Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Commonpriv.log.lock - DDS *Updated properly*

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 10th, 2011, 4:13 pm

I keep having commonpriv.log.lock files occur and now my windows media player is acting up horribly as in when I start it, it freezes.

Edit: I cannot seem to get rid of the AVG 8.5 files either. Norton files are an issue as well.

EDIT again: I just uninstalled a p2p and updated my adobe reader and java, I'll post a new DDS in a few minutes.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 16:04:11.90 on Sun 04/10/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1788 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [OnScreenDisplay] "c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version ... Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-23 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl6b70919b;MpKsl6b70919b;c:\programdata\microsoft\microsoft antimalware\definition updates\{ab78d702-e6c9-4e21-82f9-d18b4f418851}\MpKsl6b70919b.sys [2011-4-10 28752]
R1 pfmfs_463;pfmfs_463;c:\windows\system32\drivers\pfmfs_463.sys [2011-2-13 191848]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-26 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-23 297752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-10 20:46:49 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ab78d702-e6c9-4e21-82f9-d18b4f418851}\MpKsl6b70919b.sys
2011-04-10 13:00:37 -------- d-----w- c:\users\owner\appdata\local\{6E96ED88-71FB-4520-A1AA-EAFD7F8A8315}
2011-04-10 07:58:32 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ab78d702-e6c9-4e21-82f9-d18b4f418851}\mpengine.dll
2011-04-10 00:59:27 -------- d-----w- c:\users\owner\appdata\local\{D8547161-8920-4837-ABD0-7CA907993FB0}
2011-04-09 12:58:43 -------- d-----w- c:\users\owner\appdata\local\{1354BFF2-F910-48BE-89FF-917AE11871B1}
2011-04-08 12:57:09 -------- d-----w- c:\users\owner\appdata\local\{98C68FD0-8DC9-4A51-9ECA-C7259355659B}
2011-04-08 02:20:09 -------- d-----w- c:\progra~2\IObit
2011-04-08 02:20:06 -------- d-----w- c:\program files\IObit
2011-04-08 01:42:59 -------- d-----w- c:\program files\Pcsx22
2011-04-08 00:56:13 -------- d-----w- c:\users\owner\appdata\local\{66F161CA-6528-463A-B0EC-308C66231D36}
2011-04-08 00:38:06 -------- d-----w- c:\users\owner\appdata\local\PCSX2
2011-04-08 00:37:47 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-04-08 00:37:47 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-04-08 00:37:47 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-04-08 00:37:47 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-04-08 00:37:46 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-04-08 00:37:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-04-08 00:37:46 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-04-08 00:37:45 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-04-08 00:34:28 -------- d-----w- c:\program files\PCSX2 0.9.7
2011-04-07 13:59:00 -------- d-----w- c:\program files\Pcsx2
2011-04-07 12:55:22 -------- d-----w- c:\users\owner\appdata\local\{36107787-F217-416F-992E-23E4A87CDB02}
2011-04-07 00:54:39 -------- d-----w- c:\users\owner\appdata\local\{46A39D81-43DF-4028-80EF-A534B711703D}
2011-04-06 12:53:43 -------- d-----w- c:\users\owner\appdata\local\{DA592E1B-B881-4476-A7A9-4FE90EF5202B}
2011-04-06 08:22:54 -------- d-----w- c:\users\owner\appdata\local\DDMSettings
2011-04-05 12:53:01 -------- d-----w- c:\users\owner\appdata\local\{3C827397-BA3C-4CC8-ADDE-AB88DB2AB3CB}
2011-04-05 10:48:03 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{0a514338-e332-4399-b7c5-b75399b86aea}\gapaengine.dll
2011-04-04 12:52:18 -------- d-----w- c:\users\owner\appdata\local\{4D4A7E16-D74E-4ED8-9B6B-BD9F64C486D6}
2011-04-04 00:51:37 -------- d-----w- c:\users\owner\appdata\local\{8734CAFD-FE00-4A9B-AC26-1E06F6679A4E}
2011-04-03 12:50:54 -------- d-----w- c:\users\owner\appdata\local\{D00A122C-6AE8-4936-8FF6-7048A75C4E47}
2011-04-03 00:50:09 -------- d-----w- c:\users\owner\appdata\local\{B0C5EE07-6C0D-4122-8E69-5C80B2EBA896}
2011-04-02 12:49:27 -------- d-----w- c:\users\owner\appdata\local\{979EB3FE-7C40-48FA-8B53-0840F8C72D4F}
2011-04-02 00:48:47 -------- d-----w- c:\users\owner\appdata\local\{51FC1826-1CC0-4522-890B-826337AE30C4}
2011-04-01 12:48:03 -------- d-----w- c:\users\owner\appdata\local\{C138E070-C31E-4A43-A76D-843CF52E1725}
2011-04-01 00:47:11 -------- d-----w- c:\users\owner\appdata\local\{881B1CA3-2F52-4941-A4AD-1860F8E58C8F}
2011-03-30 12:45:12 -------- d-----w- c:\users\owner\appdata\local\{6BA9DDDA-BA1D-4331-BCFB-EC52A2D6696E}
2011-03-30 00:44:20 -------- d-----w- c:\users\owner\appdata\local\{9FFEC2EB-CA6F-471F-93AE-134924FA547B}
2011-03-28 20:46:04 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-28 20:46:01 -------- d-----w- c:\program files\Trend Micro
2011-03-25 08:41:18 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-23 05:02:00 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 05:02:00 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 05:02:00 1068544 ----a-w- c:\windows\system32\DWrite.dll
.
==================== Find3M ====================
.
2011-04-10 20:54:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 16:05:16.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2008 5:49:51 AM
System Uptime: 4/10/2011 3:46:01 PM (1 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 59.95 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.992 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Software Update
Atheros Driver Installation Program
AVG Free 8.5
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
D3DX10
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dungeons & Dragons Online - Stormreach™ - Lamannia
DVD Suite
FLV Player 2.0 (build 25)
Google Chrome
GPL MPEG-1/2 DirectShow Decoder Filter
Guild Wars
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Heroes of Newerth
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Insurgency
Interlok driver setup x32
Java Auto Updater
Java(TM) 6 Update 24
LabelPrint
LightScribe System Software 1.10.13.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
NetWaiting
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Paint.NET v3.5.8
Pando Media Booster
PC Alarm Clock
Pismo File Mount Audit Package
Portal
Power2Go
PowerDirector
PSSWCORE
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rosetta Stone Version 3
SecureW2 EAP Suite 1.1.3 for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Skype Toolbars
Skype™ 5.1
Spybot - Search & Destroy
Steam
Synaptics Pointing Device Driver
Synergy
System Requirements Lab
SysTools File Restore
Team Fortress 2
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoToolkit01
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WeatherBug Gadget
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WolfTeam
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================


