Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue Process?

Started by kpedrotti , Dec 26 2009 01:56 PM

  • Please log in to reply

#1
kpedrotti
Posted 26 December 2009 - 01:56 PM

kpedrotti

    New Member

  • Member
  • Pip
  • 7 posts
I'm concerned that some virus/malware starts a hidden process that periodically consumes CPU power. This seems to happen roughly periodically midweek and will subside if left overnight but not upon reboot. I cannot find the offending process through either the Task Manager or Process watcher. I have gone through the Malware and Spyware Cleaning guide procedure and am posting the logs just to see if in fact this could be due to some malware on my system. Could there be a rogue/hidden process, or does my machine look clean. Much obliged.

Malwarebytes' Anti-Malware 1.42
Database version: 3426
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/25/2009 5:47:44 AM
mbam-log-2009-12-25 (05-47-44).txt

Scan type: Quick Scan
Objects scanned: 140764
Time elapsed: 36 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-25 20:25:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwCreateKey [0xB58D5FA0]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwDeleteKey [0xB58D60F6]
SSDT \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) ZwSetValueKey [0xB58D615C]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 12/25/2009 10:03:04 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop\12-25-VirusScan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 124.52 Gb Free Space | 53.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 114.55 Gb Free Space | 49.19% Space Free | Partition Type: NTFS

Computer Name: KDPTOP
Current User Name: kdp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/25 22:00:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\12-25-VirusScan\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/14 09:52:42 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/10/31 14:35:39 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 04:22:15 | 00,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/09/22 11:09:02 | 00,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Replay Media Catcher\FLVSrvc.exe
PRC - [2009/09/09 13:19:44 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009/08/05 13:47:20 | 01,602,048 | ---- | M] (Copernic Inc.) -- C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/11 00:38:15 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/06/11 00:37:04 | 00,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/05/02 18:30:52 | 00,561,592 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/03/09 18:59:32 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/01/30 07:45:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 12:00:26 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 12:00:20 | 00,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/11 16:35:22 | 00,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/11/11 16:35:20 | 00,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/09/25 11:25:14 | 00,237,657 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\DellXPM09B_6087v035\WDM\stacsv.exe
PRC - [2008/09/15 01:57:04 | 00,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2008/08/21 10:30:50 | 01,862,712 | ---- | M] (WiQuest Communications, Inc.) -- C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
PRC - [2008/08/21 05:04:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/07/10 19:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 19:32:38 | 00,352,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 19:30:46 | 01,351,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/07/10 19:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 19:13:50 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/07/10 19:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/30 15:26:22 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/04/09 19:23:22 | 00,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 19:11:24 | 02,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/03/21 19:32:04 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/04 08:46:48 | 00,107,832 | ---- | M] () -- C:\Program Files\BounceBack Professional\BBLauncher.exe
PRC - [2008/01/04 08:46:10 | 00,036,864 | ---- | M] (CMS Products™, Inc.) -- C:\Program Files\BounceBack Professional\BBWatcherService.exe
PRC - [2007/10/25 16:23:36 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/09/08 14:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/02/09 22:22:52 | 00,401,408 | ---- | M] (ergonis software) -- C:\Program Files\ergonis\PopChar\PopChar.exe
PRC - [2004/04/13 17:03:10 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\palmOne\HOTSYNC.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/25 22:00:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\12-25-VirusScan\OTL.exe
MOD - [2009/12/25 21:20:28 | 00,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2009/11/21 07:51:04 | 00,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2009/08/14 01:23:52 | 00,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/14 04:00:00 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 11:03:18 | 00,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/05 04:22:15 | 00,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/09 13:19:44 | 00,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009/07/18 10:34:32 | 00,091,392 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/11 00:38:15 | 00,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/05/05 10:19:14 | 00,451,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/05/02 18:30:52 | 00,561,592 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/21 01:08:43 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/09 18:59:32 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a12c42d8c90a) Google Update Service (gupdate1c9a12c42d8c90a)
SRV - [2009/01/30 07:45:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/08 05:40:00 | 00,128,280 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2008/12/08 05:40:00 | 00,115,992 | ---- | M] (EMC Corporation) [Disabled | Stopped] -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe -- (RetroLauncher)
SRV - [2008/12/04 12:00:26 | 00,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/11 16:35:22 | 00,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/11/11 16:35:20 | 00,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/10/10 04:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/25 11:25:14 | 00,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\DellXPM09B_6087v035\WDM\stacsv.exe -- (STacSV)
SRV - [2008/09/15 01:57:04 | 00,262,360 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2008/08/21 05:04:27 | 00,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/08/15 08:51:34 | 00,342,624 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/07/10 19:42:14 | 00,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 19:32:38 | 00,352,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/07/10 19:23:22 | 00,901,120 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 19:12:40 | 00,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/09 20:42:00 | 00,492,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/01/04 08:46:10 | 00,036,864 | ---- | M] (CMS Products™, Inc.) [Auto | Running] -- C:\Program Files\BounceBack Professional\BBWatcherService.exe -- (BBWatcherService)
SRV - [2007/11/06 12:22:26 | 00,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/07/11 09:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/06/13 14:15:40 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/31 09:45:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ucsc.edu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ucsc.edu/"

