

Download and Run StartupLite

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.

• Download StartupLite.exe by MalwareBytes to your desktop.
  
• Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  
• A list of unecessary startup entries will be compiled.
  
• Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  
• Leave all the items as Disabled and click Continue.
  
• Restart your computer once it's done.

Please download TFC by Old Timer and save it to your desktop.
alternate download link

• Save any unsaved work. TFC will close ALL open programs including your browser!
  
• Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  
• Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  
• Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.





Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  03 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  

• Then click the Run Fix button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

[jshull]

I followed the steps (apparently successfully), and here is the output of the OTL Run Fix.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 02062010_134710

[schrauber]

And the follow up scan from OTL ? :)

[jshull]

Sorry, I didn't completely understand the OTL requirements. I am still seeing a slow start up with my laptop, but we're obviously not done yet. Here is the reply:



OTL logfile created on: 2/8/2010 10:31:19 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\test\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.09 Gb Total Space | 22.42 Gb Free Space | 22.62% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.35 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-0CDC4F5844
Current User Name: test
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\test\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\test\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (MSSQL$PINNACLESYS) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (MSMQTriggers) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (MSMQ) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (PinnacleSys.MediaServer) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (Pinnacle Systems)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (SQLAgent$PINNACLESYS) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (SolFS) -- C:\WINDOWS\system32\drivers\solfs.sys (EldoS Corporation)
DRV - (SolDisk) -- C:\WINDOWS\system32\drivers\soldisk.sys (EldoS Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co,LTD.)
DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co,LTD.)
DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co,LTD.)
DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co,LTD.)
DRV - (PinnacleMarvinAVS) -- C:\WINDOWS\system32\drivers\MarvinAVS.sys (Pinnacle a division of Avid Technology, Inc.)
DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (5U870CAP_VID_1262&PID_25FD) -- C:\WINDOWS\system32\drivers\5U870CAP.sys (Ricoh)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (PinnacleMarvinUSB) -- C:\WINDOWS\system32\drivers\MarvinUsb.sys (Pinnacle Systems)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 23:15:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/02 20:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/02 20:14:56 | 000,000,000 | ---D | M]

[2008/07/12 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Extensions
[2008/07/12 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/12/28 17:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o5smxid3.default\extensions
[2009/07/08 11:15:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\o5smxid3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/06 14:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/04 16:27:08 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/04 16:27:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009/02/04 16:26:34 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/02/04 16:26:36 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/02/04 16:26:41 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/02/04 16:26:52 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/02/04 16:26:55 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/02/06 13:22:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/02/04 16:27:23 | 000,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/12/18 03:18:30 | 000,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/12/02 20:14:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/02 20:14:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/02 20:14:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/02 20:14:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/02 20:14:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/02 20:14:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/02 20:14:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/02/04 16:27:38 | 000,001,514 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/04 16:27:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/04 16:27:38 | 000,001,038 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/04 16:27:38 | 000,001,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/04 16:27:38 | 000,002,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/04 16:27:38 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/03/15 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\dvdtray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...Fix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://ra.53.com/Ci...ca32/icaweb.cab (Citrix ICA Client)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1197830139984 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\test\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/08 23:11:39 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/01/24 20:03:30 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{034f9058-d6c0-11dd-bb62-0018dec55114}\Shell\AutoRun\command - "" = F:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{6b1103d3-c1b6-11dd-bb24-0018dec55114}\Shell\AutoRun\command - "" = G:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell - "" = AutoRun
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6dacbaa-e20c-11de-beb4-0018dec55114}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{eaa9053b-5027-11dd-9921-0018dec55114}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/06 13:47:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/06 13:27:54 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\TFC.exe
[2010/02/06 13:26:02 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\test\Desktop\StartUpLite.exe
[2010/02/06 13:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/06 13:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\.SunDownloadManager
[2010/02/05 20:13:00 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2009/12/23 17:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/12/23 17:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/12/05 21:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/11/23 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Xobni
[2008/02/01 18:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/16 12:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/12/11 23:34:06 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2007/12/11 22:54:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/11 22:54:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/12/11 22:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/09/24 10:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/02/08 22:19:49 | 000,001,479 | ---- | M] () -- C:\hpqp.ini
[2010/02/08 19:15:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/08 18:39:35 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/08 18:39:00 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/08 18:38:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/08 18:38:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/08 18:38:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/08 18:38:53 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:50:49 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\test\NTUSER.DAT
[2010/02/07 22:50:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\test\ntuser.ini
[2010/02/07 15:52:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Word.lnk
[2010/02/07 07:49:00 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/06 20:32:58 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/06 20:30:20 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/02/06 13:28:12 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\TFC.exe
[2010/02/06 13:26:16 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\test\Desktop\StartUpLite.exe
[2010/02/06 13:22:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/05 23:31:09 | 000,088,064 | ---- | M] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 21:09:20 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Picture Manager.lnk
[2010/02/05 21:09:13 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Powerpoint.lnk
[2010/02/05 20:13:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\test\Desktop\OTL.exe
[2010/02/04 22:21:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/04 21:54:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 00:02:08 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Generic label.zdl
[2010/02/01 23:46:49 | 000,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2010/01/24 14:12:44 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Weekly Menu for jan 4.doc
[2010/01/17 20:08:04 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Restoring sound driver.url
[2010/01/13 22:47:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 21:51:58 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\test\Desktop\Excel.lnk
[2010/01/11 16:09:43 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\test\My Documents\Presentation1.ppt