I was certain I uninstalled at least a third of those programs...


My antivirus removed on 03/21/11:

TrojanDownloader:java/OpenConnection.JS
Exploit:java/CVE-2010-0840.BJ

Those were the only 2 viruses on this laptop since October.
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm
Advertisement
Register to Remove

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby askey127 » April 13th, 2011, 7:08 am

Hi Itsannoying,
----------------------------------------------
You can download the free version of Revo Uninstaller from HERE (Scroll down)
I would install it, and attempt to use it to Uninstall the offending programs.
You can ignore/close the Update pitch that pops up when you start the program.
You can also get a portable version (no installation required) in a zip file format from one of these sites: ONE or TWO
Start Revo and Highlight the following, then click the Uninstall icon in the middle of the Menu bar.

AVG 8.5

When the Mode dialog comes up, choose Moderate

When it finishes, repeat the process for these other program(s)

Pando Media Booster

Revo will succeed many times when regular methods fail.
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 13th, 2011, 2:55 pm

Followed all of the directions, here you go.



OTL logfile created on: 4/13/2011 1:48:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 57.60 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.99 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/01/24 15:24:20 | 015,104,608 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/09/23 20:22:56 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [Auto | Stopped] -- -- (avg8emc)
SRV - [2011/03/31 21:53:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/13 04:47:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/01 12:07:00 | 003,461,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 13:33:08 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68DAABB9-378A-4226-8282-F6F6ED843259}\MpKsl9ae601fd.sys -- (MpKsl9ae601fd)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/07 12:58:31 | 000,191,848 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_463.sys -- (pfmfs_463)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/09/23 20:22:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/23 20:22:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/23 20:22:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/06 04:33:00 | 000,357,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNt.sys -- (EagleNT)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/19 19:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1916688040-890294713-551456720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 01:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 01:36:49 | 000,000,000 | ---D | M]

[2009/02/21 07:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/02/04 19:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/02/15 01:37:50 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2008/10/28 11:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2008/10/28 11:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npnisp.dll

