Here are the various scan logs:
OTL:
OTL logfile created on: 1/27/2010 3:35:58 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Christopher Sonne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.05 Gb Total Space | 10.24 Gb Free Space | 15.99% Space Free | Partition Type: NTFS
Drive D: | 9.45 Gb Total Space | 1.24 Gb Free Space | 13.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.70 Mb Total Space | 383.70 Mb Free Space | 39.01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CES_LAPTOP
Current User Name: Christopher Sonne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Hp\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
PRC - C:\WINDOWS\system32\ICO.EXE (Primax Electronics Ltd.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (KodakCCS) -- File not found
SRV - (Autodesk Licensing Service) -- File not found
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files\Hp\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hp\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\Hp\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies )
DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies )
DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies )
DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (Flash1) -- C:\SwSetup\SP38062\winphlash\FLASH1.sys ()
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BTNetFilter) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys ()
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation)
DRV - (BTHidEnum) -- C:\WINDOWS\system32\drivers\vbtenum.sys ()
DRV - (BT) -- C:\WINDOWS\system32\drivers\BtNetDrv.sys (IVT Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SONYPVU1) Sony USB Filter Driver (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/av ... x_homepage IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://securityresponse.symantec.com/av ... x_homepage IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\S-1-5-21-1421354407-2458812674-931217484-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://sso.verizon.net/ssowebapp/VOLPortalLogin?ActualTarget=https://netservices.verizon.net/portal/verizon/protected/afterssologin.jsp?a=b|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.weatherunderground.com/cgi-bin/findweather/getForecast?query=22958"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.1.0.7
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/19 20:42:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/19 20:42:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/31 22:12:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 08:39:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 08:39:54 | 00,000,000 | ---D | M]
[2009/02/05 09:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Extensions
[2009/04/26 19:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\extensions
[2007/08/12 08:27:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Sonne\Application Data\Mozilla\Firefox\Profiles\uh1nbegg.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/01/10 11:40:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/14 10:56:59 | 00,044,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/14 10:56:59 | 00,107,928 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/06/19 04:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/11/14 10:56:58 | 00,057,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2008/06/19 04:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2006/11/29 15:02:22 | 00,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
[2008/08/20 18:21:30 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2010/01/24 21:02:26 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\Bill\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Christopher Sonne\Start Menu\Programs\StartUp\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Guest\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1421354407-2458812674-931217484-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}
http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 1280922703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Wave Aqua.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave Aqua.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/01/27 15:32:21 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe
[2010/01/27 14:43:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Apple Computer
[2010/01/27 14:28:11 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/26 21:19:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\mSpot
[2010/01/26 20:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/01/26 20:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/26 20:32:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/01/26 20:32:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\The Hobbit
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\Symantec
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\PLU250
[2010/01/26 20:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Videos
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Music
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\My Garmin
[2010/01/26 20:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\My Documents\Bluetooth
[2010/01/26 20:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\QuickPlay
[2010/01/26 20:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/01/26 20:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Mozilla
[2010/01/26 20:29:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\IsolatedStorage
[2010/01/26 20:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\HP
[2010/01/26 20:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Google
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Autodesk
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\ApplicationHistory
[2010/01/26 20:29:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Apple Computer
[2010/01/26 20:29:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\Adobe
[2010/01/26 20:29:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Desktop\Tab Software & Music
[2010/01/26 20:28:49 | 00,561,152 | ---- | C] (Joshua F. Madison) -- C:\Documents and Settings\Christopher Sonne\Desktop\Convert.exe
[2010/01/26 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\UVC
[2010/01/26 20:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\The Hobbit
[2010/01/26 20:28:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\OpenOffice.org2
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\OpenOffice.org
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Leadertech
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\Intuit
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\HpUpdate
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\HP
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\GTek
[2010/01/26 20:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\AVG9
[2010/01/26 20:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Sonne\Application Data\ArchosLink
[2010/01/26 20:26:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\DRM
[2010/01/26 20:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/01/26 20:23:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/01/26 20:23:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/01/26 20:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/01/26 20:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/26 20:22:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/01/26 20:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/26 20:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/26 20:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/01/26 20:22:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/26 20:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/01/26 20:22:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2010/01/26 20:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/01/26 20:21:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/01/26 20:21:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/01/26 20:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/01/24 21:02:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Christopher Sonne\History
[2010/01/24 21:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/01/24 21:02:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/24 21:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/01/24 21:02:32 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/01/24 21:02:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/24 18:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/24 17:58:41 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/24 17:55:35 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/24 17:55:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/24 17:55:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/24 17:55:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/24 17:55:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/24 17:55:13 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 21:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/19 20:43:12 | 00,000,000 | ---D | C] -- C:\$AVG
[2010/01/19 20:42:43 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/19 20:42:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/11/28 09:35:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/28 09:35:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/05/18 13:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/09/24 11:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/01/27 15:09:16 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\r30utlb5.exe
[2010/01/27 15:08:34 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Sonne\Desktop\OTL.exe
[2010/01/27 14:45:39 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Christopher Sonne\ntuser.dat
[2010/01/27 14:25:28 | 00,001,405 | ---- | M] () -- C:\hpqp.ini
[2010/01/26 22:23:42 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/26 22:16:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/26 22:09:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/26 21:57:27 | 05,923,840 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/26 21:57:20 | 04,490,240 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/26 21:54:20 | 00,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/01/26 21:54:12 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/26 21:54:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/26 21:49:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/26 21:49:49 | 20,789,12512 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/26 21:48:24 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Christopher Sonne\ntuser.ini
[2010/01/26 21:48:02 | 02,679,064 | -H-- | M] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\IconCache.db
[2010/01/26 20:14:46 | 03,837,551 | R--- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ComboFix.exe
[2010/01/26 20:04:06 | 00,660,480 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Desktop\CFDQ-UsrPrf.exe
[2010/01/24 21:39:16 | 00,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw
[2010/01/24 21:39:16 | 00,000,960 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2010/01/24 21:03:07 | 00,000,402 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
[2010/01/24 21:02:39 | 00,002,508 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Application Data\$_hpcst$.hpc
[2010/01/24 21:02:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/24 17:58:45 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/19 20:53:17 | 00,557,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/01/19 20:43:01 | 48,053,597 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/19 20:42:56 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/19 20:42:56 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/19 20:42:56 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 20:42:56 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/19 20:42:44 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/19 20:42:43 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/01/19 20:42:43 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/19 20:42:43 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/01/19 20:42:43 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/19 20:42:15 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/01/19 20:42:15 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/19 20:11:18 | 00,073,656 | ---- | M] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/19 20:05:04 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tizuliho
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tizuliho
[2010/01/27 15:32:25 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\r30utlb5.exe
[2010/01/26 20:32:01 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/01/26 20:31:45 | 00,000,864 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Start Menu\Programs\StartUp\OpenOffice.org 3.0.lnk
[2010/01/26 20:30:49 | 00,010,344 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\My Documents\Fence Estimate.ods
[2010/01/26 20:30:49 | 00,000,343 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\My Documents\acad.err
[2010/01/26 20:29:20 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 20:29:20 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\fusioncache.dat
[2010/01/26 20:29:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\FnF4.txt
[2010/01/26 20:28:50 | 00,898,048 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Spreadsheet_Redevelopment_Beta_revised 03-04-09.xls
[2010/01/26 20:28:50 | 00,897,536 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Spreadsheet_Beta_revised 03-04-09.xls
[2010/01/26 20:28:50 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Windows Media Player.lnk
[2010/01/26 20:28:50 | 00,000,179 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Removable Disk (F).lnk
[2010/01/26 20:28:49 | 00,207,360 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Engineering.civil.survey.RFP.Scan.doc
[2010/01/26 20:28:49 | 00,151,552 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\FormulaConvsTest_8_16_06.doc
[2010/01/26 20:28:49 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\House of Prayer_v2.xls
[2010/01/26 20:28:49 | 00,002,044 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/26 20:28:30 | 09,509,338 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ArchosLinkSetup_2_0_0_0.exe
[2010/01/26 20:27:47 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\AdobeDLM.log
[2010/01/26 20:27:47 | 00,000,402 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\_$_hpcst$_.hpc.zip
[2010/01/26 20:27:47 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\WorkingFolders.xml
[2010/01/26 20:27:47 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\dm.ini
[2010/01/26 20:26:46 | 00,001,833 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/01/26 20:26:46 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/01/26 20:26:46 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2010/01/26 20:26:46 | 00,000,631 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk
[2010/01/26 20:26:31 | 05,923,840 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/01/26 20:26:29 | 04,490,240 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/01/26 20:26:29 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play The Hobbit(TM).lnk
[2010/01/26 20:26:29 | 00,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Alltel Jump Music.lnk
[2010/01/26 20:26:29 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/26 20:26:29 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/26 20:26:29 | 00,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/01/26 20:26:29 | 00,000,959 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirates of the Caribbean Online.lnk
[2010/01/26 20:26:29 | 00,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2010/01/26 20:26:29 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EOS Utility.lnk
[2010/01/26 20:26:29 | 00,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/01/26 20:21:49 | 03,837,551 | R--- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\ComboFix.exe
[2010/01/26 20:20:55 | 00,004,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/26 20:18:42 | 00,660,480 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Desktop\CFDQ-UsrPrf.exe
[2010/01/26 20:12:03 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\DSwitch.txt
[2010/01/26 20:12:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\QSwitch.txt
[2010/01/26 20:12:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Local Settings\Application Data\AtStart.txt
[2010/01/24 21:36:41 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\Christopher Sonne\ntuser.ini
[2010/01/24 21:02:39 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Christopher Sonne\Application Data\$_hpcst$.hpc
[2010/01/24 19:19:11 | 00,002,688 | ---- | C] () -- C:\WINDOWS\System32\settings.aaw
[2010/01/24 19:19:11 | 00,000,960 | ---- | C] () -- C:\WINDOWS\System32\history.aaw
[2010/01/24 17:58:45 | 00,000,223 | ---- | C] () -- C:\Boot.bak
[2010/01/24 17:58:42 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/24 17:55:35 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/24 17:55:35 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/24 17:55:35 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/24 17:55:35 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/24 17:55:35 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/22 13:23:30 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/22 21:48:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/01/01 16:57:23 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/12 08:56:56 | 00,001,481 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2007/05/18 13:13:01 | 00,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/05/18 13:13:01 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/02/12 22:26:29 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/02/12 22:26:29 | 00,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/02/06 22:31:15 | 00,001,091 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2007/02/06 22:04:32 | 00,000,141 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007/02/06 22:04:32 | 00,000,049 | ---- | C] () -- C:\WINDOWS\mtb30.ini
[2007/01/05 19:43:02 | 00,000,054 | ---- | C] () -- C:\WINDOWS\TOPO2.INI
[2007/01/05 19:23:23 | 00,000,112 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2006/12/30 22:37:55 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/29 15:02:25 | 00,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/09/30 06:30:50 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/09/09 19:01:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2006/08/24 21:59:01 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2006/07/29 08:07:18 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/07/29 08:04:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/07/29 07:36:29 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/29 07:23:11 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/29 05:02:07 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/29 05:01:54 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/29 05:01:54 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/29 05:01:54 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/29 05:01:54 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/29 05:01:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/27 12:00:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 11:20:24 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 11:17:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/02 13:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
< End of report >
OTL Extras Log:
OTL Extras logfile created on: 1/27/2010 3:35:58 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Christopher Sonne\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.05 Gb Total Space | 10.24 Gb Free Space | 15.99% Space Free | Partition Type: NTFS
Drive D: | 9.45 Gb Total Space | 1.24 Gb Free Space | 13.13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 983.70 Mb Total Space | 383.70 Mb Free Space | 39.01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CES_LAPTOP
Current User Name: Christopher Sonne
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe" = C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Program Files\Hp\HP Software Update\HPWUCli.exe" = C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe" = C:\Documents and Settings\Priscilla\Local Settings\Temp\HP\OJP8500vA909_Full_12\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\Hp\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0C23BEBC-0429-4254-A83F-15C591AB768A}" = HP Pavilion Webcam Tray Icon
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 G2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF679535-E8F2-42C4-9C33-0A13CAFCAF8E}" = Before You Know It 3.6
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54F8559-F5CD-4007-9E9D-3F52902F9DE1}" = OptiPix™
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"9E140F48C9836B9B78539C08FB2B17146BDB3F65" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Alltel Jump Music 1.1.11" = Alltel Jump Music 1.1.11
"AVG9Uninstall" = AVG 9.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EOS Utility" = Canon Utilities EOS Utility
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{023FFB0A-C5DB-4930-B3E4-D48266C21738}" = The Hobbit(TM)
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"mSpot" = Music Powered by Celltop 1.2.10
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Viewer" = Photo Viewer 2.3
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave 7.0.2 Player" = Shockwave 7.0.2 Player
"Small Business Resource Guide 2000" = Small Business Resource Guide 2000
"Spanish To Go v1.2" = Spanish To Go v1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TEFView_is1" = TEFView 2.65
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = Verizon Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 1/26/2010 10:19:41 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:41 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:42 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:42 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:43 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:44 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
Error - 1/26/2010 10:19:44 PM | Computer Name = CES_LAPTOP | Source = foobar | ID = 4096
Description =
[ System Events ]
Error - 12/20/2009 7:41:14 PM | Computer Name = CES_LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 1/8/2010 11:35:01 AM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 1/8/2010 11:35:12 AM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 1/17/2010 3:55:15 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/17/2010 4:01:37 PM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 1/17/2010 4:01:47 PM | Computer Name = CES_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 1/24/2010 9:36:15 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7034
Description = The AVG Firewall service terminated unexpectedly. It has done this
1 time(s).
Error - 1/24/2010 9:36:42 PM | Computer Name = CES_LAPTOP | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.
Error - 1/24/2010 10:34:12 PM | Computer Name = CES_LAPTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'BOOT.INI' on the volume 'HarddiskVolume3'. It has stopped
monitoring the volume.
Error - 1/26/2010 9:10:53 PM | Computer Name = CES_LAPTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
< End of report >
GMER Log:
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-01-28 05:45:58
Windows 5.1.2600 Service Pack 3
Running: r30utlb5.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\pwdoakob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF0459470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF0459520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF04595C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF0459660]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5C57360, 0x2216ED, 0xE8000020]
? C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011b107a366 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011b107a366 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a366
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\LocalService@ ShellHWDetection
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\LocalService@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\ProgID@ AutoplayHandlerProperties.1
Reg HKLM\SOFTWARE\Classes\CLSID\{1B8B7182-BE22-8BCC-2BB6-E005ECD5FE7E}\VersionIndependentProgID@ AutoplayHandlerProperties
---- EOF - GMER 1.0.15 ----