i started a similar topic in computer help and discussion> software. was told to run some cleaner programs and post results. here they are:
mbam:
Malwarebytes' Anti-Malware 1.39
Database version: 2548
Windows 5.1.2600 Service Pack 2
8/3/2009 12:41:47 AM
mbam-log-2009-08-03 (00-41-47).txt
Scan type: Full Scan (C:\|)
Objects scanned: 173483
Time elapsed: 11 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
rooter:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 16 Model 4 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.2180
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:233 Go - Free:205 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 00:43.09
Path : C:\Documents and Settings\1poppa\Desktop\Rooter.exe
User : 1poppa ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (908)
______ \??\C:\WINDOWS\system32\csrss.exe (1004)
______ \??\C:\WINDOWS\system32\winlogon.exe (1040)
______ C:\WINDOWS\system32\services.exe (1084)
______ C:\WINDOWS\system32\lsass.exe (1096)
______ C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (1268)
______ C:\WINDOWS\system32\Ati2evxx.exe (1296)
______ C:\WINDOWS\system32\svchost.exe (1316)
______ C:\WINDOWS\system32\svchost.exe (1424)
______ C:\WINDOWS\System32\svchost.exe (1556)
______ C:\WINDOWS\System32\svchost.exe (1760)
______ C:\WINDOWS\system32\Ati2evxx.exe (1932)
______ C:\WINDOWS\System32\svchost.exe (1980)
______ C:\WINDOWS\system32\ZoneLabs\vsmon.exe (204)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (712)
______ C:\WINDOWS\system32\spoolsv.exe (768)
______ C:\WINDOWS\System32\svchost.exe (956)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (996)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1008)
______ C:\Program Files\Bonjour\mDNSResponder.exe (140)
______ C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (1276)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1672)
______ C:\WINDOWS\System32\svchost.exe (1668)
______ C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (884)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1480)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1512)
______ C:\WINDOWS\system32\SearchIndexer.exe (2352)
______ C:\WINDOWS\System32\wbem\unsecapp.exe (2828)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2852)
______ C:\WINDOWS\System32\alg.exe (2900)
______ C:\WINDOWS\Explorer.EXE (3432)
______ C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (3756)
______ C:\Program Files\PopUp Killer\popupkiller.EXE (3784)
______ C:\Program Files\QuickTime\qttask.exe (3792)
______ C:\Program Files\iTunes\iTunesHelper.exe (3812)
______ C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (3820)
______ C:\Program Files\iPod\bin\iPodService.exe (2076)
______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (3376)
______ C:\Program Files\Internet Explorer\iexplore.exe (5596)
______ C:\Documents and Settings\1poppa\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (784)
______ C:\Documents and Settings\1poppa\Desktop\Rooter.exe (5928)
.
----------------------\\ Device\Harddisk0\
WARNING : Unable to read MBR .. [ERROR_1381]
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\DriverCure.job
C:\WINDOWS\Tasks\HP Usg Daily FY04.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
C:\WINDOWS\Tasks\Reg Tool Scan.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\wrSpySweeper_LFEAD1F3A8EE64CEEA32E36407A8F57C9.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:43.12
.