O1 HOSTS File: ([2008/09/18 19:53:07 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version ... Client.cab (Anark Client 4.0 ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell - "" = Autorun
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\Open\command - "" = RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{44aca024-a57d-11de-acf0-001e68d27887}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\runsetup.LNK
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\Run\command - "" = G:\runsetup.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 13:47:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:36:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (3)
[2011/04/13 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2011/04/13 12:53:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/04/13 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/04/13 12:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/13 08:05:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB950707-2B9B-476F-83B7-2C2E405E3602}
[2011/04/13 05:11:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2011/04/13 03:07:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/12 23:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/04/12 23:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trine
[2011/04/12 20:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E848DEFC-BE48-4F6F-9C28-B5FAC371A214}
[2011/04/12 17:00:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/12 17:00:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/12 17:00:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/12 17:00:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/12 17:00:04 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/12 17:00:03 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/12 17:00:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/12 17:00:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/12 17:00:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/12 17:00:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/12 17:00:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/12 17:00:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/12 17:00:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/12 17:00:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/12 17:00:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/12 17:00:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/12 17:00:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/12 16:58:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/12 16:58:44 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/12 16:58:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/12 16:58:19 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/12 16:58:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/12 16:25:31 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/12 16:25:30 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/12 16:16:28 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/12 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FB6B0E4E-2DD6-445E-932A-801510DF21C9}
[2011/04/11 21:47:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/04/11 21:47:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My 001 Games
[2011/04/11 21:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Setup
[2011/04/11 21:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\001
[2011/04/11 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{424FACE6-E002-4768-8ECD-9548147319FD}
[2011/04/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7D9F149B-B6A1-4BCB-BD69-7CFEF331A807}
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/10 15:54:38 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/10 15:54:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/10 15:54:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/10 08:00:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6E96ED88-71FB-4520-A1AA-EAFD7F8A8315}
[2011/04/09 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D8547161-8920-4837-ABD0-7CA907993FB0}
[2011/04/09 07:58:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1354BFF2-F910-48BE-89FF-917AE11871B1}
[2011/04/08 07:57:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{98C68FD0-8DC9-4A51-9ECA-C7259355659B}
[2011/04/07 21:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/07 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx22
[2011/04/07 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{66F161CA-6528-463A-B0EC-308C66231D36}
[2011/04/07 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSX2
[2011/04/07 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PCSX2
[2011/04/07 19:37:47 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/04/07 19:37:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/04/07 19:37:47 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/04/07 19:37:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/04/07 19:37:46 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/04/07 19:37:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/04/07 19:37:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/04/07 19:37:45 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/04/07 19:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\PCSX2 0.9.7
[2011/04/07 08:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx2
[2011/04/07 07:55:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{36107787-F217-416F-992E-23E4A87CDB02}
[2011/04/06 19:54:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{46A39D81-43DF-4028-80EF-A534B711703D}
[2011/04/06 15:22:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Zombe fly
[2011/04/06 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DA592E1B-B881-4476-A7A9-4FE90EF5202B}
[2011/04/06 03:22:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DDMSettings
[2011/04/05 07:53:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3C827397-BA3C-4CC8-ADDE-AB88DB2AB3CB}
[2011/04/04 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4D4A7E16-D74E-4ED8-9B6B-BD9F64C486D6}
[2011/04/03 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8734CAFD-FE00-4A9B-AC26-1E06F6679A4E}
[2011/04/03 07:50:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D00A122C-6AE8-4936-8FF6-7048A75C4E47}
[2011/04/02 19:50:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0C5EE07-6C0D-4122-8E69-5C80B2EBA896}
[2011/04/02 07:49:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{979EB3FE-7C40-48FA-8B53-0840F8C72D4F}
[2011/04/01 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{51FC1826-1CC0-4522-890B-826337AE30C4}
[2011/04/01 07:48:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C138E070-C31E-4A43-A76D-843CF52E1725}
[2011/03/31 19:47:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{881B1CA3-2F52-4941-A4AD-1860F8E58C8F}
[2011/03/30 07:45:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6BA9DDDA-BA1D-4331-BCFB-EC52A2D6696E}
[2011/03/29 19:44:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9FFEC2EB-CA6F-471F-93AE-134924FA547B}
[2011/03/28 15:46:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/28 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/23 00:02:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 00:02:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/16 06:17:10 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\P90
[2007/07/04 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/13 13:51:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job
[2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:39:07 | 000,645,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 13:39:06 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 13:36:23 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/13 13:34:30 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/13 13:32:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 13:32:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 13:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 13:20:26 | 000,932,400 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/13 12:50:30 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000UA.job
[2011/04/13 05:39:49 | 000,045,659 | ---- | M] () -- C:\Users\Owner\Desktop\[PSP]Final.Fantasy.VII.Crisis.Core[ENG].4093051.TPB.torrent
[2011/04/13 05:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000Core.job
[2011/04/13 05:15:35 | 000,014,488 | ---- | M] () -- C:\Users\Owner\Desktop\[PSP]Kingdom_Hearts__Birth_by_Sleep[ENG][FULL].5809315.TPB.torrent
[2011/04/13 04:58:39 | 000,374,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 23:13:33 | 000,000,769 | ---- | M] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | M] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 14:32:44 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/11 12:13:54 | 029,899,423 | ---- | M] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 15:54:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/10 15:54:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/10 15:54:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/04/10 15:54:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/04/10 15:07:30 | 000,625,664 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2011/04/09 15:23:51 | 000,102,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 11:30:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/13 13:20:21 | 000,932,400 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/13 05:39:45 | 000,045,659 | ---- | C] () -- C:\Users\Owner\Desktop\[PSP]Final.Fantasy.VII.Crisis.Core[ENG].4093051.TPB.torrent
[2011/04/13 05:15:39 | 000,014,488 | ---- | C] () -- C:\Users\Owner\Desktop\[PSP]Kingdom_Hearts__Birth_by_Sleep[ENG][FULL].5809315.TPB.torrent
[2011/04/12 23:13:33 | 000,000,769 | ---- | C] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | C] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 12:10:17 | 029,899,423 | ---- | C] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 16:02:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/10 15:07:28 | 000,625,664 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2009/10/24 13:03:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 20:53:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 20:53:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 23:42:34 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2009/07/14 13:35:46 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/06 13:38:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/17 21:48:40 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/16 00:11:26 | 000,102,912 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 22:50:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/17 01:42:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/21 06:57:47 | 000,027,503 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/25 20:56:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/09/20 17:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/09/19 17:08:26 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2008/09/19 16:05:30 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2008/09/19 11:47:20 | 000,020,932 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/09/18 20:07:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/18 19:58:42 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\cecdead7_z.dll
[2008/09/01 20:47:14 | 000,029,752 | ---- | C] () -- C:\Windows\System32\InstHelper.dll
[2008/08/27 05:56:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/27 05:53:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/04/24 21:38:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/22 11:50:38 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/05/09 07:16:40 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,374,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,006 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011/03/25 01:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/03/13 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acoustica
[2010/02/13 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2009/04/29 21:30:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2008/12/26 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
[2009/09/09 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/03/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/03/13 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2008/10/21 06:57:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/12/18 01:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2008/09/19 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/02/04 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2009/07/28 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine
[2011/04/13 13:30:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/04/13 13:30:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/13 13:51:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 1360 bytes -> C:\ProgramData\Microsoft:JLTRI1k0bdp0bg34mKblBDt0DUAO7
@Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:LN6sb5U5ghIC3JLqPgYZjJ
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:307AA992