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/20 11:39:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/01/11 21:06:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/19 09:47:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/19 09:29:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/19 09:29:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/08 15:05:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/11/08 15:06:16 | 00,000,000 | ---D | M]

[2009/01/11 20:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/12/20 21:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions
[2009/01/11 20:09:57 | 00,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2009/12/20 11:06:26 | 00,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/02 09:13:12 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/23 20:55:25 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/12 23:23:01 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/01/16 02:01:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\Access Privileges Test
[2009/12/07 08:49:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\[email protected]
[2009/05/08 14:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cmkq0jzl.default\extensions\[email protected]
[2009/01/11 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\enud7k8n.default\extensions
[2008/11/20 13:48:41 | 00,005,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\enud7k8n.default\searchplugins\Copernic.xml
[2009/12/20 21:02:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/16 02:02:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\BounceBack Professional\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PopChar.lnk = C:\Program Files\ergonis\PopChar\PopChar.exe (ergonis software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB Manager.lnk = C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe (WiQuest Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: chase.com ([chaseonline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dellactivations.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([updateservice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1223593480016 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1223593538188 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~3.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 14:13:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/25 14:19:18 | 00,000,031 | ---- | M] () - C:\autorun.txt -- [ NTFS ]
O32 - AutoRun File - [2008/10/09 14:13:45 | 00,000,000 | ---- | M] () - J:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{72111b3b-1c93-11de-b261-00216a0149e8}\Shell\AutoRun\command - "" = 8.bat
O33 - MountPoints2\{72111b3b-1c93-11de-b261-00216a0149e8}\Shell\explore\Command - "" = 8.bat
O33 - MountPoints2\{72111b3b-1c93-11de-b261-00216a0149e8}\Shell\open\Command - "" = 8.bat
O33 - MountPoints2\{b72e7329-284c-11de-b26a-00216a0149e8}\Shell - "" = AutoRun
O33 - MountPoints2\{b72e7329-284c-11de-b26a-00216a0149e8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b72e7329-284c-11de-b26a-00216a0149e8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/11 21:19:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54328119363895296)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/25 06:02:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/25 05:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/25 05:48:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\12-25-VirusScan
[2009/12/24 16:04:16 | 00,000,000 | ---D | C] -- C:\Program Files\InterActual
[2009/12/24 15:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\iPodTouch
[2009/12/21 20:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\CarlasComputerVirus
[2009/12/20 22:08:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nathan
[2009/12/14 14:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\VPL
[2009/12/14 14:52:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Video Padlock
[2009/12/14 11:05:08 | 00,000,000 | ---D | C] -- C:\SmartSound Software
[2009/12/14 11:04:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/21 14:26:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2009/05/21 14:26:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2009/01/11 20:53:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/01/11 20:53:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/11 20:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/01/11 20:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/01/11 20:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/11 20:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/01/11 20:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2008/10/09 16:32:06 | 00,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe

========== Files - Modified Within 14 Days ==========

[2009/12/25 21:40:15 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/25 21:23:44 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/25 21:23:44 | 00,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/25 21:23:44 | 00,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/25 21:20:32 | 00,211,929 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/25 21:20:32 | 00,211,929 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/12/25 21:20:17 | 00,195,312 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/25 21:20:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/25 21:19:37 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/12/25 21:17:05 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/25 21:17:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/25 21:16:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/25 06:05:53 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\cntp.ini
[2009/12/25 05:59:56 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/12/25 05:59:56 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/12/24 21:59:08 | 08,388,608 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2009/12/24 16:09:53 | 00,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2009/12/24 16:09:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2009/12/22 16:37:19 | 05,984,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\filesync.metadata
[2009/12/22 12:42:05 | 00,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/20 03:00:00 | 00,000,590 | ---- | M] () -- C:\WINDOWS\tasks\New scan.job
[2009/12/18 10:45:56 | 02,648,024 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/12/16 20:25:02 | 00,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/16 20:15:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/16 20:10:57 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/12/14 15:44:33 | 00,078,484 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/14 15:29:16 | 00,096,216 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/12/14 14:50:43 | 00,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Applian Director.lnk
[2009/12/14 14:46:20 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Schedule8.dat
[2009/12/14 14:44:38 | 00,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2009/12/14 14:44:35 | 00,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/12/14 11:43:10 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\moviemk.exe.lnk
[2009/12/14 11:03:03 | 00,001,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 8.0.lnk