C:\Rooter$\Rooter_2.txt - (03/08/2009 | 00:43.12)
rootrepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/03 00:45
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA860F000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA60A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: hjgruitfrahcgw.sys
Image Path: C:\WINDOWS\system32\drivers\hjgruitfrahcgw.sys
Address: 0xA890A000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA58E0000 Size: 49152 File Visible: No Signed: -
Status: -
Name: srescan.sys
Image Path: srescan.sys
Address: 0xB9DC6000 Size: 81920 File Visible: No Signed: -
Status: -
Name: wisx.sys
Image Path: C:\WINDOWS\system32\drivers\wisx.sys
Address: 0xA89A2000 Size: 61440 File Visible: No Signed: -
Status: -
Hidden Services
-------------------
Service Name: hjgruiuhhbogkv
Image Path: C:\WINDOWS\system32\drivers\hjgruitfrahcgw.sys
==EOF==
otl:
OTL logfile created on: 8/3/2009 12:02:27 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\1poppa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.80 Gb Total Space | 205.08 Gb Free Space | 87.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NAYNAYXII
Current User Name: 1poppa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\PopUp Killer\popupkiller.EXE (xFX JumpStart)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\1poppa\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\1poppa\Application Data\Microsoft\Internet Explorer\Quick Launch\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\1poppa\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\WINDOWS\System32\hpbpro.exe (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\WINDOWS\System32\hpboid.exe (Hewlett-Packard Company)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
========== Driver Services (SafeList) ==========
DRV - (AmdPPM [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rnpphc [Unknown | Running]) -- Service key not found. File not found
DRV - (RTHDMIAzAudService [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (srescan [Boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (USTORAGE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\UStorage.sys (USB Mass Storage.)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.go.com/
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\System32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/16 08:38:37 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE (xFX JumpStart)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247747668421 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C87ACE20-4BA7-11D4-AD69-0000F80020BC} http://intranet/pchelp/MTAppDwn.exe (MEDITECHAppDwnld)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.226 68.87.73.242
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (\ATI.ACE\CORE-STATIC) - File not found
O30 - LSA: Security Packages - (ft) - File not found
O30 - LSA: Security Packages - (corpora) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/01 18:37:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^1poppa^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^1poppa^Start Menu^Programs^Startup^Screen Saver Control.lnk - C:\WINDOWS\FSScrCtl.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe - (Nikon Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe File not found
MsConfig - StartUpReg: AVG8_TRAY - hkey= - key= - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: DriverCure - hkey= - key= - C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe (ParetoLogic)
MsConfig - StartUpReg: GEST - hkey= - key= - File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: HPHmon06 - hkey= - key= - File not found
MsConfig - StartUpReg: HPHUPD06 - hkey= - key= - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LiveMonitor - hkey= - key= - C:\Program Files\MSI\Live Update 3\LMonitor.exe ()
MsConfig - StartUpReg: MSI Live - hkey= - key= - C:\Program Files\MSI\MSI Live\SetWallpaper.exe ()
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SpySweeper - hkey= - key= - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/08/03 00:01:15 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1poppa\Desktop\OTL.exe
[2009/08/02 23:41:05 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\1poppa\Desktop\settings.dat
[2009/08/02 23:40:45 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\1poppa\Desktop\RootRepeal.zip
[2009/08/02 23:21:47 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\1poppa\Desktop\Rooter.exe
[2009/08/02 23:19:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/02 22:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\Malwarebytes
[2009/08/02 22:10:49 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 22:10:45 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/02 22:10:44 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 22:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/02 22:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/02 20:53:00 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1poppa\Desktop\TFC.exe
[2009/08/02 20:36:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/02 20:35:39 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\1poppa\Desktop\NTREGOPT.lnk
[2009/08/02 20:35:39 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\1poppa\Desktop\ERUNT.lnk
[2009/08/02 20:35:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/02 20:32:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\1poppa\Desktop\erunt-setup.exe
[2009/07/31 16:51:25 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/07/31 16:51:22 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/07/31 16:51:20 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2009/07/31 16:51:20 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/07/31 16:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/07/31 16:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/07/31 14:04:34 | 00,000,424 | ---- | C] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/07/31 14:04:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\Reg Tool
[2009/07/31 14:04:28 | 00,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Reg Tool.lnk
[2009/07/31 14:04:27 | 00,000,000 | ---D | C] -- C:\Program Files\Reg Tool
[2009/07/31 14:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2009/07/31 03:14:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\Apple Computer
[2009/07/31 03:14:22 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/07/31 03:14:22 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/07/31 03:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/31 03:14:14 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/31 03:14:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/31 03:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/31 03:13:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/07/31 02:59:58 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/07/30 15:45:38 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\1poppa\Desktop\RootRepeal.exe
[2009/07/30 13:51:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\recipes
[2009/07/30 13:36:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\Quake2
[2009/07/30 13:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\unusual_stuff
[2009/07/30 13:35:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\my_misc
[2009/07/30 13:35:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\Misc. videos2
[2009/07/30 13:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\Misc. videos
[2009/07/30 13:34:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Desktop\Misc. sounds
[2009/07/24 16:26:36 | 34,880,75776 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/24 14:15:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/07/24 10:01:00 | 00,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2009/07/24 09:58:11 | 00,000,000 | ---D | C] -- C:\Program Files\PopUp Killer
[2009/07/23 22:34:50 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/07/23 22:34:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/07/17 07:44:12 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/07/17 07:44:12 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/07/16 13:02:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\Aim
[2009/07/16 13:02:31 | 00,000,000 | ---D | C] -- C:\Program Files\AOD
[2009/07/16 12:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/07/16 12:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\MSN6
[2009/07/11 22:08:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\My Documents\filelib
[2009/07/11 22:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/07/11 22:07:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/11 22:07:26 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/07/08 11:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\1poppa\Application Data\Messenger
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/16 11:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 11:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2002/08/29 08:00:00 | 00,000,598 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[2009/08/03 00:01:20 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1poppa\Desktop\OTL.exe
[2009/08/02 23:41:05 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\1poppa\Desktop\settings.dat
[2009/08/02 23:40:49 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\1poppa\Desktop\RootRepeal.zip
[2009/08/02 23:21:47 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\1poppa\Desktop\Rooter.exe
[2009/08/02 22:19:40 | 00,550,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/02 22:19:40 | 00,462,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/02 22:19:40 | 00,078,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/02 22:15:48 | 00,350,191 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/02 22:15:46 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/02 22:15:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/02 22:15:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/02 22:15:17 | 00,151,824 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/08/02 22:15:14 | 34,880,75776 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/02 22:10:49 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/02 20:53:07 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1poppa\Desktop\TFC.exe
[2009/08/02 20:50:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily FY04.job
[2009/08/02 20:42:37 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\1poppa\Desktop\NTREGOPT.lnk
[2009/08/02 20:42:37 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\1poppa\Desktop\ERUNT.lnk
[2009/08/02 20:32:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\1poppa\Desktop\erunt-setup.exe
[2009/08/02 18:19:16 | 39,475,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/02 18:19:16 | 00,056,222 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/02 18:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/08/02 14:54:45 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/08/02 00:33:18 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/07/31 16:51:22 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/07/31 16:51:20 | 00,000,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ParetoLogic DriverCure.lnk
[2009/07/31 14:04:28 | 00,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Reg Tool.lnk
[2009/07/31 13:14:17 | 00,001,708 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LFEAD1F3A8EE64CEEA32E36407A8F57C9.job
[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\1poppa\Desktop\RootRepeal.exe
[2009/07/29 19:03:10 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RATmail.lnk
[2009/07/24 12:05:23 | 00,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/24 12:05:23 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/24 12:05:23 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/07/24 10:00:47 | 00,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2009/07/22 11:05:37 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2009/07/18 12:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/18 12:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/18 12:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 12:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/07/18 12:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/07/14 13:08:47 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/10 09:07:50 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== LOP Check ==========
[2009/08/02 22:10:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\1poppa\Application Data
[2009/07/16 13:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Aim
[2009/03/24 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\ATI
[2009/05/26 10:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Auslogics
[2009/03/24 08:54:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\DriverCure
[2009/02/11 14:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Image Zone Express
[2009/08/02 22:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Messenger
[2009/07/16 12:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\MSN6
[2009/03/02 18:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Nikon
[2009/02/04 22:02:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\OpenOffice.org
[2009/07/31 14:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Reg Tool
[2009/03/31 10:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Windows Desktop Search
[2009/02/02 12:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\1poppa\Application Data\Windows Search
[2009/08/02 22:10:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/26 13:06:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/31 03:14:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/05 17:21:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/03/24 10:54:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/07/31 16:51:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/03/02 18:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/07/16 12:59:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/03/02 18:14:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/24 08:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/02 18:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/07/11 22:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/31 03:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/14 13:08:47 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/07/18 12:53:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/31 16:51:22 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2009/08/02 20:50:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\HP Usg Daily FY04.job
[2009/08/02 18:00:00 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/08/02 00:33:18 | 00,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/08/02 14:54:45 | 00,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\Reg Tool Scan.job
[2009/08/02 22:15:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/31 13:14:17 | 00,001,708 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LFEAD1F3A8EE64CEEA32E36407A8F57C9.job
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >
< %TEMP%\antiwpa_crypt.dll >
< %TEMP%\antiwpa.dll /s >
< %PROGRAMFILES%\antiwpa.dll /s >
< %systemroot%\system32\crypt.dll >
< %TEMP%\crypt.dll >
< %SYSTEMDRIVE%\*. >
[2009/08/03 00:01:16 | 00,000,000 | ---D | M] -- C:
[2009/08/02 09:02:54 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2009/02/02 12:44:49 | 00,000,000 | ---D | M] -- C:\99415c750215ef802bcc
[2009/02/02 08:57:53 | 00,000,000 | ---D | M] -- C:\ATI
[2009/07/31 14:04:28 | 00,000,000 | -H-D | M] -- C:\Config.Msi
[2009/04/06 10:37:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2009/08/02 22:15:21 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/04/06 10:38:23 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/08/02 23:19:58 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/02/01 19:33:05 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/03/24 12:31:07 | 00,000,000 | ---D | M] -- C:\temp
[2009/08/02 22:07:56 | 00,000,000 | ---D | M] -- C:\WINDOWS
< %SYSTEMDRIVE%\*.* >
[2009/08/02 22:15:14 | 00,047,036 | ---- | M] () -- C:\aaw7boot.log
[2009/02/01 18:37:17 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/24 12:05:23 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/02/01 18:37:17 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/02 08:13:03 | 00,000,086 | ---- | M] () -- C:\csb.log
[2009/08/02 22:15:14 | 34,880,75776 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/01 18:37:17 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/01 18:37:17 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/01 19:29:33 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/01 19:29:33 | 00,250,032 | RHS- | M] () -- C:\ntldr
[2009/08/02 22:15:14 | 34,880,02048 | -HS- | M] () -- C:\pagefile.sys
[2009/02/02 08:11:10 | 00,000,955 | ---- | M] () -- C:\RHDSetup.log
[2009/08/02 23:55:33 | 00,002,610 | ---- | M] () -- C:\RootRepeal report 08-02-09 (23-55-33).txt
[2009/08/02 23:57:37 | 00,002,610 | ---- | M] () -- C:\RootRepeal report 08-02-09 (23-57-37).txt
< %PROGRAMFILES%\*. >
[2009/08/02 22:15:21 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/02/11 16:27:03 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/16 13:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/02/02 08:10:03 | 00,000,000 | ---D | M] -- C:\Program Files\AMD
[2009/07/16 13:02:31 | 00,000,000 | ---D | M] -- C:\Program Files\AOD
[2009/06/04 10:12:19 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/24 09:56:53 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/02/03 13:47:20 | 00,000,000 | ---D | M] -- C:\Program Files\Atomic Clock Sync
[2009/05/26 09:42:32 | 00,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2009/05/26 11:35:11 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/31 03:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/02/02 08:09:43 | 00,000,000 | ---D | M] -- C:\Program Files\Browser Configuration Utility
[2009/05/07 10:31:58 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/03/02 11:02:11 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2009/07/31 16:51:20 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/01 18:35:12 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/07/23 22:34:53 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/07/31 14:04:13 | 00,000,000 | ---D | M] -- C:\Program Files\Downloaded Installers
[2009/08/02 20:42:42 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/02/06 16:33:49 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/02/11 15:37:41 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/04/23 16:48:40 | 00,000,000 | ---D | M] -- C:\Program Files\hwmonitor
[2009/03/02 18:14:33 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/06 19:25:09 | 00,000,000 | ---D | M] -- C:\Program Files\internet explorer
[2009/07/31 03:14:16 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/31 03:14:22 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/02/04 22:01:49 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/02/04 23:37:24 | 00,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/05/26 13:06:38 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/08/02 22:13:41 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 11:45:43 | 00,000,000 | ---D | M] -- C:\Program Files\MEDITECH
[2009/02/02 13:00:30 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/02/01 18:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/01 19:30:15 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/02/02 12:45:02 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/28 20:43:41 | 00,000,000 | ---D | M] -- C:\Program Files\MSI
[2009/02/01 18:35:10 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/01 19:34:45 | 00,000,000 | ---D | M] -- C:\Program Files\msn gaming zone
[2009/04/06 11:59:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2009/02/12 09:51:12 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/02/02 12:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/02/01 19:29:47 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/02 18:14:17 | 00,000,000 | ---D | M] -- C:\Program Files\Nikon
[2009/04/06 19:17:25 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/02/04 23:37:21 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2009/02/03 20:09:40 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/31 16:51:20 | 00,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2009/03/02 18:23:59 | 00,000,000 | ---D | M] -- C:\Program Files\PictureProject In Touch Downloader
[2009/08/02 22:14:09 | 00,000,000 | ---D | M] -- C:\Program Files\PopUp Killer
[2009/06/04 10:13:35 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/02/02 08:12:50 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/02/02 12:44:57 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/31 14:04:41 | 00,000,000 | ---D | M] -- C:\Program Files\Reg Tool
[2009/03/28 20:39:18 | 00,000,000 | ---D | M] -- C:\Program Files\Setup Files
[2009/05/26 14:55:21 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/16 11:32:09 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/02/01 18:42:34 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/16 13:10:00 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/02/11 10:03:13 | 00,000,000 | ---D | M] -- C:\Program Files\Virtual Magnifying Glass
[2009/04/06 11:59:13 | 00,000,000 | ---D | M] -- C:\Program Files\Webroot
[2009/06/10 15:32:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/02/02 12:40:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/02 13:00:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/01 19:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/01 18:35:10 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/07/31 02:59:58 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/02/01 18:37:28 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/02 17:37:43 | 00,000,000 | ---D | M] -- C:\Program Files\Zone Labs
< %systemroot%\*.exe >
[2008/06/19 04:20:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2008/06/19 04:42:44 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2005/05/26 19:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2009/02/02 08:10:10 | 00,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[1998/10/29 16:45:06 | 00,306,688 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2009/07/24 10:00:47 | 00,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun507.exe
[2007/06/28 04:44:14 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2004/08/04 01:56:56 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2004/08/04 01:56:56 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2008/08/26 01:51:18 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2008/08/06 03:51:52 | 01,200,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtkUpd.exe
[2008/06/19 04:27:46 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2008/08/06 03:51:52 | 01,200,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2003/02/28 19:26:30 | 00,046,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2007/11/20 06:15:58 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2004/08/04 01:56:58 | 00,032,866 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2008/08/19 01:26:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2002/08/29 08:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2002/08/29 08:00:00 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_16.exe
[2002/08/29 08:00:00 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2002/08/29 08:00:00 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhelp.exe
[2004/08/04 01:56:58 | 00,283,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
< %systemroot%\system32\drivers\*.exe >
< %systemroot%\system32\drivers\*.dat >
< %systemroot%\system\*.exe >
< %PROGRAMFILES%\*.* >
< %APPDATA%\*.* >
[2009/02/02 02:27:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\1poppa\Application Data\desktop.ini
< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\1poppa\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NAYNAYXII
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\1poppa
LOGONSERVER=\\NAYNAYXII
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 16 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=16
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\1poppa\LOCALS~1\Temp
TMP=C:\DOCUME~1\1poppa\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=NAYNAYXII
USERNAME=1poppa
USERPROFILE=C:\Documents and Settings\1poppa
windir=C:\WINDOWS
< End of report >
otl extras:
OTL Extras logfile created on: 8/3/2009 12:02:27 AM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\1poppa\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.80 Gb Total Space | 205.08 Gb Free Space | 87.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NAYNAYXII
Current User Name: 1poppa
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7EB6D433-8D45-4BFD-B3E6-D2790DEAC795}" = Reg Tool
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF294F4-6A80-463E-8F68-E4D3A80147A4}" = PS8400
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 4.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live" = MSI Live
"MSI Live Update 3" = MSI Live Update 3
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"Product_Name" = PopUp Killer
"RAT" = MEDITECH RAT
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass 2.00
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"WMIinfo" = WMIinfo
"wmp11" = Windows Media Player 11
"Workstation3.x" = MEDITECH Workstation3.x
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 5/1/2009 10:02:21 AM | Computer Name = NAYNAYXII | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\1POPPA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 5/1/2009 10:02:21 AM | Computer Name = NAYNAYXII | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\1POPPA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 5/1/2009 10:02:21 AM | Computer Name = NAYNAYXII | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\1POPPA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 5/1/2009 10:02:21 AM | Computer Name = NAYNAYXII | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\1POPPA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 5/1/2009 10:02:21 AM | Computer Name = NAYNAYXII | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\1POPPA\RECENT\DESKTOP.INI> in
the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 5/2/2009 9:53:26 AM | Computer Name = NAYNAYXII | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
[ System Events ]
Error - 7/31/2009 1:13:03 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 7/31/2009 4:24:39 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/1/2009 1:52:32 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/1/2009 6:43:00 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/2/2009 5:31:35 AM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/2/2009 5:32:17 AM | Computer Name = NAYNAYXII | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00001018, parameter2 00000002, parameter3
00000000, parameter4 804f44be.
Error - 8/2/2009 8:52:56 AM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/2/2009 8:46:26 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/2/2009 10:07:53 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
Error - 8/2/2009 10:15:33 PM | Computer Name = NAYNAYXII | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\ide#cdromlite-on_dvdrw_sohw-1693s________________ks09____#5&13942378&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.
< End of report >
The gods too are fond of a joke.
- Aristotle
Full Version: hjgruixlqjomqr.dll is not a valid windows image.
hi
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to Combo-Fix as follows:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
----------------------------------------------------------- - Double click on combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
QUOTE (Rorschach112 @ Aug 4 2009, 06:42 PM) 
hi
Please download ComboFix from ...
Please download ComboFix from ...
tx for the fix. i'll run it... as soon as i'm able to boot my pc again!!! woke yesterday mornin to my wife telling me that the pc won't boot and wouldn't since the nite before. now, i'm flagged with 'windows\system32\config\system file corrupt or missing'. can this fix be d/l'd to this, my spare pc (as the c: drive), and then moved to the problem drive i've loaded on here via usb ext drive (as the e: drive) ? or is there some other way of loading this pgm onto an inaccessible drive? tx. steve
This President is going to lead us out of this recovery.
Dan Quayle
QUOTE (Rorschach112 @ Aug 4 2009, 06:42 PM)
hi
Please download ComboFix from ...
Please download ComboFix from ...
tx for the fix. i'll run it... as soon as i'm able to boot my pc again!!! woke yesterday mornin to my wife telling me that the pc won't boot and wouldn't since the nite before. now, i'm flagged with 'windows\system32\config\system file corrupt or missing'. can this fix be d/l'd to this, my spare pc (as the c: drive), and then moved to the problem drive i've loaded on here via usb ext drive (as the e: drive) ? or is there some other way of loading this pgm onto an inaccessible drive? tx. steve
This President is going to lead us out of this recovery.
Dan Quayle
if you cant boot at all then we will need to send you to a techie
Boot up the PC keep pressing F8, select Last Known Good Configuration
That get you in ?
Boot up the PC keep pressing F8, select Last Known Good Configuration
That get you in ?
QUOTE (Rorschach112 @ Aug 6 2009, 04:14 PM)
if you cant boot at all then we will need to send you to a techie
Boot up the PC keep pressing F8, select Last Known Good Configuration
That get you in ?
Boot up the PC keep pressing F8, select Last Known Good Configuration
That get you in ?
no, i can't even get that far. i have pulled it out and put into an ext drive case. can view all files in there but just won't boot. says that the system32\config\system file is corrupt or missing. i can see it, it is 56k lg, so not missing. must be corrupted. any suggestions on how to get it un-corrupted??? tx.
Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe.
-Albert Einstein
ok need a friend to fix that up for you
head over to 247Fixes.com post in the Windows XP forum there. Tell them I sent you over
Once they have you back up, return here
head over to 247Fixes.com post in the Windows XP forum there. Tell them I sent you over
Once they have you back up, return here
QUOTE (Rorschach112 @ Aug 7 2009, 10:40 AM)
ok need a friend to fix that up for you
head over to 247Fixes.com post in the Windows XP forum there. Tell them I sent you over
Once they have you back up, return here
head over to 247Fixes.com post in the Windows XP forum there. Tell them I sent you over
Once they have you back up, return here
tx, rorschach112, i am at work rt now. i have my drive out and in an ext drive. now, my user file is empty. I can't gain access to any of my user files, docs, pgm, anything. my user is dead in the water.
Some people are like Slinkys. They're really not good for much, but they bring a smile
to your face when pushed down the stairs.
- Unknown
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.