< End of report >



OTL Extras logfile created on: 4/13/2011 1:48:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 57.60 Gb Free Space | 33.00% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.99 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1916688040-890294713-551456720-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034CE133-280E-44EE-92B1-EDF4D9CC9340}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11F33E2B-23B0-47BD-AC55-0C51671396C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{152DC869-2E48-4230-98D6-374BA6102EB0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1CE769DD-5E1A-4805-B12E-88DD1AEAA909}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EB30591-36AB-4688-B129-8DCD1DA2BA6E}" = rport=445 | protocol=6 | dir=out | app=system |
"{234E6618-C908-405C-B081-EA9482C82B1C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E02AB58-12FA-4199-B24C-AFC77EEF85E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{32F143B1-8EE1-484D-A504-B822BA8A569B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{38541CD6-402E-4B60-8655-C71190FCF50B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3865F904-F7E3-4C14-9F56-454FB99AC73C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{412EADE9-4AD6-4DF5-AB56-491AFFD31927}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4D248D1C-CE06-44DD-B3B8-446BF1F3EBDE}" = rport=139 | protocol=6 | dir=out | app=system |
"{5609EAF6-58BA-4E3D-AF59-C3F532B2A596}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B3FEE10-A4E0-4F09-AE5D-1B58C642959F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5EE9E1EB-E3EE-439E-A49A-EDE9F247BA71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5F2C511D-F4D8-4211-B388-2C0CEAA3979B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F789134-E439-4743-AB3E-C52A950AEB44}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{619C3C06-E8C6-4102-BDCD-5C8E68A32BA0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{633D437A-8F99-49D2-B9D3-4B0295A3ED9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6348AB39-DF1E-410F-B733-0A66CA595B49}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66CD5D6B-D40A-474E-AD8E-F36E2901BD1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74907BF8-6A2E-4FCD-A5F7-FADD1815D200}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7EC86D3C-494F-4B06-95B1-00A087AE82FE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{99103D44-0E28-421E-9107-5A49417F85D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A74F569-9791-4545-AA64-45253DC9B9A8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0F34B18-F298-49C6-8D33-0790765F3DCB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A3093A9C-A1D0-4292-8103-14BE44CFC95D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A87C429F-BA3F-4AA7-BD10-C5AA75E425A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B469BA39-059E-455C-B1C6-E9F442955791}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B89F41DD-65FE-4A22-9CAD-75A330FF9A9E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C1080D0B-54FA-4B86-9D48-C91B0DF4B1FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8B83168-CBE4-49D5-8023-F00ED07D4A8E}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0EF6EDB-E796-4940-AAC5-C0817E05E3FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EB6733B1-C27F-4730-A9B9-BB3EF3982812}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD27133F-BD62-407B-87B3-A2B778431E60}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F5B66D-D8CD-4A0D-B1A5-06E44968A67C}" = protocol=6 | dir=in | app=c:\windows\system32\lxbxcoms.exe |
"{0273C4D3-21CA-49F5-8CB1-CEACDE0F08D4}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8a5d.tmp\symnrt.exe |
"{04B65BD7-A232-4C2D-AC50-34254BF8C2C6}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{05F539FD-7747-43A1-9852-9F875178C6C5}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0C106624-233A-42FF-B626-E7CACC1A6A5D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C7DE5C8-99E5-449E-856E-F2DE720208DA}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{0FEDC464-F7E9-420F-BC6A-6561D09A8F7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{11CF649A-B94A-4777-BBC2-B29FB89F961F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{157425C6-D4CB-4A5A-8CC5-024C9FC3CC0C}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager - lamannia\turbinemessageservice.exe |
"{161D40C0-F89E-4425-8A35-81960B280F8A}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1A901A77-8EE8-46B3-BF21-7B291100D4A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F99DE02-721B-4BB3-A54B-29BD2C8FEB73}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2B69D3A6-EFC3-407E-A15C-5E88E49B15EB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{2E1E1B20-6F04-4A68-8D01-3043C1430CA9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35890EA9-11A1-4C46-BB48-A6ECAC370F62}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs8a5d.tmp\symnrt.exe |
"{383002CC-372F-4244-B69B-2B6A3BD17290}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{3BA3C2A3-D7D2-4D99-815D-FB24F5BB6B16}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3C9C216D-A64F-4A2B-B25C-8D1D6C1660E2}" = protocol=17 | dir=in | app=c:\program files\turbine\turbine download manager - lamannia\turbinenetworkservice.exe |
"{3FCBD3E6-A7B6-4392-BB49-33695EF58F29}" = protocol=17 | dir=in | app=c:\windows\system32\lxbxcoms.exe |
"{46AC37F2-C070-4906-9134-550F91300957}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{47ACBC9D-7AB6-4FAD-8425-D058E0DB3024}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{49E280C3-ABD1-4CEB-9875-316F1540F7D9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{4C324C93-7FD1-494F-8A1D-2F908DA49557}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager - lamannia\turbinenetworkservice.exe |
"{53A4AC7F-EF3A-467C-B24D-765304503397}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55DA11FD-4C33-4619-96DA-B430E9E5C951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C000397-0038-440D-A9AE-CC9DD9C7B73B}" = protocol=6 | dir=in | app=c:\program files\turbine\turbine download manager - lamannia\turbinemessageservice.exe |
"{5CC7F21D-35AA-4E44-BAAC-4D64D7B0B5F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F60ACF0-F1BA-4584-8EF3-98D45E6BB3DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{63AB9790-5D44-40EB-92F6-293974B0EDF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6895D731-CD86-4183-AF11-0B3533F649F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69D7766A-2BDE-4B82-AE29-DA215FC3B27E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BAD5D6D-D5B6-412C-A4BD-9C78424D1621}" = protocol=6 | dir=out | app=system |
"{6DED7398-0717-43CA-BE3E-2BF3B51127D4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\synergy\hl2.exe |
"{70C590A2-DBE2-4D41-833C-6D14CCB41C85}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{75DE9989-8F46-40CC-80A2-9BF25F2CC95A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78230268-61F7-44C2-AA84-768FBBF9FA0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AC4AFBE-CEBC-4865-A3E8-64300724AC4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DAAA77D-D339-4C00-A7D1-42881E692799}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7EB085B8-344E-41CB-9D92-AB651F064199}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7ED383FB-1E49-4D17-8DA7-2B9DF3B2CB46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81D77F74-F462-4698-8808-E837485413AD}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{834E6928-C19A-49D2-99D8-C2F48C024FD6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9047498D-CEB6-47F3-A1F1-4949D8CB327A}" = protocol=17 | dir=in | app=c:\program files\gravity\ragnarokonline\ragnarok.exe |
