I followed the steps provided above, and here are the various logs that I've obtained:
Ad-aware log (I did this scan before following your steps above, though I thought I would post the results nonetheless):
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, April 15, 2009 11:04:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R221 18.02.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-15-2009 11:04:22 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Amanda\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Amanda\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-725345543-1958367476-839522115-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 740
ThreadCreationTime : 4-15-2009 11:29:30 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 4-15-2009 11:29:31 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 836
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 880
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)
ProductVersion : 5.1.2600.5755
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 4-15-2009 11:29:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2113)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1060
ThreadCreationTime : 4-15-2009 11:29:37 PM
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 4-15-2009 11:29:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1156
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1528
ThreadCreationTime : 4-15-2009 11:29:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccsvchst.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1828
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe
#:13 [appsvc32.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\AppCore\
ProcessID : 1932
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 1.1.1.3
ProductVersion : 1.1
ProductName : Symantec Application Core
CompanyName : Symantec Corporation
FileDescription : Symantec Application Core Service
InternalName : AppSvc32
LegalCopyright : Copyright © 1997-2007 Symantec Corporation
OriginalFilename : AppSvc32.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 280
ThreadCreationTime : 4-15-2009 11:29:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 4-15-2009 11:29:42 PM
BasePriority : Normal
FileVersion : 6.14.10.4129
ProductVersion : 6.14.10.4129
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE
#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1276
ThreadCreationTime : 4-15-2009 11:29:43 PM
BasePriority : Normal
FileVersion : 6.00.2900.5512 (xpsp.080413-2105)
ProductVersion : 6.00.2900.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:17 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 1644
ThreadCreationTime : 4-15-2009 11:29:44 PM
BasePriority : Normal
FileVersion : 2.0.4.4
ProductVersion : 2.0.4.4
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE
#:18 [sm56hlpr.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal
FileVersion : 6.10.101-16
ProductVersion : SM56 Rel. 6.10 Build 101 Preview 16
ProductName : Motorola SM56 Tray Application
CompanyName : Motorola Inc.
FileDescription : Motorola SM56 Win32 Utility
InternalName : SM56 Modem Helper
LegalCopyright : Copyright © 1998-2004, Motorola Inc.
OriginalFilename : SM56HLPR.EXE
#:19 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 1728
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal
#:20 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1820
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : Normal
FileVersion : 8.1.6 25Aug05
ProductVersion : 8.1.6 25Aug05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe
#:21 [test_bs.exe]
FilePath : C:\Program Files\AlienAutopsy\
ProcessID : 1860
ThreadCreationTime : 4-15-2009 11:29:45 PM
BasePriority : High
#:22 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 2032
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE
#:23 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 120
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:24 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 404
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
FileVersion : 80, 1, 0, 0
ProductVersion : 80, 1, 0, 0
ProductName : hpwuSchd Application
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd Application
InternalName : hpwuSchd
LegalCopyright : Copyright © Hewlett-Packard 2007
OriginalFilename : hpwuSchd.exe
#:25 [jusched.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ProcessID : 416
ThreadCreationTime : 4-15-2009 11:29:46 PM
BasePriority : Normal
#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 584
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Normal
FileVersion : 8.1.1.10
ProductVersion : 8.1.1.10
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:27 [aim6.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 608
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AIM
InternalName : AOLSoftware
LegalCopyright : © 2007 AOL LLC.
OriginalFilename : AOLSoftware.exe
#:28 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 624
ThreadCreationTime : 4-15-2009 11:29:47 PM
BasePriority : Idle
FileVersion : 1, 6, 6, 32
ProductVersion : 1, 6, 2, 0
ProductName : Spybot - Search & Destroy
CompanyName : Safer-Networking Ltd.
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2009 Safer-Networking Ltd. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
#:29 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 728
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 70.0.170.000
ProductVersion : 070.000.170.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:30 [ccaagent.exe]
FilePath : C:\Program Files\Cisco Systems\Clean Access Agent\
ProcessID : 796
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 4.01.0008
ProductVersion : 4.01.0008
ProductName : Cisco Clean Access Agent
CompanyName : Cisco Systems, Inc
FileDescription : Clean Access Agent
InternalName : CCAAgent
LegalCopyright : Cisco Systems, Inc. 2004-2009
OriginalFilename : CCAAgent.exe
Comments : Cisco Clean Access Product (4.1.8.0-081210170000)
#:31 [aolsoftware.exe]
FilePath : C:\Program Files\AIM6\
ProcessID : 896
ThreadCreationTime : 4-15-2009 11:29:48 PM
BasePriority : Normal
FileVersion : 15.6.1.1
ProductVersion : 15.6.1.1
ProductName : AOL Service Libraries
CompanyName : AOL LLC
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : Copyright © 2007 AOL LLC
OriginalFilename : AOLSoftware.exe
#:32 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 808
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 2.12.36.0
ProductVersion : 2.12.36.0
ProductName : Apple Mobile Device Service
CompanyName : Apple Inc.
FileDescription : Apple Mobile Device Service
InternalName : AppleMobileDeviceService
LegalCopyright : © 2007-2008 Apple Inc. All Rights Reserved.
OriginalFilename : AppleMobileDeviceService.exe
#:34 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 968
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 3.2.0.68
ProductVersion : 3.2.0.68
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2007 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe
#:35 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 1372
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 1,0,6,2
ProductVersion : 1,0,6,2
ProductName : Bonjour
CompanyName : Apple Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright © 2003-2008 Apple Inc.
OriginalFilename : mDNSResponder.exe
#:36 [jqs.exe]
FilePath : C:\Program Files\Java\jre6\bin\
ProcessID : 1712
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Idle
#:37 [teks_service.exe]
FilePath : C:\Program Files\AlienAutopsy\
ProcessID : 2000
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : High
FileVersion : 3.30.61.0
ProductVersion : 3.50.36.0
ProductName : DynTek ProductivIT
CompanyName : DynTek, Inc.
FileDescription : DynTek ProductivIT Service
InternalName : pitservice
LegalCopyright : © 2000-2003 DynTek, Inc.
OriginalFilename : TEKS_Service.exe
#:38 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2140
ThreadCreationTime : 4-15-2009 11:29:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:39 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2504
ThreadCreationTime : 4-15-2009 11:30:00 PM
BasePriority : Normal
FileVersion : 70.0.170.000
ProductVersion : 070.000.170.000
ProductName : hp digital imaging
CompanyName : Hewlett-Packard Development Company, L.P.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Development Company, L.P. 1995-2005
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status
#:40 [viewpointservice.exe]
FilePath : C:\Program Files\Viewpoint\Common\
ProcessID : 2572
ThreadCreationTime : 4-15-2009 11:30:04 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 54
ProductVersion : 2, 0, 0, 54
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:41 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3064
ThreadCreationTime : 4-15-2009 11:30:08 PM
BasePriority : Normal
FileVersion : 8.1.1.10
ProductVersion : 8.1.1.10
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:42 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3508
ThreadCreationTime : 4-15-2009 11:30:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.5512 (xpsp.080413-0852)
ProductVersion : 5.1.2600.5512
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:43 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 484
ThreadCreationTime : 4-15-2009 11:30:19 PM
BasePriority : Normal
#:44 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ProcessID : 440
ThreadCreationTime : 4-15-2009 11:30:19 PM
BasePriority : Normal
#:45 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2184
ThreadCreationTime : 4-15-2009 11:40:50 PM
BasePriority : Normal
#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3940
ThreadCreationTime : 4-16-2009 3:03:58 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amanda@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 6-5-2010 7:54:10 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : amanda@unicast[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:[email protected]/
Expires : 4-20-2009
LastSync : Hits:16
UseCount : 0
Hits : 16
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 15
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
10530 entries scanned.
New critical objects:0
Objects found so far: 15
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
11:23:09 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:46.719
Objects scanned:209626
Objects identified:2
Objects ignored:0
New critical objects:2
MBAM log:
Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 3
4/15/2009 11:48:10 PM
mbam-log-2009-04-15 (23-48-10).txt
Scan type: Quick Scan
Objects scanned: 67943
Time elapsed: 4 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Rooter (I was still having issues after I rebooted, so I continued on the steps):
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:95385 Mo/Free:2861 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Wed 04/15/2009|23:54
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\WINDOWS\sm56hlpr.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\AlienAutopsy\Test_BS.exe
---------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\AIM6\aim6.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
---------- C:\Program Files\AIM6\aolsoftware.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\AlienAutopsy\TEKS_Service.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009|23:54
----------------------\\ Scan completed at 23:54
OT List Log:
OTListIt logfile created on: 4/16/2009 12:05:39 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.11 Mb Total Physical Memory | 418.08 Mb Available Physical Memory | 40.90% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.81 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMANDA-D8ECCDC2
Current User Name: Amanda
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\AlienAutopsy\Test_BS.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\AlienAutopsy\TEKS_Service.exe (DynTek, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProductivITService [Auto | Running]) -- C:\Program Files\AlienAutopsy\TEKS_Service.exe (DynTek, Inc.)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (SymAppCore [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HidCom [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\BdHidCom.sys (Cypress Semiconductor)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVEX15.SYS (Symantec Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMBios [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SMBios.sys (Intel Corporation)
DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (speedfan [Boot | Running]) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20090407.002\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TeksKernel [System | Running]) -- C:\WINDOWS\System32\Drivers\TeksKernel.sys (DynTek, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viamraid [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA Technologies inc,.ltd)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {34274bf4-1d97-a289-e984-17e546307e4f}:0.5.3.043
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/09 01:18:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/05 17:36:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 14:52:45 | 00,000,000 | ---D | M]
[2008/09/03 19:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions
[2008/09/03 19:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 22:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4cu8eklb.default\extensions
[2008/03/16 00:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4cu8eklb.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009/04/13 22:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 14:52:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/01 00:53:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/12/05 18:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/09 01:18:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/29 14:52:40 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 14:52:40 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/24 21:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 21:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/24 21:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 12:41:30 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 21:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 21:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 21:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (305034 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10507 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {097E7337-311D-44FF-A853-3F454FE1A682} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec....abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[5 C:\WINDOWS\*.tmp files]
[2009/04/16 00:04:33 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/04/15 23:53:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 23:53:38 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/04/15 23:42:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
[2009/04/15 23:42:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/15 23:42:10 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 23:42:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/15 23:42:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/15 23:42:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/15 23:40:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 23:39:32 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2009/04/15 23:39:32 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2009/04/15 23:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 01:52:01 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal Comm Shaun of the Dead.doc
[2009/04/15 01:48:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 01:48:37 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 01:48:36 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 01:48:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 01:48:36 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 01:48:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 01:48:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 01:48:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 01:48:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 01:48:04 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 01:48:03 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 01:48:02 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/14 02:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Local Settings\Application Data\Help
[2009/04/14 02:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Help
[2009/04/14 01:53:45 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2009/04/14 01:53:26 | 00,000,000 | ---D | C] -- C:\Temp
[2009/04/14 01:53:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Syntrillium
[2009/04/08 01:19:18 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/08 01:18:54 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/08 01:18:50 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/08 01:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/03 22:01:32 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Amanda\Desktop\setup-spybotsd162.exe
[2009/03/29 15:48:10 | 00,019,390 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal S09.docx
[2009/03/25 22:18:15 | 00,019,299 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\movie_analysis_xmas_vacation.docx
[2009/03/21 10:06:58 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/20 02:24:41 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/03/20 02:24:22 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/03/02 01:46:13 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/02 00:01:53 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/03/01 01:36:46 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2008/02/24 23:49:31 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2008/02/24 23:49:31 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2008/02/24 23:49:31 | 00,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2008/02/24 23:49:31 | 00,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2008/02/24 23:49:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2008/02/24 23:49:31 | 00,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2008/02/24 23:49:30 | 00,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2008/02/24 23:48:39 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/02/26 17:24:20 | 00,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 17:22:42 | 00,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 17:22:36 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 17:22:34 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 17:22:30 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 17:22:24 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 17:22:14 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 17:22:04 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 17:21:46 | 00,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 17:21:38 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 17:21:38 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 15:21:22 | 03,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 15:21:22 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 15:21:22 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 15:21:22 | 00,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 15:21:22 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 15:21:22 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 15:21:22 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 15:21:22 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 15:21:22 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 15:21:22 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 15:21:22 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 15:21:22 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 15:21:22 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 15:21:22 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 15:21:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 15:21:22 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 15:21:22 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 15:21:22 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 15:21:22 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/30 01:03:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/01 10:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 10:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/07/07 11:51:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2005/08/31 11:52:09 | 00,000,707 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/31 11:52:02 | 00,000,254 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/31 11:50:15 | 00,002,356 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/17 18:18:30 | 00,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/04/03 15:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/16 00:04:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/04/15 23:57:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 23:56:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 23:53:38 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/04/15 23:52:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 23:42:10 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 23:39:32 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\NTREGOPT.lnk
[2009/04/15 23:39:32 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\ERUNT.lnk
[2009/04/15 02:29:58 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal Comm Shaun of the Dead.doc
[2009/04/15 02:09:57 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 02:09:57 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 02:09:57 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 01:53:58 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/14 01:53:45 | 00,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/14 01:53:45 | 00,000,029 | ---- | M] () -- C:\WINDOWS\wordpad.ini
[2009/04/14 01:53:26 | 00,000,254 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/13 21:51:08 | 00,000,558 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Amanda.job
[2009/04/13 18:24:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/03 22:09:15 | 00,305,034 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/03 22:08:16 | 00,305,034 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090403-220915.backup
[2009/04/03 22:05:11 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Spybot - Search & Destroy.lnk
[2009/04/03 22:03:19 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Amanda\Desktop\setup-spybotsd162.exe
[2009/03/29 15:48:10 | 00,019,390 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Interpersonal S09.docx
[2009/03/28 09:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/25 22:18:15 | 00,019,299 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\movie_analysis_xmas_vacation.docx
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2009/03/21 10:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/03/20 02:24:41 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
< End of report >
Extras Log:
OTListIt Extras logfile created on: 4/16/2009 12:05:39 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.11 Mb Total Physical Memory | 418.08 Mb Available Physical Memory | 40.90% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.81 Gb Free Space | 71.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMANDA-D8ECCDC2
Current User Name: Amanda
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04010300-6D72-4D54-8686-91D884A27B5C}" = Cisco Clean Access Agent
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3477095F-9C20-4ACC-A085-E7AAAA3ACAB2}" = SymNet
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AAC65C9-A7BE-40D4-9EF1-F17C4B73516A}" = Symantec Real Time Storage Protection Component
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F76F68F-585B-4693-8B09-5B411E265595}" = AlienAutopsy
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C6A8BB79-7DA0-4EE1-964A-FF1A4F746B02}" = ATI Catalyst Control Center
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"6F8C52CF07BBF1FE2471DC68C08F06D7C58B7D49" = Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"D-i-v-X - AV Codec Pack" = D-i-v-X - AV Codec Pack (Pro) 1.1.0
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.480
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"PosterPrint" = PosterPrint 2.3
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SpeedFan" = SpeedFan (remove only)
"Spermies_is1" = Spermies 1.0
"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/29/2009 11:20:58 PM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/12/2009 2:55:36 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/27/2009 3:26:46 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/5/2009 5:36:52 PM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/10/2009 12:48:44 AM | Computer Name = AMANDA-D8ECCDC2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/14/2009 6:56:50 PM | Computer Name = AMANDA-D8ECCDC2 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 4/14/2009 7:14:06 PM | Computer Name = AMANDA-D8ECCDC2 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
< End of report >