========== Files Created - No Company Name ==========

[2010/02/04 22:21:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/02 00:02:07 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Generic label.zdl
[2010/01/11 16:09:34 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\test\My Documents\Presentation1.ppt
[2009/11/23 19:19:39 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/10/14 23:24:33 | 000,004,907 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyr
[2009/10/14 21:58:13 | 000,003,198 | ---- | C] () -- C:\Documents and Settings\test\Application Data\xobni_install.log
[2009/06/18 08:23:19 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TmProxy.ini
[2009/06/18 08:23:18 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TmPfw.ini
[2008/09/10 21:15:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DVResampleru.dll
[2008/09/08 23:54:56 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/09/08 23:23:17 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008/09/08 23:11:39 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/09/08 23:11:39 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/09/08 23:11:39 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/09/08 23:11:38 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/09/08 23:11:38 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/08/20 22:11:20 | 000,000,460 | ---- | C] () -- C:\Program Files\HP Pavilion Webcam.lnk
[2008/08/14 19:38:40 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\test\Application Data\wklnhst.dat
[2008/05/09 21:49:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/18 22:18:42 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\test\Application Data\ViewerApp.dat
[2008/04/18 21:21:27 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/04/18 21:02:33 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/02/10 16:27:23 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/16 19:00:26 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/12/16 09:23:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/12/15 13:46:57 | 000,003,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/15 11:37:06 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/12/15 09:51:36 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/12 13:00:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\FnF4.txt
[2007/12/11 23:30:11 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\fusioncache.dat
[2007/12/11 23:30:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\DSwitch.txt
[2007/12/11 23:30:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\AtStart.txt
[2007/12/11 23:30:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\test\Local Settings\Application Data\QSwitch.txt
[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/12 02:29:34 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 02:25:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 02:10:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 01:57:52 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/06 05:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 14:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 13:49:18 | 000,001,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:46:56 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 13:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/04 02:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/06 13:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

[schrauber]

How is it running now? :)

[jshull]

Seems like it's a little faster now, but still takes about 3 minutes to be ready while the Trend Micro icon shows that it is still loading. Once it converts to "Protected by Trend Micro", then the speed is fine.

[schrauber]

I think you should switch to another av-program to check. Did you buy a license for TrendMicro?

[jshull]

Yes. Is there another one that you recommend?

[schrauber]

When you are able to reinstall Trend Micros, it would be a good idea to uninstall it temporary and install a free version.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


System running better?

[schrauber]

This thread is being closed due to inactivity. If you would like it to be reopened please contact me or another member of the Moderating Team.

As always, we thank you for using 247fixes. Thank you, and have a great day!