"{923EE775-D9C7-4C51-BF0A-D7ABF9B72ADC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{96D938A4-BD26-4EB1-A056-F273FCFA0E67}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{9F055192-54CB-444C-B93E-7463A1FAC37F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A3351AA4-DC58-4AF6-929C-BC948A550A6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6DC156E-0200-45CB-9978-963659B9D9B3}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{AF92B6E9-02ED-485F-8196-528D4296F852}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B45744D4-86A4-4417-A215-719ED5DE9E9A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B8C7CCF3-4E68-4233-B0AF-F8782A61AEA4}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{C975395D-F447-46A8-AA47-B2CDBC26C1A8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{CBC18F8C-747B-4F04-B9A1-6E7F16C4BB63}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{CBD5DD87-1993-4C52-A19E-34CF5EFC4544}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbxpswx.exe |
"{CC7AFF44-16C0-4A49-ADD3-EDE83386862D}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CDFFC261-7D28-46BE-8D50-5D2D161E195A}" = protocol=6 | dir=in | app=c:\program files\gravity\ragnarokonline\ragnarok.exe |
"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D2CC6605-9355-4BF7-B9BF-93BCBD226E04}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbxpswx.exe |
"{DC13BDF8-0B68-4785-BED0-379B3D3FF88D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7357E37-3CBB-4ED7-B6C3-36AE06101BF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\synergy\hl2.exe |
"{F5FD2F6C-4959-4877-8963-91D77D16EACE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F861D263-CF0F-446C-9800-601E359B8CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F963323C-FB83-4EC0-A10C-64875EDC99B0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FBCE6A75-502A-4878-970F-DE6255648705}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{00A31745-9C5D-4768-9231-682D60446097}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{0631FE6F-8753-4614-9BA8-27FE43D411D0}C:\users\owner\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\owner\desktop\utorrent.exe |
"TCP Query User{1406BA94-1F72-4CEB-A41C-E26FE056D4C2}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{23504C5A-3F44-43A9-8C34-ED428CC491E0}C:\program files\turbine\ddo unlimited (preview)\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited (preview)\dndclient.exe |
"TCP Query User{3EBA37AA-66F0-4A99-9313-A8DDE8CECB98}C:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe |
"TCP Query User{487045D0-821D-4D54-9683-62AD8181BDEA}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{6252E32C-DC82-42CE-8DA0-9C894A26072F}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{6EDE72D1-82B1-49D6-BE31-E59BFE46359D}C:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe |
"TCP Query User{80ECD54A-1DA3-4179-9797-A5D45C77F5C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{91B12B55-EDD8-4855-A26A-9383B6B577B6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{95AEDBA1-CF53-404B-8090-061ADA30A386}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{A0514A97-BADD-4D78-8656-B25623C05110}C:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe |
"TCP Query User{A284C2BD-DB49-4C3F-8FD8-4F0B25C5E4E9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B4911AC4-D7C6-449D-A630-0EBCEBF60E3A}C:\users\owner\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"TCP Query User{D21D77E1-64C5-4340-979F-6D6CE712838B}C:\users\owner\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"TCP Query User{E7F5AAFB-AB8A-4AD3-9483-486C7FE5D764}C:\program files\steam\steamapps\tjssteem\synergy\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\synergy\hl2.exe |
"TCP Query User{EF3CE752-7DBF-4C44-8A22-5181145FE9AB}C:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe |
"UDP Query User{04114BCF-3A5C-4113-B5E4-299C6AC3ADF9}C:\program files\turbine\ddo unlimited (preview)\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited (preview)\dndclient.exe |
"UDP Query User{08493778-EE7F-45C0-BA99-FA467EB9849D}C:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe |
"UDP Query User{09800FB6-5851-471C-BAF3-8AA0C8C799FC}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{1AB183F5-E50C-402A-BEE2-CC6F94A02BCB}C:\users\owner\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\owner\desktop\utorrent.exe |
"UDP Query User{281E7E2B-A47A-4B07-8BC8-4FEDBCEA717E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2F45783A-9902-4B4D-9C0C-E0C8409BBFED}C:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe |
"UDP Query User{3E942031-47E3-4531-8EFD-EA4936736893}C:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\insurgency\hl2.exe |
"UDP Query User{46CEF5FF-8CB7-44DB-92C7-85618C90D006}C:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\team fortress 2\hl2.exe |
"UDP Query User{55BE0450-F65D-4E9A-BD57-1B6B140D2563}C:\users\owner\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"UDP Query User{990D1C5E-B4E7-4073-AEF0-F61874CC6165}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{A8C78B94-FB0F-4BF0-B996-E5B0AE2C2983}C:\users\owner\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\owner\program files\dna\btdna.exe |
"UDP Query User{BECDE770-2D60-40DD-943A-478ED4F3070C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C79DADF9-F80E-4C55-8703-7DE1A2B95DA7}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{CB7CF7BC-235C-4E09-BDF5-CA4DA4069F71}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DCF4E6DC-E123-467C-A7A8-DBB4A381CA5C}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{DD76E741-95D8-478C-AE89-C217B038960C}C:\program files\steam\steamapps\tjssteem\synergy\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\tjssteem\synergy\hl2.exe |
"UDP Query User{E25E4F0D-C491-4E3B-99B2-093D186DB5F7}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ef57af2e-47b7-4e04-8c4b-48fb10fc34f0_is1" = Dungeons & Dragons Online - Stormreach™ - Lamannia
"FLV Player" = FLV Player 2.0 (build 25)
"Guild Wars" = Guild Wars
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"hon" = Heroes of Newerth
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Map001" = 001 Action / RPG Maker 1.009.002
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PC Alarm Clock" = PC Alarm Clock
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"Search Toolbar" = Search Toolbar
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Steam App 17520" = Synergy
"Steam App 17700" = Insurgency
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"SysTools File Restore - Demo Version 2.0_is1" = SysTools File Restore
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Trine_is1" = Trine 1.09
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1916688040-890294713-551456720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2011 6:55:41 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:43 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:46 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:48 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:52 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:53 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:55 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:57 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:55:58 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/13/2011 6:56:05 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 11/4/2009 5:03:25 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/16/2009 4:37:39 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/18/2009 4:37:08 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/18/2009 6:44:27 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/18/2009 8:38:47 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/7/2009 4:46:51 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2009 4:52:30 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/10/2010 4:49:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/15/2010 5:02:44 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/16/2010 4:57:33 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/10/2011 5:01:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/10/2011 5:01:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/11/2011 4:18:53 PM | Computer Name = Owner-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address 00-25-AE-56-5F-CB. Network operations
on this system may be disrupted as a result.

Error - 4/13/2011 5:59:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/13/2011 5:59:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 4/13/2011 5:59:26 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/13/2011 2:33:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/13/2011 2:33:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/13/2011 2:33:04 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/13/2011 2:33:14 PM | Computer Name = Owner-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{4DE0F2EA-8688-4104-B829-1B3D8CC7C11B}
because another computer on the network has the same name. The server could not
start.


< End of report >
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby askey127 » April 13th, 2011, 6:36 pm

Complaint:
keep having commonpriv.log.lock files occur and now my windows media player is acting up horribly as in when I start it, it freezes.
Edit: I cannot seem to get rid of the AVG 8.5 files either. Norton files are an issue as well.
Vista:

itsannoying,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    C:\Windows\System32\avgrsstx.dll
    SRV - File not found [Auto | Stopped] -- -- (avg8wd)
    SRV - File not found [Auto | Stopped] -- -- (avg8emc)
    DRV - [2009/09/23 20:22:55 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2009/09/23 20:22:47 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/09/23 20:22:47 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-1916688040-890294713-551456720-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O30 - LSA: Authentication Packages - (ows\s) - File not found
    [2011/04/12 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FB6B0E4E-2DD6-445E-932A-801510DF21C9}
    [2011/04/11 21:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
    [2011/04/11 21:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\001
    [2011/04/11 21:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Setup
    [2011/04/11 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{424FACE6-E002-4768-8ECD-9548147319FD}
    [2011/04/10 20:01:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7D9F149B-B6A1-4BCB-BD69-7CFEF331A807}
    [2011/04/07 19:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\PCSX2 0.9.7
    [2011/04/07 08:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx2
    [2011/04/07 07:55:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{36107787-F217-416F-992E-23E4A87CDB02}
    [2011/04/06 19:54:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{46A39D81-43DF-4028-80EF-A534B711703D}
    [2011/04/06 15:22:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Zombe fly
    [2011/04/06 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DA592E1B-B881-4476-A7A9-4FE90EF5202B}
    [2011/04/06 03:22:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\DDMSettings
    [2011/04/05 07:53:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3C827397-BA3C-4CC8-ADDE-AB88DB2AB3CB}
    [2011/04/04 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4D4A7E16-D74E-4ED8-9B6B-BD9F64C486D6}
    [2011/04/03 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8734CAFD-FE00-4A9B-AC26-1E06F6679A4E}
    [2011/04/03 07:50:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D00A122C-6AE8-4936-8FF6-7048A75C4E47}
    [2011/04/02 19:50:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B0C5EE07-6C0D-4122-8E69-5C80B2EBA896}
    [2011/04/02 07:49:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{979EB3FE-7C40-48FA-8B53-0840F8C72D4F}
    [2011/04/01 19:48:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{51FC1826-1CC0-4522-890B-826337AE30C4}
    [2011/04/01 07:48:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C138E070-C31E-4A43-A76D-843CF52E1725}
    [2011/03/31 19:47:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{881B1CA3-2F52-4941-A4AD-1860F8E58C8F}
    [2011/03/30 07:45:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6BA9DDDA-BA1D-4331-BCFB-EC52A2D6696E}
    [2011/03/29 19:44:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9FFEC2EB-CA6F-471F-93AE-134924FA547B}
    [2011/03/28 15:46:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/03/28 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/03/16 06:17:10 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\P90
    [2011/04/13 13:32:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/13 13:32:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2008/09/18 19:58:42 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\cecdead7_z.dll
    [2008/12/26 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
    [2011/04/13 13:30:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF
    @Alternate Data Stream - 1360 bytes -> C:\ProgramData\Microsoft:JLTRI1k0bdp0bg34mKblBDt0DUAO7
    @Alternate Data Stream - 1159 bytes -> C:\ProgramData\Microsoft:LN6sb5U5ghIC3JLqPgYZjJ
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:307AA992
    
    :Reg
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{70C590A2-DBE2-4D41-833C-6D14CCB41C85}" =-
    "{CC7AFF44-16C0-4A49-ADD3-EDE83386862D}" =-
    "TCP Query User{A284C2BD-DB49-4C3F-8FD8-4F0B25C5E4E9}C:\program files\utorrent\utorrent.exe" =-
    "TCP Query User{B4911AC4-D7C6-449D-A630-0EBCEBF60E3A}C:\users\owner\program files\dna\btdna.exe" =-
    "TCP Query User{D21D77E1-64C5-4340-979F-6D6CE712838B}C:\users\owner\program files\dna\btdna.exe" =-
    "UDP Query User{1AB183F5-E50C-402A-BEE2-CC6F94A02BCB}C:\users\owner\desktop\utorrent.exe" =-
    "UDP Query User{55BE0450-F65D-4E9A-BD57-1B6B140D2563}C:\users\owner\program files\dna\btdna.exe" =-
    "UDP Query User{A8C78B94-FB0F-4BF0-B996-E5B0AE2C2983}C:\users\owner\program files\dna\btdna.exe" =-
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 13th, 2011, 7:06 pm

OTL logfile created on: 4/13/2011 6:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 70.29 Gb Free Space | 40.26% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.99 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 21:53:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/13 04:47:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/01 12:07:00 | 003,461,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 17:53:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68DAABB9-378A-4226-8282-F6F6ED843259}\MpKsl17379d15.sys -- (MpKsl17379d15)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/07 12:58:31 | 000,191,848 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_463.sys -- (pfmfs_463)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/07/06 04:33:00 | 000,357,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNt.sys -- (EagleNT)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/19 19:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 01:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 01:36:49 | 000,000,000 | ---D | M]

[2009/02/21 07:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/02/04 19:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/02/15 01:37:50 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2008/10/28 11:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2008/10/28 11:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npnisp.dll

O1 HOSTS File: ([2008/09/18 19:53:07 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version ... Client.cab (Anark Client 4.0 ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell - "" = Autorun
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\Open\command - "" = RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{44aca024-a57d-11de-acf0-001e68d27887}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\runsetup.LNK
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\Run\command - "" = G:\runsetup.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 17:58:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/04/13 17:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/13 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (6)
[2011/04/13 14:30:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (5)
[2011/04/13 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (4)
[2011/04/13 13:47:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:36:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (3)
[2011/04/13 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2011/04/13 12:53:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/04/13 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/04/13 12:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/13 08:05:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB950707-2B9B-476F-83B7-2C2E405E3602}
[2011/04/13 05:11:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2011/04/12 23:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/04/12 23:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trine
[2011/04/12 20:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E848DEFC-BE48-4F6F-9C28-B5FAC371A214}
[2011/04/11 21:47:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My 001 Games
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/10 08:00:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6E96ED88-71FB-4520-A1AA-EAFD7F8A8315}
[2011/04/09 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D8547161-8920-4837-ABD0-7CA907993FB0}
[2011/04/09 07:58:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1354BFF2-F910-48BE-89FF-917AE11871B1}
[2011/04/08 07:57:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{98C68FD0-8DC9-4A51-9ECA-C7259355659B}
[2011/04/07 21:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/07 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx22
[2011/04/07 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{66F161CA-6528-463A-B0EC-308C66231D36}
[2011/04/07 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSX2
[2011/04/07 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PCSX2
[2007/07/04 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/13 18:01:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job
[2011/04/13 17:59:49 | 000,645,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 17:59:49 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 17:55:22 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/13 17:55:10 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/13 17:53:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:53:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 17:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000UA.job
[2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:20:26 | 000,932,400 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/13 05:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000Core.job
[2011/04/13 04:58:39 | 000,374,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 23:13:33 | 000,000,769 | ---- | M] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | M] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 14:32:44 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/11 12:13:54 | 029,899,423 | ---- | M] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 15:07:30 | 000,625,664 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2011/04/09 15:23:51 | 000,102,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 11:30:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/04/13 13:20:21 | 000,932,400 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/12 23:13:33 | 000,000,769 | ---- | C] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | C] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 12:10:17 | 029,899,423 | ---- | C] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 16:02:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/10 15:07:28 | 000,625,664 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2009/10/24 13:03:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 20:53:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 20:53:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 23:42:34 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2009/07/14 13:35:46 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/06 13:38:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/17 21:48:40 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/16 00:11:26 | 000,102,912 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 22:50:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/17 01:42:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/21 06:57:47 | 000,027,503 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/25 20:56:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/09/20 17:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/09/19 17:08:26 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2008/09/19 16:05:30 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2008/09/19 11:47:20 | 000,020,932 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/09/18 20:07:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/01 20:47:14 | 000,029,752 | ---- | C] () -- C:\Windows\System32\InstHelper.dll
[2008/08/27 05:56:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/27 05:53:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/04/24 21:38:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/22 11:50:38 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/05/09 07:16:40 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,374,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,006 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011/03/25 01:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/03/13 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acoustica
[2010/02/13 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2009/04/29 21:30:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/09/09 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/03/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/03/13 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2008/10/21 06:57:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/12/18 01:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2008/09/19 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/02/04 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2009/07/28 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine
[2011/04/13 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/04/13 17:52:20 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/13 18:01:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job

========== Purity Check ==========



< End of report >
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 13th, 2011, 7:07 pm

OTL logfile created on: 4/13/2011 6:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.56 Gb Total Space | 70.29 Gb Free Space | 40.26% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.99 Gb Free Space | 16.95% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 21:53:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/13 04:47:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/01 12:07:00 | 003,461,068 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 17:53:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68DAABB9-378A-4226-8282-F6F6ED843259}\MpKsl17379d15.sys -- (MpKsl17379d15)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/07 12:58:31 | 000,191,848 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pfmfs_463.sys -- (pfmfs_463)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/02 14:56:16 | 000,092,792 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/07/06 04:33:00 | 000,357,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNt.sys -- (EagleNT)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/19 19:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/06 15:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.7.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 01:36:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 01:36:49 | 000,000,000 | ---D | M]

[2009/02/21 07:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2009/02/04 19:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/02/15 01:37:50 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2008/10/28 11:15:22 | 000,255,248 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npnipp.dll
[2008/10/28 11:15:24 | 000,107,792 | ---- | M] (Novell Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npnisp.dll

O1 HOSTS File: ([2008/09/18 19:53:07 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version ... Client.cab (Anark Client 4.0 ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/24 21:23:11 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0f81d46a-b985-11de-ab32-005056c00008}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell - "" = Autorun
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{0fa1079a-3533-11de-a89c-001e68d27887}\Shell\Open\command - "" = RECYCLER\S-2-6-70-100006379-100008519-100015008-3508.com e:\
O33 - MountPoints2\{44aca024-a57d-11de-acf0-001e68d27887}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\runsetup.LNK
O33 - MountPoints2\{ff6f43de-20b0-11de-8355-001e68d27887}\Shell\Run\command - "" = G:\runsetup.cmd
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 17:58:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/04/13 17:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/13 14:36:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (6)
[2011/04/13 14:30:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (5)
[2011/04/13 14:22:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (4)
[2011/04/13 13:47:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:36:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder (3)
[2011/04/13 12:53:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VS Revo Group
[2011/04/13 12:53:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/04/13 12:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/04/13 12:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/13 08:05:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB950707-2B9B-476F-83B7-2C2E405E3602}
[2011/04/13 05:11:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2011/04/12 23:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/04/12 23:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trine
[2011/04/12 20:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E848DEFC-BE48-4F6F-9C28-B5FAC371A214}
[2011/04/11 21:47:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\001
[2011/04/11 21:47:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My 001 Games
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/04/10 16:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/04/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/10 08:00:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6E96ED88-71FB-4520-A1AA-EAFD7F8A8315}
[2011/04/09 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D8547161-8920-4837-ABD0-7CA907993FB0}
[2011/04/09 07:58:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1354BFF2-F910-48BE-89FF-917AE11871B1}
[2011/04/08 07:57:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{98C68FD0-8DC9-4A51-9ECA-C7259355659B}
[2011/04/07 21:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/07 20:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx22
[2011/04/07 19:56:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{66F161CA-6528-463A-B0EC-308C66231D36}
[2011/04/07 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\PCSX2
[2011/04/07 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\PCSX2
[2007/07/04 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/04/13 18:01:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job
[2011/04/13 17:59:49 | 000,645,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 17:59:49 | 000,121,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 17:55:22 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/13 17:55:10 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/13 17:53:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:53:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 17:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000UA.job
[2011/04/13 13:47:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/13 13:20:26 | 000,932,400 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/13 05:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1916688040-890294713-551456720-1000Core.job
[2011/04/13 04:58:39 | 000,374,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/12 23:13:33 | 000,000,769 | ---- | M] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | M] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 14:32:44 | 000,135,603 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/11 12:13:54 | 029,899,423 | ---- | M] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 15:07:30 | 000,625,664 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr
[2011/04/09 15:23:51 | 000,102,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 11:30:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/04/13 13:20:21 | 000,932,400 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/04/13 12:53:24 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/04/12 23:13:33 | 000,000,769 | ---- | C] () -- C:\Users\Owner\Desktop\Play Trine.lnk
[2011/04/11 21:47:23 | 000,000,837 | ---- | C] () -- C:\Users\Owner\Desktop\001 Game Creator.lnk
[2011/04/11 12:10:17 | 029,899,423 | ---- | C] () -- C:\Users\Owner\Desktop\Gazillionaire_v304_29.exe
[2011/04/10 16:02:02 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/10 15:07:28 | 000,625,664 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr
[2009/10/24 13:03:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/23 20:53:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/23 20:53:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 23:42:34 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2009/07/14 13:35:46 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/06 14:26:50 | 000,135,603 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/06 13:38:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/17 21:48:40 | 000,000,136 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/16 00:11:26 | 000,102,912 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/11 22:50:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/11/17 01:42:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/21 06:57:47 | 000,027,503 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/25 20:56:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/09/20 17:48:01 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/09/19 17:08:26 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.001
[2008/09/19 16:05:30 | 000,053,339 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\nvModes.dat
[2008/09/19 11:47:20 | 000,020,932 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/09/18 20:07:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/01 20:47:14 | 000,029,752 | ---- | C] () -- C:\Windows\System32\InstHelper.dll
[2008/08/27 05:56:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/27 05:53:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/04/24 21:38:18 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/22 11:50:38 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/05/09 07:16:40 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,374,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,006 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,121,064 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/19 03:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011/03/25 01:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.minecraft
[2010/03/13 20:50:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acoustica
[2010/02/13 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2009/04/29 21:30:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/09/09 17:59:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2011/03/10 09:31:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/03/13 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PACE Anti-Piracy
[2008/10/21 06:57:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2009/12/18 01:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2008/09/19 11:47:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2009/02/04 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TomTom
[2009/07/28 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Turbine
[2011/04/13 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/04/13 17:52:20 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/13 18:01:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E8140EC0-D224-4322-9D38-E5206CBCA450}.job

========== Purity Check ==========



< End of report >
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 13th, 2011, 10:15 pm

I decided to restart my laptop because I felt that it was acting a little more odd than usual, and next thing I know as I go to log into my account...

A window pops up before windows explorer opens and asks me to input my OS key and says that there was a change made to windows that was not verified. I click X on that and windows explorer loads with no background and now my Microsoft Security Essentials is saying:

"Windows did not pass genuine validation.
Security Essentials will become disabled in 30 days if you do not resolve this issue."


What a pain.
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby Itsannoying » April 14th, 2011, 1:09 am

I right click my computer and go to properties and on the bottom, it says that my version of windows is active but... It's showing the wrong product key and every time I try to change it, it says it was successful but still doesn't change.

On the bottom right of my desktop it says that my version of windows is not genuine and when I restart I still get the same message before windows explorer opens.



I have been on the phone going from microsoft techie to techie and I've gotten absolutely nowhere because they end up asking me to go to Internet Explorer and http://www.microsoft.com/genuine/validate but when I get there, I am immediately forwarded to Microsoft Search.

So I tried to go there on my Chrome browser and downloaded the application for browsers that do not support the system, and it does the application does the same exact thing as Internet Explorer.

Edit: I did a system restore to the date of when I submitted this thread.

:angryfire:
Itsannoying
Active Member
 
Posts: 8
Joined: March 28th, 2011, 5:01 pm

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby askey127 » April 14th, 2011, 7:45 am

itsannoying,
If you still need help, we will need to start over, since a System Restore was done.
----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
Please post the contents of install.txt in your next post.
---------------------------------------------
Run a Scan with OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    If you have a 64-bit version of Windows, check the box at the top, labeled Include 64 bit scans
  3. Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  4. Click on the Run Scan button at the top left hand corner.
  5. OTL will start running. When done, either one or two Notepad files will open; OTL.txt and, maybe Extras.txt.
    It/They will be saved on your desktop.
Please post the contents of OTL.txt
If it is too large to post, you can split it into multiple replies
-----------------------------------------------------------
Download and Run a Diagnostic Tool (MGADiag.exe) from here and save this to your desktop.
http://go.microsoft.com/fwlink/?linkid=56062
* Double-click on MGADiag.exe
* When the program has finished, click on the Validation tab and then click on Copy to Clipboard.
* Please post the results in your next reply.

So we are looking for the Installed programs list from CCleaner, the contents of OTL.txt, and the log from MGADiag.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Commonpriv.log.lock - DDS *Updated properly*

Unread postby askey127 » April 17th, 2011, 7:25 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware