Thank you
OTL logfile created on: 2011-02-22 19:38:08 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Steve\Desktop\Hijack\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
1,022.00 Mb Total Physical Memory | 534.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 1531 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.53 Gb Total Space | 20.93 Gb Free Space | 29.27% Space Free | Partition Type: NTFS
Computer Name: SNL | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011-02-22 19:36:59 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\Hijack\OTL\OTL.exe
PRC - [2011-01-10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-01-10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-01-10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-12-08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010-07-06 14:32:04 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010-07-06 14:32:02 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2010-05-14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010-01-19 10:17:16 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BellCanada\McciTrayApp.exe
PRC - [2010-01-14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-09-21 22:01:33 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2002-10-15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (
www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
========== Modules (SafeList) ========== MOD - [2011-02-22 19:36:59 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\Hijack\OTL\OTL.exe
MOD - [2010-08-23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-01-19 10:06:34 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
========== Win32 Services (SafeList) ========== SRV - [2011-01-10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011-01-10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-07-06 14:32:04 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2008-02-12 22:09:48 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007-10-25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007-03-07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007-01-31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-11-03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005-10-06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
========== Driver Services (SafeList) ========== DRV - [2011-01-10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011-01-10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010-01-19 10:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010-01-19 10:06:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009-04-14 06:27:50 | 001,519,424 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmudax3.sys -- (cmuda3)
DRV - [2008-04-13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008-04-13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008-04-13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-02-11 00:04:35 | 000,085,713 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gmer.sys -- (gmer)
DRV - [2007-02-25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006-10-05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004-12-01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-11-23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004-11-16 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-11-16 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-11-16 01:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-11-16 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-11-16 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-11-16 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-11-16 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-11-16 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-11-16 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-09-17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004-08-03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004-06-15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004-03-05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004-03-05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004-03-05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002-11-18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001-08-17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001-08-17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001-08-17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001-08-17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001-08-17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001-08-17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001-08-17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001-08-17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001-08-17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001-08-17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001-08-17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001-08-17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001-08-17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001-08-17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001-08-17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001-05-07 05:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.theweathernetwork.com/weathe ... f=homecityIE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-06 20:20:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-06 20:20:35 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009-05-14 22:25:32 | 000,306,829 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.123topsearch.comO1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1
www.132.comO1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1
www.136136.netO1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1
www.163ns.comO1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10567 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (
www.cmedia.com.tw))
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Steve\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: rbc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: rbc.com ([rbcts.fg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rbc.com ([remote] https in Trusted sites)
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB}
https://remote.rbc.com/nortel_cacheable/TrustSite.cab (Trustsite Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D72C39D-53F6-4AEA-A9DB-1298429DA975}
http://www.3dvista.com/downloads/viewer3dv2.cab (3DVista Viewer Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resour ... se6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 3120838250 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC}
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC}
http://us-download.mcafee.com/products/ ... vt/mvt.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {ACDB1787-986D-434D-9857-2172CDB2108D}
https://remote-gcc.rbc.com/nortel_cache ... nblock.cab (popupunblk Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C}
https://owa.bmofg.com/exchweb/controls/DAX.cab (DAX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}
https://inet.bmofg.com/dana-cached/setu ... tupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-02-14 16:30:21 | 000,000,067 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.NAV -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\iyvu9_32.dll ()
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ========== [2011-02-20 10:06:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2011-02-20 00:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011-02-19 23:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Avira
[2011-02-19 23:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011-02-19 23:28:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011-02-19 23:28:00 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-02-19 23:28:00 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011-02-19 23:28:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011-02-19 23:28:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011-02-19 23:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011-02-15 20:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Start Menu\Programs\HiJackThis
[2011-02-15 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\HiJack
[2011-02-15 20:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Hijack
[2011-02-12 19:32:25 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-02-12 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011-02-07 22:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Steve\My Documents\*.tmp files -> C:\Documents and Settings\Steve\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011-02-22 19:31:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011-02-22 19:31:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-22 19:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-22 19:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011-02-22 16:30:35 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-02-22 16:27:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011-02-22 16:27:27 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-14 20:00:00 | 000,000,772 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Steve.job
[2011-02-09 22:13:33 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-09 20:16:43 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-02-09 18:42:05 | 002,384,896 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Monaco_Yacht_d'Albert_de_Monaco.pps
[2011-02-08 22:35:09 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Noranda Book.doc
[2011-02-07 21:39:07 | 000,001,274 | ---- | M] () -- C:\WINDOWS\System\Cmicnfg3.ini
[2011-02-03 19:02:59 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Business Account.xls
[2011-02-02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011-01-31 07:19:43 | 000,001,154 | ---- | M] () -- C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2011-01-24 22:37:56 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Ministry Release Form_FSL_ Student - John English.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Steve\My Documents\*.tmp files -> C:\Documents and Settings\Steve\My Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2011-02-13 00:25:40 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-02-12 19:30:59 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011-02-09 18:42:04 | 002,384,896 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Monaco_Yacht_d'Albert_de_Monaco.pps
[2011-02-08 22:34:43 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Noranda Book.doc
[2011-02-02 22:17:48 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Business Account.xls
[2011-01-24 22:37:56 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\Ministry Release Form_FSL_ Student - John English.doc
[2010-08-28 01:59:41 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\Rim.Desktop.HttpServerSetup.log
[2010-05-02 19:30:29 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2010-05-02 19:29:46 | 000,001,480 | R--- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2010-05-02 19:29:33 | 000,002,378 | R--- | C] () -- C:\WINDOWS\cmudax3.ini
[2010-01-05 21:51:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009-12-07 14:58:27 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009-12-07 14:38:49 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2009-12-07 14:38:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009-12-07 14:38:46 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009-11-17 22:10:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009-03-21 20:43:26 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008-03-07 23:47:54 | 000,281,874 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2008-02-11 00:04:36 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008-02-11 00:04:35 | 000,819,200 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008-02-08 23:27:44 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008-02-08 23:27:44 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008-02-08 23:27:44 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008-02-08 23:27:42 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008-02-08 23:27:42 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008-02-06 18:40:33 | 000,004,296 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008-01-26 16:13:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008-01-13 11:34:38 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007-12-30 13:28:26 | 000,011,608 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007-11-02 18:31:40 | 000,006,850 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2007-11-02 18:31:40 | 000,005,633 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2007-11-02 18:31:40 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2007-03-05 19:08:40 | 000,000,394 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007-01-06 12:56:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006-12-28 10:41:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006-12-16 00:09:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006-05-23 08:24:56 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006-05-07 23:12:34 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006-05-07 23:12:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006-04-30 22:02:15 | 000,000,022 | ---- | C] () -- C:\WINDOWS\ICDESK.INI
[2006-02-07 21:22:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\WS_FTP.INI
[2006-01-14 11:58:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005-08-20 00:29:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005-05-25 21:41:39 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\6895752858.sys
[2005-05-25 21:41:38 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005-05-22 21:50:57 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2005-05-15 00:17:34 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-05-14 21:13:53 | 000,000,747 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-05-14 19:27:47 | 000,000,559 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2005-05-09 11:53:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-05-09 11:46:49 | 000,000,390 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005-05-09 11:15:00 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004-10-26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004-09-22 13:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004-08-10 13:13:12 | 000,000,883 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004-08-10 13:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004-08-04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003-11-13 13:28:02 | 000,012,570 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2003-11-13 13:28:02 | 000,012,570 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2002-04-17 07:15:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\appc18iv.dll
[1999-01-22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998-03-22 13:50:02 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1980-01-01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2006-05-09 22:29:24 | 000,000,030 | ---- | M] () -- C:\AHBDG.log
[2006-05-09 22:47:50 | 000,001,537 | ---- | M] () -- C:\APIHook.log