========== Files Created - No Company Name ==========

[2009/12/25 05:59:56 | 00,000,613 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/12/25 05:59:56 | 00,000,594 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/12/24 16:09:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/24 16:04:22 | 00,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterActual Player.lnk
[2009/12/22 12:42:05 | 00,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/14 14:52:39 | 00,000,530 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\VideoPadlockLog.log
[2009/12/14 14:46:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Schedule8.dat
[2009/12/14 11:43:10 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\moviemk.exe.lnk
[2009/12/14 11:03:03 | 00,001,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Premiere Elements 8.0.lnk
[2009/12/08 12:31:07 | 00,004,432 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).NOT
[2009/12/08 12:29:05 | 00,008,326 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).JNL
[2009/12/07 20:25:02 | 00,000,905 | ---- | C] () -- C:\WINDOWS\MD_MicroDiffs.INI
[2009/12/07 20:25:02 | 00,000,905 | ---- | C] () -- C:\WINDOWS\MD_MacroDiffs.INI
[2009/12/07 20:25:02 | 00,000,817 | ---- | C] () -- C:\WINDOWS\CFX.INI
[2009/12/07 19:13:40 | 00,000,103 | ---- | C] () -- C:\WINDOWS\SW_Win2000X9.DLL
[2009/12/07 19:08:24 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2009/12/07 19:08:24 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\WordCX.INI
[2009/12/07 19:08:23 | 00,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win2000X16.DLL
[2009/12/07 19:08:17 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2009/12/07 19:08:16 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\DrakeCom.dll
[2009/12/07 19:08:16 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll
[2009/12/07 19:08:16 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2009/12/06 15:24:41 | 00,016,092 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ReplayConverterLog.log
[2009/12/06 14:09:24 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/30 09:46:18 | 00,003,021 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\cntp.nws
[2009/11/28 11:06:43 | 00,038,502 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2009/11/18 12:49:52 | 00,013,033 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).CAL
[2009/11/17 08:35:36 | 00,045,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\ReplayMusicLog.log
[2009/09/09 13:19:44 | 00,201,216 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/11 13:08:01 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/04/14 15:33:44 | 00,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/04/14 15:33:41 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/03/28 11:28:19 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/28 11:28:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/05 16:47:18 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2008/12/24 17:20:08 | 00,188,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/12/23 13:59:34 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
[2008/12/23 13:51:36 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/12/10 22:33:49 | 06,562,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BounceBack.log
[2008/12/08 10:02:06 | 00,002,634 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/11/29 19:42:35 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/11/25 12:15:12 | 00,000,143 | ---- | C] () -- C:\WINDOWS\KGOleSrv.INI
[2008/11/24 16:19:40 | 05,984,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\filesync.metadata
[2008/11/24 16:19:40 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/24 16:14:14 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\cntp.ini
[2008/11/20 14:24:51 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/20 14:08:44 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2008/11/20 14:08:44 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/11/20 14:06:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/20 13:53:59 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/11/20 13:45:56 | 00,000,483 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/20 13:38:19 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/14 15:53:51 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/09 16:30:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tsetup.INI
[2008/10/09 14:10:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/08/15 08:46:30 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/04/14 04:00:00 | 00,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 04:00:00 | 00,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 04:00:00 | 00,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 04:00:00 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 04:00:00 | 00,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/02/18 22:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/06 12:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/09/19 19:05:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/19 19:05:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/19 19:05:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/19 19:05:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/30 12:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 18:51:34 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/04/01 18:45:50 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/10/22 23:00:00 | 00,057,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\drvlw.sys
[1998/10/22 23:00:00 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ftpnls32.dll
[1998/10/22 23:00:00 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\upgdrvlw.dll
[1998/10/21 23:00:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\upgftps.dll
[1998/10/21 23:00:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\upgftpap.dll
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/01/11 20:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2009/01/11 20:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/02 10:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2009/01/11 20:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Design Science
[2009/01/11 20:09:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
[2009/12/24 12:18:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GoodSync
[2009/01/11 20:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mathsoft
[2009/01/11 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2009/01/11 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NewSoft
[2009/12/01 18:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NoteTab Pro
[2009/01/11 20:09:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2009/04/14 15:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2009/11/30 09:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish or Perish
[2009/01/11 20:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009/11/14 16:27:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH
[2009/01/11 20:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2009/08/27 14:02:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2009/01/11 20:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/02/17 02:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
[2009/01/11 20:10:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VCOM
[2009/12/06 15:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\YouSendIt
[2009/04/08 12:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/01/11 20:52:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/31 13:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2009/01/11 20:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/06/24 09:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/04/14 15:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/16 10:59:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2009/01/11 20:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/01/11 20:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/11 20:53:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/01/11 20:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2009/10/21 13:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/01/11 20:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/01/11 20:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/11/08 15:08:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 10:25:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/02 13:25:03 | 00,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\Acronis True Image Home test.job
[2009/05/03 22:30:54 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\Acronis True Image Home.job
[2009/05/13 14:24:50 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Calculator.job
[2009/05/02 15:23:09 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Chronograph Lite 3.job
[2009/12/20 03:00:00 | 00,000,590 | ---- | M] () -- C:\WINDOWS\Tasks\New scan.job
[2009/04/28 20:42:41 | 00,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Retrospect 7.job
[2009/04/28 20:46:33 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\SyncToyCmd.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 23:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 13:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\hdd\iastor\iastor.sys
[2008/06/15 06:11:58 | 00,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\Dell\Drivers\R190228\IaStor.sys
[2008/06/15 05:11:58 | 00,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\WINDOWS\Drivers\HDD\IASTOR.SYS
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Dell\Drivers\R213316\IaStor.sys
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\DRVSTORE\iaStor_26261AF18B34E3C330200EE1918BC78F557D43BC\iaStor.sys
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\ReinstallBackups\0033\DriverFiles\iaStor.sys
[2008/12/04 11:48:52 | 00,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/12/04 11:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Dell\Drivers\R207268\IaStor.sys
[2008/12/04 11:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/12/04 11:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/12/04 11:34:52 | 00,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\WINDOWS\system32\DRVSTORE\iaStor_878275815B862E4ECAC1A723DF0037229EA86A26\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 13:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\Drivers\HDD\NVATA.SYS
[2006/10/18 14:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\hdd\nvraid\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/10/18 12:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\Drivers\HDD\NVATABUS.SYS
[2006/10/18 13:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\hdd\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/25/2009 10:03:04 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Administrator\Desktop\12-25-VirusScan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 124.52 Gb Free Space | 53.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.88 Gb Total Space | 114.55 Gb Free Space | 49.19% Space Free | Partition Type: NTFS

