Jump to content

Chkdsk ran automatically on startup now loooong shutdown


Hski

Recommended Posts

I'll send the files one at a time to see if that works.

OTListIt logfile created on: 11/5/2008 12:04:52 AM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free

2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HUMAN-ECCQD9YRE

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe

[2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[2008/10/06 23:09:14 | 06,223,048 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe

[2008/10/06 23:09:18 | 02,115,784 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe

[2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

[2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe

[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

[2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTListIt.exe

========== (O23) Win32 Services ==========

[2008/10/23 16:01:03 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008/10/23 16:01:01 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2002/10/16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [On_Demand | Stopped])

[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2008/05/28 20:58:23 | 00,051,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.1.27.3\GoogleUpdate.exe -- (gupdate1c8c12f8a6bbb80 [Disabled | Stopped])

[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped])

[2006/03/23 16:06:38 | 00,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Disabled | Stopped])

[2008/10/26 16:31:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2008/03/09 10:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [On_Demand | Stopped])

[2008/10/06 23:09:24 | 01,402,568 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat [Auto | Running])

[2008/10/06 23:09:22 | 03,321,032 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor [Auto | Running])

[2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])

[1999/09/10 07:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])

[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [system | Running])

[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2008/06/27 14:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])

[2005/04/07 16:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [system | Running])

[2002/04/05 14:00:54 | 00,073,827 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC [On_Demand | Running])

[1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [boot | Running])

[2005/04/19 18:07:48 | 00,737,789 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])

[2002/08/14 00:00:00 | 00,013,782 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeBusDr.sys -- (IdeBusDr [boot | Running])

[2002/08/14 00:00:00 | 00,093,594 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IdeChnDr.sys -- (IdeChnDr [boot | Running])

[2006/03/23 16:15:58 | 00,102,016 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2006/03/23 16:15:56 | 00,029,440 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass [system | Running])

[2006/03/23 16:15:56 | 00,033,536 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [system | Stopped])

[2008/04/13 23:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2006/07/23 14:23:11 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X [Auto | Running])

[2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2007/08/31 11:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])

[2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice [system | Running])

[2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon [system | Running])

[2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet [system | Running])

[2002/10/15 13:59:24 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [system | Running])

[2008/06/19 16:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

[2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2003/02/24 14:30:02 | 00,135,292 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\ptserial.sys -- (Ptserial [On_Demand | Stopped])

[2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2008/08/19 22:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [system | Running])

[2008/08/19 22:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])

[2008/08/19 22:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/04/21 06:26:00 | 00,457,344 | R--- | M] (SMC Networks, Inc.) -- C:\WINDOWS\system32\drivers\SMCWCBG.sys -- (SMCWCBG [On_Demand | Stopped])

[2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [boot | Running])

[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running])

[2003/05/30 16:50:46 | 00,690,973 | ---- | M] (PCTEL, INC.) -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem [boot | Running])

[2003/05/30 17:45:16 | 00,477,403 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom [boot | Running])

[2003/05/28 11:08:12 | 00,066,111 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice [boot | Running])

[2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])

[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])

[2004/04/21 16:51:00 | 00,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5 [Auto | Running])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-527237240-854245398-1060284298-500\S-1-5-21-527237240-854245398-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

O1 HOSTS File: (269159 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 9315 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Update Class) - {F286500C-177A-4316-9E88-9814FBB1DC3D} - C:\Program Files\Google\Update\1.1.27.3\GoopdateBho.dll ()

O3 - HKCU\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-527237240-854245398-1060284298-500\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" (Tall Emu)

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)

O4 - HKCU..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn)

O4 - HKU\S-1-5-21-527237240-854245398-1060284298-500..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn)

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O7 - HKU\S-1-5-21-527237240-854245398-1060284298-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O15 - HKU\.DEFAULT\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Sites: 48 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key does not exist or could not be opened.)

O18 - Protocol\Handler: - belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = -- File not found

igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}" (HKLM) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2006/07/22 23:34:38 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]

"" = G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2008/11/04 23:56:57 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe

[2008/10/31 17:32:59 | 15,405,003 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe

[2008/10/31 12:45:46 | 00,018,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm

[2008/10/30 20:18:39 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2008/10/30 19:19:39 | 00,045,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2008/10/29 22:12:41 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys

[2008/10/29 15:58:56 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2008/10/28 16:49:53 | 00,098,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html

[2008/10/28 16:17:12 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor

[2008/10/27 09:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OnlineArmor

[2008/10/27 09:11:10 | 00,178,376 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys

[2008/10/27 09:11:10 | 00,030,920 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys

[2008/10/27 09:11:10 | 00,028,872 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys

[2008/10/27 09:11:00 | 00,000,000 | ---D | C] -- C:\OnlineArmor

[2008/10/26 21:45:57 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat

[2008/10/26 20:09:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC

[2008/10/26 16:27:46 | 00,000,000 | -HSD | C] -- C:\found.000

[2008/10/25 16:12:37 | 02,692,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf

[2008/10/25 07:51:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2008/10/24 17:03:27 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/23 11:13:48 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Program Files\WinsockxpFix.exe

[2008/10/22 12:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Calibrize

[2008/10/21 11:41:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ICC Profiles

[2008/10/20 10:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaskCoach

[2008/10/20 10:24:41 | 00,000,000 | ---D | C] -- C:\Program Files\TaskCoach

[2008/10/19 09:44:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc

[2008/10/16 16:54:01 | 00,208,384 | ---- | C] (Paul McLain and Fred de Vries) -- C:\Program Files\JavaRa.exe

[2008/10/15 08:52:21 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2008/10/15 08:52:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008/10/15 08:52:16 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008/10/15 08:52:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008/10/15 08:52:10 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2008/10/15 08:52:00 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008/10/14 14:06:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\To Read

[2008/10/13 14:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2008/10/13 14:11:10 | 00,000,000 | ---D | C] -- C:\Program Files\JRE

[2008/10/13 14:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2008/10/07 09:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\Teorex

[2008/10/06 15:49:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings

[2008/10/06 15:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings

[2008/10/06 15:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\Allway Sync

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]

[2 C:\WINDOWS\*.tmp files]

[2008/11/04 23:56:58 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt.exe

[2008/11/04 23:43:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/04 23:42:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/04 22:17:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/04 21:22:43 | 00,522,208 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/04 21:22:43 | 00,441,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/04 21:22:43 | 00,071,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/10/31 17:33:16 | 15,405,003 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IDU_2.1.9.66_Light.exe

[2008/10/31 12:45:47 | 00,018,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Free Yr Radio contest official rules and regulations.htm

[2008/10/31 08:15:06 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe

[2008/10/29 15:39:30 | 00,269,159 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008/10/28 16:49:54 | 00,098,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Belarc Snapshot10-28-08.html

[2008/10/28 16:17:12 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2008/10/27 10:30:19 | 00,000,602 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/10/27 10:30:19 | 00,000,281 | -H-- | M] () -- C:\boot.ini

[2008/10/27 10:30:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/10/27 09:30:53 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx

[2008/10/27 08:22:42 | 00,082,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/10/26 21:45:58 | 00,262,144 | ---- | M] () -- C:\WINDOWS\System32\default_user_class.dat

[2008/10/26 16:23:26 | 02,648,538 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2008/10/25 16:12:37 | 02,692,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Verizon Motorolla E815 CDMA User Guide.pdf

[2008/10/22 15:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 15:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008/10/15 09:10:06 | 00,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/10/15 08:41:52 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:SummaryInformation

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Administrator\My Documents\desktop.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008/10/06 23:09:48 | 00,030,920 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAmon.sys

[2008/10/06 23:09:36 | 00,028,872 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys

[2008/10/06 23:09:32 | 00,178,376 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OADriver.sys

< End of report >

Link to post
Share on other sites

OTListIt Extras logfile created on: 11/5/2008 12:04:52 AM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.41 Mb Total Physical Memory | 744.67 Mb Available Physical Memory | 72.83% Memory free

2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.14% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 63.16 Gb Free Space | 84.75% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HUMAN-ECCQD9YRE

Current User Name: Administrator

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008/04/13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008/09/19 16:34:18 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update

"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0

"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis

"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{5A0AED3A-D592-4433-8CC8-46EE7AB7ABF7}" = SMCWCB-G WLAN Cardbus

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator

"{A3F60446-48FB-48A8-B5FC-BB3430AEF806}" = Diskeeper Lite

"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-09-09

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B10C92AE-2C2B-11DD-97B5-005056806466}" = Google Earth Plugin

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}" = Inpaint

"{B772E270-02DF-4B70-9FA8-1383BBB81FDD}" = Intel® Processor Frequency ID Utility

"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP

"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}" = Prospector

"{DD7CDE4F-23DC-4C51-B749-0198C50F352D}_is1" = PDF to Word

"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.03.125

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser

"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope

"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service

"7-Zip" = 7-Zip 4.57

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Allway Sync_is1" = Allway Sync version 8.3.1

"Almeza MultiSet Professional 5.6_is1" = Almeza MultiSet Professional 5.6

"AMP Font Viewer" = AMP Font Viewer

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"Aplus Video Converter_is1" = Aplus Video Converter 8.79

"AptEdit Pro 4.5.1 for Giveaway_is1" = AptEdit Pro 4.5.1 for Giveaway

"Auction Inquisitor" = Auction Inquisitor 1.0.0.0

"Audacity_is1" = Audacity 1.2.6

"Audit Support Center" = Audit Support Center 1.0

"Belarc Advisor 2.0" = Belarc Advisor 7.2

"BusinessCardsMX3_is1" = BusinessCardsMX 3.92

"Calibrize_is1" = Calibrize 2.0

"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600

"CCleaner" = CCleaner (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CPUMon_is1" = CPUMon

"CraigsPalFree_is1" = CraigsPalFree version 3.08

"DiskCleaner" = Disk Cleaner (remove only)

"DriverView" = DriverView

"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.5.1

"Easy Macro Recorder_is1" = Easy Macro Recorder 3.70

"Easy Unit Converter_is1" = Easy Unit Converter 1.21

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Edraw Max_is1" = Edraw Max 4

"Eraser" = Eraser

"FastStone Image Viewer" = FastStone Image Viewer 3.5

"filehippo.com" = filehippo.com Update Checker

"Foxit PDF Creator" = Foxit PDF Creator

"Foxit Reader" = Foxit Reader

"Free Hide Folder" = Free Hide Folder

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Gadwin PrintScreen" = Gadwin PrintScreen

"Glary Utilities_is1" = Glary Utilities 2.7.268

"GPL Ghostscript 8.61" = GPL Ghostscript 8.61

"GPL Ghostscript Fonts" = GPL Ghostscript Fonts

"GSpot" = GSpot Codec Information Appliance

"HijackThis" = HijackThis 2.0.2

"ie7" = Windows Internet Explorer 7

"Image Mender" = Image Mender 1.1

"Installing HSP56 MicroModem Drivers" = PCTEL 2304WT V.9x MDC Modem Drivers

"IPNetInfo" = IPNetInfo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover

"MediaCoder" = MediaCoder 0.6.1

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Mobile Photo Enhancer_is1" = Mobile Photo Enhancer 1.3

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)

"MRW!UninstallKey" = InCD Reader

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NetStat Agent_is1" = NetStat Agent 2.0

"NTREGOPT_is1" = NTREGOPT 1.1j

"OnlineArmor_is1" = Online Armor 3.0

"PC Wizard 2008_is1" = PC Wizard 2008.1.80

"Process Explorer" = Process Explorer

"RealPlayer 6.0" = RealPlayer

"Recover Keys_is1" = Recover Keys

"Revo Uninstaller" = Revo Uninstaller 1.75

"Scribus 1.3.3.12" = Scribus 1.3.3.12

"Some PDF to HTM Converter_is1" = Some PDF to HTM Converter 1.1

"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.1

"SopCast" = SopCast 3.0.3

"SpeedFan" = SpeedFan (remove only)

"StartupCPL_EXE" = StartupCPL_EXE

"SyncBack_is1" = SyncBack

"Sysinternals Software" = Sysinternals Software

"TNT Screen Capture (Free version for GiveAwayOfT~CFCC0AE8_is1" = EC Software TNT Screen Capture 2.1

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TurboTax Home & Business 2007" = TurboTax Home & Business 2007

"TV Player" = Veetle TV Player 0.9.7

"TVUPlayer" = TVUPlayer 2.3.6.1

"Unlocker" = Unlocker 1.8.7

"Veetle TV Player" = Veetle TV Player 0.9.7

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 0.9.4

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinPatrol" = WinPatrol 2008

"WinRAR archiver" = WinRAR archiver

"Wondershare Photo Collage Studio Giveaway Edition_is1" = Wondershare Photo Collage Studio 4.2.8

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Messenger" = Yahoo! Messenger

"ZipInstaller" = ZipInstaller

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Abacast Client" = Abacast Client

"Google Chrome" = Google Chrome

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-854245398-1060284298-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Abacast Client" = Abacast Client

"Google Chrome" = Google Chrome

< End of report >

Link to post
Share on other sites

  • Root Admin

Can you start Event Viewer and then highlight Application and right click and choose Save Log File As... then save it to your desktop as Hski_Application.evt then select the System and do the same thing and save it as Hski_System.evt

Then zip both of them up into a new zip file. You can password protect it if you like and then upload it to http://www.rapidshare.com

They should allow you to upload as a FREE user without any type of registration. Once the file has been uploaded they will provide you with a URL/LINK to that file. Send me a Private Message with that link and I'll download the file and take a look at it to see if I can determine what might be going on with your system. Aside from some applications loading that might be slowing it down some, nothing looks too out of line that would make it really crawl slow.

Don't forget to copy that link they give you to Notepad and save it. They will not send you an email or otherwise provide you with that link ever again if you close the browser and don't copy it down.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.