[2001-11-22 23:08:20 | 000,712,704 | R--- | M] (Sensaura Ltd) -- C:\AUDIO3D.DLL
[2006-02-14 16:30:21 | 000,000,067 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004-08-10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.NAV
[2009-12-02 00:13:06 | 000,000,212 | -HS- | M] () -- C:\BOOT.INI
[2003-04-07 20:21:02 | 000,050,794 | R--- | M] () -- C:\CMAUDIO.CAT
[2003-04-03 05:37:32 | 000,023,041 | R--- | M] () -- C:\cmaudio.dat
[2003-04-03 04:44:44 | 000,064,443 | R--- | M] () -- C:\CMAUDIO.INF
[2010-01-04 12:57:27 | 000,076,024 | ---- | M] () -- C:\CMAUDIO.PNF
[2002-11-18 02:51:40 | 000,377,358 | R--- | M] (C-Media Inc) -- C:\cmaudio.sys
[2002-06-24 02:46:58 | 000,003,360 | R--- | M] () -- C:\cmiainfo.sys
[2003-03-28 01:19:12 | 000,039,279 | R--- | M] () -- C:\cmijack.dat
[2003-04-10 22:16:28 | 000,039,279 | R--- | M] () -- C:\cmijack.ini
[2002-10-08 20:38:24 | 000,032,768 | R--- | M] (C-Media Corporation) -- C:\CMNPROP.DLL
[2002-07-10 23:13:26 | 000,135,168 | R--- | M] (C-Media Electronics Inc.) -- C:\CMUNINST.DAT
[2002-07-10 22:24:50 | 000,139,264 | R--- | M] (C-Media Electronics Inc.) -- C:\CMUNINST.EXE
[2004-08-10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2000-10-20 05:28:00 | 000,765,952 | R--- | M] (Sensaura Ltd) -- C:\CRLDS3D.DLL
[2006-04-23 22:38:33 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005-05-09 11:18:12 | 000,004,815 | RH-- | M] () -- C:\DELL.SDR
[2010-01-04 11:09:40 | 000,000,360 | ---- | M] () -- C:\drmHeader.bin
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011-02-22 16:27:27 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-04 12:57:27 | 000,038,120 | ---- | M] () -- C:\INFCACHE.1
[2007-11-07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2004-08-10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005-05-24 22:50:35 | 000,165,376 | ---- | M] () -- C:\Mail Set.doc
[2003-03-20 01:21:00 | 001,855,488 | R--- | M] (C-Media Electronic Inc. (
www.cmedia.com.tw)) -- C:\MIXER.EXE
[2004-08-10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2007-06-29 00:01:16 | 000,061,436 | ---- | M] () -- C:\newfiles.txt
[2005-12-14 00:55:26 | 000,001,024 | ---- | M] () -- C:\nop.exe
[2004-08-04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-09-17 18:03:12 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2011-02-22 16:27:25 | 524,288,000 | -HS- | M] () -- C:\pagefile.sys
[2005-09-12 02:19:55 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007-07-11 22:32:26 | 000,001,253 | ---- | M] () -- C:\rapport.txt
[2007-06-28 23:58:11 | 000,024,352 | ---- | M] () -- C:\runkeys.txt
[2010-07-26 20:44:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010-07-28 23:52:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010-07-30 16:15:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010-07-30 18:13:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010-08-03 08:09:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010-08-03 16:06:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010-08-06 13:26:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010-08-09 06:14:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010-08-09 11:40:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010-08-09 15:12:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010-08-10 21:37:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010-08-13 06:45:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010-08-14 10:40:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010-08-17 07:00:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010-08-22 11:32:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010-08-22 19:17:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010-07-14 21:17:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010-07-15 18:52:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010-07-15 20:16:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010-07-16 06:04:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010-07-26 20:44:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-07-28 23:52:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010-07-30 16:15:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010-07-30 18:13:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010-08-03 08:09:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010-08-03 16:06:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010-08-06 13:26:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010-08-09 06:14:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010-08-09 11:40:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010-08-09 15:12:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010-08-10 21:37:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010-08-13 06:45:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010-08-14 10:40:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010-08-17 07:00:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010-08-22 11:32:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010-08-22 19:17:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010-07-14 21:17:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010-07-15 18:52:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010-07-15 20:16:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010-07-16 06:04:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2005-08-26 15:55:32 | 000,692,224 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2006-05-07 23:04:04 | 000,352,137 | ---- | M] () -- C:\swlist.reg
[2006-06-05 21:54:11 | 000,000,000 | ---- | M] () -- C:\taskList.txt
[2007-11-07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2006-12-14 01:13:46 | 000,001,364 | ---- | M] () -- C:\VideoEditor.log
[2008-06-19 01:13:32 | 000,074,298 | ---- | M] () -- C:\winzip.log
[2007-10-26 20:50:17 | 000,140,936 | ---- | M] () -- C:\winzip_.log
[2008-03-18 10:09:35 | 000,000,048 | ---- | M] () -- C:\xmp.bat
< MD5 for: EXPLORER.EXE >[2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008-04-13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: SFC.DLL >[2008-04-13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[2008-04-13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\SYSTEM32\sfc.dll
[2004-08-04 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\I386\SFC.DLL
[2004-08-04 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll
< MD5 for: USERINIT.EXE >[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE
[2004-08-04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004-08-04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe
< C:\|CometU /FP > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 2011-02-22 19:38:08 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Steve\Desktop\Hijack\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
1,022.00 Mb Total Physical Memory | 534.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 1531 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.53 Gb Total Space | 20.93 Gb Free Space | 29.27% Space Free | Partition Type: NTFS
Computer Name: SNL | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- Reg Error: Key error. File not found
.ini [@ = inifile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- Reg Error: Key error. File not found
.reg [@ = regfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"22396:TCP" = 22396:TCP:*:Disabled:BitComet 22396 TCP
"22396:UDP" = 22396:UDP:*:Disabled:BitComet 22396 UDP
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Replay\Replay Video Suite 10.2\crack\WMR90.exe" = C:\Program Files\Replay\Replay Video Suite 10.2\crack\WMR90.exe:*:Enabled:Windows Media (TM) Stream Recorder -- (NetFor2 and Applian Technologies Inc.)
"C:\WINDOWS\SYSTEM32\MMC.EXE" = C:\WINDOWS\SYSTEM32\MMC.EXE:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Shiva\Shiva VPN Client\ICDESK.EXE" = C:\Program Files\Shiva\Shiva VPN Client\ICDESK.EXE:*:Enabled:VPN Client Windows Application
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06CE9412-6714-44AE-A035-F4E9930009E1}" = Advanced Network Diagramming Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0993A7DC-5616-4DBA-A538-E6BFE0C94C1D}" = Directory Services Help
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B5E0886-BC91-4E83-BB29-A664ED8F0285}" = Project Schedules Help
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{136498DE-6FBD-4F6F-B065-8E24118D351E}" = Internet Diagrams Help
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16C586A1-4ACB-11D3-8662-00C04F8DBAD9}" = Release Notes
"{172ED890-6982-4CCF-BD23-6949E553B860}" = Save as HTML
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19B29943-2A85-11D3-8F74-00C04F8DD7E3}" = Solutions
"{1D66C1EB-9FC0-4363-A4B9-E44DDCBACD00}" = Organization Charts
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241957BD-4436-42B1-ADCF-AE18144358D7}" = Office Layout
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268FC299-C0BD-4230-9D00-FD7BBB71A2C7}" = Organization Charts Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2D329298-7BDD-476B-8F68-AE3F66EB6F8F}" = Flowcharts
"{3379BB86-49C2-11D3-80AC-00C04F6B854D}" = Network Diagrams Help
"{3388E964-4C4F-11D3-9F66-006008A88EC8}" = Microsoft Visio 2000 (IE)
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{380E3211-4549-42B3-8EE8-2B0561530061}" = Custom Properties Editor
"{390927CA-7D1F-44EB-95FF-FBB4B20822B4}" = Borders and Backgrounds Help
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A71AF7E-705C-40D3-9024-B63C00AB1772}" = Program Files Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B3522B-195C-488D-84AC-9526FA99CB73}" = Motorola Handset USB Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46D2CC82-BEAE-4E47-A153-008E60E67BA2}" = Release Notes Professional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E901875-0F15-44BA-89DE-94AA41A7F507}" = Clear Cache feature for Internet Explorer
"{4F31302F-A77C-4759-9803-E02696185089}" = Program Files Professional
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51196320-99A0-4737-AE71-5BAF9489A855}" = Database Wizard
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55B39A89-795A-4E9F-AB38-15AB66125914}" = Borders and Backgrounds
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities
"{5BF9AE5B-D635-4BB6-9229-F863B28F9107}" = Graphics Filters
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60692A39-4C61-11D3-A339-006097B6ECD2}" = Program Files
"{60692A40-4C61-11D3-A339-006097B6ECD2}" = Visio
"{60C8D1EA-CB39-44FF-BECA-9B1457898C9B}" = Office Layout Help
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62E98CB2-2B1E-4E7D-8C3B-F6E7A3CB14E0}" = Network Diagrams
"{639B050E-9ADC-44C4-B7FE-BA7DB59D4E4B}" = Forms and Charts
"{63A0A66B-3A50-4D3E-9B88-6459D699C700}" = Internet Diagrams
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FC7B0F-E59D-418B-A007-13F02DBB002E}" = Advanced Network Diagramming
"{6A4EABDC-B3AA-421D-AB8B-5678293C9235}" = Callouts and Connectors Help
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74096E43-C712-4DED-A530-719CA2E0DE80}" = Nancy Drew Dossier: Resorting to Danger
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8C1D906C-D2DA-4E26-B0CF-EB79EEB1F946}" = Software Design Help
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A38975-8780-41EB-8483-5FFE82526859}" = Microsoft Phishing Filter Add-in for MSN Search Toolbar
"{93D1FE53-905C-4EE7-AE18-4B13AC0069AD}" = Shape Explorer Help
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C3576AC-61CA-4A61-8D39-9502AF46F8B6}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (français canadien)
"{9D25D3FD-A1DE-4CA0-BE6F-B5F65545DDB6}" = Directory Services
"{9EC41026-8399-47E4-9FE9-CFCCCB71F8C3}" = Property Reporting Wizard
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4DF8034-28B1-4967-9216-2B2BB435A7C1}" = Program Files Professional Help
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7016C76-6B65-428F-A2E8-F8A8007BECAF}" = Database Design
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8323532-49A2-4055-B424-EEB547E3D02E}" = Project Schedules
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B06E51F3-D04E-4898-9700-2E48788D5274}" = Clip Art and Symbols
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B80DA153-D56F-4D80-AC29-CEBC8BB263B9}" = Callouts and Connectors
"{B9EF1B56-2E87-11D3-80A5-00C04F6B854D}" = Maps
"{BA04FFF0-F3A5-4D48-BD32-003D7E901178}" = Page Layout Wizard
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BBE93891-6608-11d3-9F6A-006008A88EC8}" = Help for Visio 2000 (HTML Help)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C26E52-D52C-41ED-8F1C-D3D0DC941955}" = Software Design
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C5E69312-4354-11D3-B0BC-00C04FC2B1B9}" = CAD Drawing Display
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8A6BD64-0FB7-4AE5-82DF-09B5C6161486}" = Database Design Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D2D89191-1BB5-42BF-863D-991347B36641}" = Block Diagrams
"{D537C817-BF8E-4746-9E1E-E2A67DAECE4E}" = Add-ons
"{D982E7B4-4C62-11D3-A339-006097B6ECD2}" = Visio Core Files
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DFB8D937-5CC3-4555-9150-90E57459AF00}" = Block Diagrams Help
"{DFE81EB6-0287-4DFF-AE7D-14E664586905}" = Clip Art and Symbols Help
"{E2057EE6-A559-40E3-AF8B-437866E0EDA9}" = Flowcharts Help
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E7DE3D60-3FB8-11D3-8F79-00C04F8DD7E3}" = Developing Visio Solutions Help
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F28D0D4C-D522-43B1-9700-C896A76C6130}" = Maps Help
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8653A81-1A97-4A2A-8ECE-D2B895B4D796}" = Acapela Synthèse de la Parole pour le WordQ 2 Fr (Noyau)
"{FC588207-9B40-4800-92AD-EB4D48FB7726}" = Forms and Charts Help
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BellCanada" = Bell Internet Check-up
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"BugOff" = BugOff 1.10
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CleanUp!" = CleanUp!
"C-Media PCI Sound" = Diamond Xtreme Audio
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler (remove only)
"DelinvFile_is1" = DelinvFile - 2.02
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDXCopyPlatinum" = DVD X Copy Platinum 4.0.3
"EOS Utility" = Canon Utilities EOS Utility
"FLV Player" = FLV Player 2.0 (build 25)
"GoToAssist" = GoToAssist 8.0.0.480
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Intel(R) 537EP V9x DFV PCI Modem" = Intel(R) 537EP V9x DFV PCI Modem
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"jZip" = jZip
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Mavis Beacon Teaches Typing Deluxe 17" = Mavis Beacon Teaches Typing Deluxe 17
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MWAREDATT" = Messageware AttachView Add-in for Saving Files
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PCI Audio Driver" = PCI Audio Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 2.1.7
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sorry" = Sorry
"Stop_the_Morbuzakh" = Stop the Morbuzakh (remove only)
"VLC media player" = VLC media player 1.0.0
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zoo Tycoon 2" = Zoo Tycoon 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 2011-01-02 00:16:21 | Computer Name = SNL | Source = Application Hang | ID = 1001
Description = Fault bucket -2087263879.
Error - 2011-01-04 22:25:58 | Computer Name = SNL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 2011-01-04 22:25:58 | Computer Name = SNL | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 2011-01-07 01:00:06 | Computer Name = SNL | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.2.1.20, faulting
module divx plus player.exe, version 10.2.1.20, fault address 0x0000bac1.
Error - 2011-01-07 01:00:11 | Computer Name = SNL | Source = Application Error | ID = 1001
Description = Fault bucket -2112980242.
Error - 2011-01-07 01:01:06 | Computer Name = SNL | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.2.1.20, faulting
module qtcore4.dll, version 4.5.0.0, fault address 0x000e1b16.
Error - 2011-01-07 01:01:10 | Computer Name = SNL | Source = Application Error | ID = 1001
Description = Fault bucket -2113035927.
Error - 2011-01-15 20:01:00 | Computer Name = SNL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17093, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2011-01-15 20:06:42 | Computer Name = SNL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17093, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2011-01-17 22:55:50 | Computer Name = SNL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17093, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 2011-02-22 20:29:27 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:29:50 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:31:06 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:31:06 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:33:40 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:36:59 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:36:59 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:43:02 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:45:13 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
Error - 2011-02-22 20:45:13 | Computer Name = SNL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
< End of report >