Computer Name: KDPTOP
Current User Name: kdp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Mathematica\7.0\Mathematica.exe" = C:\Program Files\Mathematica\7.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 7 -- (Wolfram Research, Inc.)
"C:\Program Files\Mathematica\7.0\MathKernel.exe" = C:\Program Files\Mathematica\7.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 7 Kernel -- (Wolfram Research, Inc.)
"C:\Program Files\Mathematica\7.0\math.exe" = C:\Program Files\Mathematica\7.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Program Files\MathType\MathType.exe" = C:\Program Files\MathType\MathType.exe:*:Enabled:MathType -- (Design Science, Inc.)
"C:\Documents and Settings\Administrator\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\Administrator\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"D:\content\SearchSvr_Windows.exe" = D:\content\SearchSvr_Windows.exe:*:Enabled:SearchSvr_Windows -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SplashData\SplashShopper for iPhone\SplashShopper Desktop.exe" = C:\Program Files\SplashData\SplashShopper for iPhone\SplashShopper Desktop.exe:*:Enabled:SplashShopper Desktop -- ()
"C:\Program Files\SplashData\SplashID for iPhone\SplashID Desktop.exe" = C:\Program Files\SplashData\SplashID for iPhone\SplashID Desktop.exe:*:Enabled:SplashID Desktop -- (SplashData, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3F2F0832-621B-11D3-8F18-004033A05B8E}" = Canvas 7
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4DA016C7-9AC2-4BA7-AD31-3EBA29BC21B1}" = Oracle Calendar
"{4EBDDD97-BC33-4F4C-8DF3-4FA4D83DF84E}" = Retrospect 7.6
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}" = StuffIt Expander 2009
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78183C31-521C-438E-98C3-B646B0037A7F}" = Mathcad 12
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88F92798-59AB-474F-B40D-1EC5F782F7EE}" = Ulead VideoStudio 9.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{913B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Professional 2002
"{985556E5-353F-4AA9-9E75-29AB8A5E4E14}" = Harzing's Publish or Perish 2.7.3499
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}" = SplashID
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DDF9EE-C67F-368B-EB42-ECB44FD7556D}" = Adobe Photoshop.com Inspiration Browser
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{DCB63CEC-C6A3-4963-A5D0-6C03EE0CC08F}" = CardScan 6.0.4
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EF775EA3-7AA1-49F5-A900-DCDA50610E03}" = Dell Mobile Broadband Card Utility
"{F0681859-D086-4384-B204-386FA7D80A5B}" = SplashShopper
"{F1223D5A-C34D-46DB-8E3A-4E051A0EC824}" = FlipShare
"{F1608947-B8A4-4D65-A7B8-8B1D669C0E2C}" = SnagIt 7
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB068BA4-C6EA-4D47-A491-C40E23E77F89}" = Motorola Driver Installation 3.9.0
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"AI RoboForm" = AI RoboForm (All Users)
"AltoMP3 Gold" = AltoMP3 Gold 5.10
"Applian Director1.1" = Applian Director
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 7.2
"Canon MP830 User Registration" = Canon MP830 User Registration
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"Chapura PocketCopy Uninstall_is1" = Chapura PocketCopy 2.1.3
"Chronograph Lite_is1" = Chronograph Lite 3.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Diff Doc_is1" = Diff Doc
"Doc Scrubber_is1" = Doc Scrubber v1.1
"DSMT5" = MathType 5
"ergonis PopChar_is1" = PopChar 2.1
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FLVPlayer" = FLV Player 1.3.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GraphCalc v4.0 Alpha_is1" = GraphCalc v4.0 Alpha
"Graphing Calculator" = Graphing Calculator
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.0
"hp officejet g series 1228759324" = hp officejet g series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"KaleidaGraph 3.5" = KaleidaGraph 3.5
"KaleidaGraph 3.6" = KaleidaGraph 3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"M-WIN-L 7.0.1 1213965_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Pro 6_is1" = NoteTab Pro 6 (Remove only)
"NoteTab Pro_is1" = NoteTab Pro (Remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"ONA-210" = OnNet Host Suite 5.0
"Pdf995" = Pdf995
"Phaser 3.0-20070414" = Phaser
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Picasa 3" = Picasa 3
"PremElem80" = Adobe Premiere Elements 8.0
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Replay Converter 3" = Replay Converter 3
"Replay Media Catcher 3.11" = Replay Media Catcher
"Replay Music3.90" = Replay Music
"Replay Music3.93" = Replay Music
"Replay Video Capture4.1" = Replay Video Capture
"Replay_AV_807" = Replay AV 8
"Replay_Media_Splitter_1.2" = Replay Media Splitter 1.7.911
"Software Update Wizard (Redistributable)" = Software Update Wizard (Redistributable) 4.5
"SpeedFan" = SpeedFan (remove only)
"SplashID iPhone Desktop" = SplashID iPhone Desktop 5.1
"SplashShopper iPhone Desktop" = SplashShopper iPhone Desktop 3.0.2
"ST6UNST #1" = Machinehead PowerCalc (32 bit)
"SystemRequirementsLab" = System Requirements Lab
"TreeSize Personal_is1" = TreeSize Personal 4.1
"TurboTax 2008" = TurboTax 2008
"Video Padlock1.12" = Video Padlock
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Ycopy_is1" = Ycopy 1.0d

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Professional
"f031ef6ac137efc5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2009 6:40:09 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/25/2009 7:40:11 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/25/2009 8:40:27 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/25/2009 9:40:06 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/25/2009 10:40:05 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/25/2009 11:40:06 PM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 12:40:07 AM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 1:17:13 AM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 1:22:31 AM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

Error - 12/26/2009 1:40:05 AM | Computer Name = KDPTOP | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 12/25/2009 6:49:28 PM | Computer Name = KDPTOP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 12/25/2009 7:43:48 PM | Computer Name = KDPTOP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 12/25/2009 8:24:39 PM | Computer Name = KDPTOP | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 12/26/2009 1:16:56 AM | Computer Name = KDPTOP | Source = Disk | ID = 262159
Description = The device, , is not ready for access yet.

Error - 12/26/2009 1:16:56 AM | Computer Name = KDPTOP | Source = Disk | ID = 262159
Description = The device, , is not ready for access yet.

Error - 12/26/2009 1:16:56 AM | Computer Name = KDPTOP | Source = Disk | ID = 262159
Description = The device, , is not ready for access yet.

Error - 12/26/2009 1:19:53 AM | Computer Name = KDPTOP | Source = Service Control Manager | ID = 7000
Description = The rimmptsk service failed to start due to the following error: %%2

Error - 12/26/2009 1:20:31 AM | Computer Name = KDPTOP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2009 1:20:32 AM | Computer Name = KDPTOP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 12/26/2009 1:20:32 AM | Computer Name = KDPTOP | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP