Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

1 out of 3 Of My XP Machines Has Slow Internet Access


  • Please log in to reply

#1
DerbyDad03

DerbyDad03

    Member

  • Member
  • PipPip
  • 78 posts
Hi folks!

Happy New Year.

I need some help determining why one of my three XP machine's internet access is so slow.

I've got 3 wired PC's on my router. When I run a speed test from http://www.speedtest.net/, 2 of the 3 machines show a > 10Mbps download speed, the 3rd runs at about 5 - 6 Mbps.

The slow PC has the same Asrock mobo with the on-board Ethernet port as one of the faster machines. (The 3rd machine has a different mobo, more memory, etc. so it may not be a valid comparison) All three machines are running XP Home.

I purchased a PCI 10/100 network card and tried it in the slow PC with no improvement.

I run SuperAntiSpyware on startup and Avast anti-virus. I run Hit Man Pro on a regular basis.

I've eliminated the cable and the router port as the problem by switching things around, using different ports, different cables, etc. The fast machines are always fast, the slow machine is always slow, no matter what cable or port I use. Even if the slow machine is connected directly to the cable modem, it is still slow.

In other words, the issue is within the machine itself and I can't find it.

I tried all 5 of TweakMASTER's automatic "Optimization" options with no improvement. I let it reset everything to the Windows defaults with no improvement.

Any and all suggestions would be appreciated.

Thanks!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
Start, All Programs, Accessories, Command Prompt then type (with an Enter after each line. I use two spaces in the code box so you can see where 1 space goes:


ipconfig

note the IP address of the gateway.

ping  -n  100  gatewayIP

(Substitute the IP address of the gateway in the above.  Do all of the pings work?)

netstat  -s  >  \junk.txt

notepad  \junk.txt

(copy and paste the text into a reply.  Close notepad.)

proxycfg  -d

netsh winsock reset catalog

netsh int ip reset \reset.log

notepad  \reset.log

(copy and paste the text into a reply.  Close notepad.)

reboot the machine and retest. If no improvement:

Download OTL per the instructions
http://www.geekstogo...cleaning-guide/

Run OTL but do the following:

In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Thank you for your reply and assistance.

I started working on the tasks that you assigned but ran into a problem.

re: Do all of the pings work?

Yes, 98 <1 ms, 2 =1 ms

re: netstat -s > \junk.txt

netstat junk.txt pasted below

re: proxycfg -d

Appears to have run fine

re: netsh winsock reset catalog

netsh is not recognized as an internal or external command, operable program or batch file.

I stopped at that point and await your response.

Thanks again!

netstat junk.txt
IPv4 Statistics

Packets Received = 264203
Received Header Errors = 0
Received Address Errors = 209
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 1
Received Packets Delivered = 264198
Output Requests = 248985
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 6
Reassembly Successful = 3
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 1022 206
Errors 0 0
Destination Unreachable 830 36
Time Exceeded 21 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 1 0
Echos 70 100
Echo Replies 100 70
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics for IPv4

Active Opens = 5179
Passive Opens = 2336
Failed Connection Attempts = 698
Reset Connections = 1304
Current Connections = 12
Segments Received = 148587
Segments Sent = 146469
Segments Retransmitted = 1769

UDP Statistics for IPv4

Datagrams Received = 115199
No Ports = 642
Receive Errors = 39
Datagrams Sent = 99393
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
netsh was added to Windows back in Win2K so it should be there in C:\windows\system32 tho there was some malware which used the same name but lived in C:\windows so an anti-virus may have eaten it. Make sure the login has Administrator powers. Open a command prompt and type:

dir  /a  \windows\system32\netsh.exe 


Does it find it? Try the netsh commands with the full path e.g. \windows\system32\netsh winsock reset catalog If not:

sfc  /scannow

(this will take a few minutes.  It may ask for your XP CD.  If you don't have it or it doesn't like it just Continue/Skip until it finishes.)

cd  \
dir  /a  /s  netsh.*  >  \junk.txt

(takes a few minutes too just wait for the prompt to return.)
notepad  \junk.txt


Copy and Paste the results.

Go ahead and run OTL, Process Explorer and VEW. That will let me see if something funky is going on.
  • 0

#5
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
re: dir /a \windows\system32\netsh.exe
Does it find it?


No

I did a search for the file and the only occurrence was in:

C:\WINDOWS\$NtServicePackUninstall$

I can copy it into \windows\system32\ if you want me to.

As far as the sfc /scannow, OTL, Process Explorer and VEW runs...all that will have to wait until after work.

I should be able to get back to them this evening, EST.

Thanks again for your help.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
Go ahead and copy it then see if the two commands will work.
  • 0

#7
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
This the first of 2 responses.


I copied the netsh.exe into c:\windows\system32 and ran it.

The log after running these 2 commands folows:

netsh winsock reset catalog

netsh int ip reset \reset.log


After I send it, I'll run a Speed Test from http://www.speedtest.net/, reboot, run another speedtest and post the results along with the OTL, Process Explorer and VEW logs.

reset.log

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2A3E67E6-43C9-4199-984A-A9946595CAD6}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2B89C268-0A0A-4452-A22B-1E48EC63B4B1}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2B89C268-0A0A-4452-A22B-1E48EC63B4B1}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{82DC5AB1-5DCF-4E64-A514-022A492DD078}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{82DC5AB1-5DCF-4E64-A514-022A492DD078}\NetbiosOptions
added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{A0C66CA8-12C7-4911-BE97-66CA1415E46B}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A421314-974C-41F1-A5D1-1A9FB3E8C142}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A3E67E6-43C9-4199-984A-A9946595CAD6}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2A3E67E6-43C9-4199-984A-A9946595CAD6}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B89C268-0A0A-4452-A22B-1E48EC63B4B1}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B89C268-0A0A-4452-A22B-1E48EC63B4B1}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B89C268-0A0A-4452-A22B-1E48EC63B4B1}\TcpWindowSize
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D6F1A4B-3456-4364-8AC6-2BBF1265030B}\UdpAllowedPorts
old REG_MULTI_SZ =
0

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\Mtu
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\TcpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\TcpWindowSize
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8198AD5F-6308-4828-9102-162734C293A1}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82DC5AB1-5DCF-4E64-A514-022A492DD078}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82DC5AB1-5DCF-4E64-A514-022A492DD078}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{82DC5AB1-5DCF-4E64-A514-022A492DD078}\TcpWindowSize
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\Mtu
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\TcpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\TcpWindowSize
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9EC4D0D8-C365-44BD-8CD6-135B1B4C6149}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A0C66CA8-12C7-4911-BE97-66CA1415E46B}\Mtu
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A0C66CA8-12C7-4911-BE97-66CA1415E46B}\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_E1021ACB&REV_10\4&2E98101C&0&18F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_81391849&REV_10\4&2E98101C&0&28F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_10EC&DEV_8139&SUBSYS_3186109F&REV_10\4&3B90381F&0&10F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>
  • 0

#8
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
The is the 2nd of my 2 responses.

I ran a speed test from speedtest.net before rebooting with the following results:

Ping: 108 ms
Download: 4.85 Mb/s
Upload: 0.92 Mb/s

After the reboot, these were the results:

Ping: 108 ms
Download: 5.93 Mb/s
Upload: 0.94 Mb/s

The high 4's to high 5's is the normal range for this machine, while the 2 other machines in this house both do over 10 Mb/s download.

Here are the logs that you requested:

otl.txt

OTL logfile created on: 01/13/11 11:45:10 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Dave\Desktop\Cleaners 1-11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 11.25 Gb Free Space | 14.74% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/01/13 23:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\desktop\Cleaners 1-11\OTL.exe
PRC - [2010/12/16 07:38:50 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/11 09:17:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/01 11:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/01 06:48:45 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/14 14:48:42 | 000,644,368 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe
PRC - [2008/05/09 11:09:50 | 000,267,536 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 21:18:29 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/05/14 06:10:00 | 002,277,376 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
PRC - [2004/05/14 06:10:00 | 000,025,088 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe


========== Modules (SafeList) ==========

MOD - [2011/01/13 23:40:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\desktop\Cleaners 1-11\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/28 21:54:28 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/24 10:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2008/10/01 06:48:45 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/05/01 12:35:16 | 001,216,704 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/05/01 12:34:58 | 000,131,256 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2003/03/09 15:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/25 15:32:19 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/20 15:43:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/20 15:43:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/29 15:34:02 | 000,401,280 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/13 21:09:57 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/10/12 16:35:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/04/03 18:55:14 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\sandra.sys -- (SANDRA)
DRV - [2006/01/25 16:14:06 | 000,472,644 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2005/09/26 06:07:00 | 000,048,640 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/07/11 12:37:00 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/06/19 17:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2002/02/13 13:27:30 | 000,166,419 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/13 13:26:54 | 001,171,584 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/13 13:20:46 | 000,594,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/06/04 06:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "google.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..keyword.URL: "http://websearch.ask...ocale=en_US&q="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/09 05:22:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/13 17:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/13 17:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/13 17:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/13 17:33:54 | 000,000,000 | ---D | M]

[2009/04/30 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2010/08/30 16:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/04/30 20:18:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/13 19:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions
[2010/09/23 19:23:40 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/01/06 01:13:32 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/02/14 14:08:55 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}(2)
[2010/10/22 20:44:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/06 01:13:32 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/12/27 18:10:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/27 14:56:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/30 00:10:01 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\extensions\toolbar@ask.com
[2011/01/13 18:15:55 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\searchplugins\askcom.xml
[2011/01/13 19:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/09 05:22:53 | 000,000,000 | ---D | M] (PayPal Plug-In for Firefox) -- C:\PROGRAM FILES\PAYPAL\PAYPAL PLUG-IN

O1 HOSTS File: ([2009/12/29 19:59:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-3488ABDDC600} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab34120.cab (StagingUI Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yaho...s/yinst0401.cab (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab32846.cab (ZoneBuddy Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.clarkcolo...larkActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.3.cab (DLM Control)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab32846.cab (ZonePAChat Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1121021608359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.h...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} https://mydesk-hq02....inalSvcsTCS.cab (TerminalSvcsTCSX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://vexcast.com/d...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab35645.cab (StadiumProxy Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab36385.cab (ZPA_Backgammon Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/29 12:59:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/01/13 23:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Cleaners 1-11
[2011/01/13 23:14:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2011/01/13 23:14:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netsh.exe
[2011/01/13 17:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/13 17:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/13 17:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/13 17:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/13 17:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/13 17:30:39 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/01/13 17:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/13 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/13 17:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/01/13 07:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\BT MP3
[2011/01/09 21:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\uTorrent
[2010/12/21 07:25:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Brochure Quotes
[2010/12/19 13:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009
[2010/12/15 07:00:30 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/15 06:59:03 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/01 23:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Pinnacle
[2010/12/01 23:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2010/12/01 23:33:05 | 000,401,280 | ---- | C] (YUAN High-Tech Development Co. Ltd.) -- C:\WINDOWS\System32\drivers\OmniTV.sys
[2010/12/01 23:33:05 | 000,012,800 | ---- | C] (YUAN High-Tech Development Co. Ltd.) -- C:\WINDOWS\System32\SimCoInstDev2.dll
[2010/12/01 23:29:26 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2010/12/01 23:29:26 | 000,385,100 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2010/12/01 23:29:25 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2010/12/01 23:29:25 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70d.dll
[2010/12/01 23:29:25 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70d.dll
[2010/12/01 23:29:24 | 002,179,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71d.dll
[2010/12/01 23:29:22 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2010/12/01 23:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pinnacle TVCenter Pro
[2010/12/01 23:28:43 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010/12/01 23:28:41 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010/12/01 20:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\IsolatedStorage
[2010/12/01 20:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Local Settings\Application Data\Pinnacle Systems GmbH
[2010/12/01 20:42:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\InstantCDDVD
[2010/12/01 20:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/12/01 20:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/12/01 20:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/30 20:37:15 | 000,000,000 | ---D | C] -- C:\Excel
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/18 13:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/10 07:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Book1_files
[2010/11/09 09:52:35 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 09:52:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 09:52:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 09:52:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 09:52:35 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 09:52:35 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 07:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/11/07 08:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\AskToolbar
[2010/10/30 19:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Desktop\Halloween Sounds
[2010/10/23 09:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\nagasoft
[2010/10/19 18:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\Application Data\Uniblue
[2010/10/19 18:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/01/13 23:29:49 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2011/01/13 23:28:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/13 23:27:34 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/13 23:27:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/13 23:26:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/13 23:26:21 | 2137,903,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/13 23:07:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/13 17:36:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/13 17:33:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/13 17:31:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/12 20:30:12 | 005,854,496 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Here They Come Again - Van Morrison - .mp3
[2011/01/12 19:12:09 | 000,011,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Erin.xlsx
[2011/01/12 18:59:18 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2011/01/11 22:04:42 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2011/01/09 21:52:14 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/01/09 21:52:14 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\06E5AC
[2011/01/09 21:43:39 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/09 21:43:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/09 17:25:43 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/09 00:01:55 | 000,023,768 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Student ID.xlsm
[2011/01/03 08:24:43 | 000,059,147 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Inv_22086_from_RyGan_Print.pdf
[2010/12/29 22:04:44 | 000,013,252 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Fee Intervals.xlsx
[2010/12/24 00:21:15 | 000,861,633 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Travel.docx
[2010/12/23 21:48:53 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/19 13:56:06 | 000,003,017 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\EBS Claim 12-19-2010.aspx.htm
[2010/12/19 13:50:26 | 000,134,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-03-2010.jpg
[2010/12/19 13:43:43 | 000,034,034 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 05-21-2010.jpg
[2010/12/19 13:40:07 | 000,048,572 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-22-2009.jpg
[2010/12/19 13:34:45 | 000,049,428 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-13-2010.jpg
[2010/12/19 13:28:58 | 000,048,583 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 07-26-2010.jpg
[2010/12/19 13:22:41 | 000,070,649 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.jpg
[2010/12/19 13:22:27 | 000,500,224 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.ppt
[2010/12/19 13:19:49 | 000,070,531 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 2.jpg
[2010/12/19 13:17:46 | 000,070,185 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 1.jpg
[2010/12/19 13:15:12 | 000,070,185 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009.jpg
[2010/12/19 13:08:11 | 000,037,646 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-10-2010.jpg
[2010/12/19 12:51:09 | 000,001,639 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim2.aspx.htm
[2010/12/19 12:49:45 | 000,001,520 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim1.aspx.htm
[2010/12/19 12:46:10 | 000,038,545 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-19-2010.jpg
[2010/12/18 15:43:25 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Christmas Numbers.xls
[2010/12/18 14:12:59 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Posting Data & Code How To.doc
[2010/12/16 03:42:12 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 03:25:05 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/14 12:08:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/12/06 22:35:47 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Book1.xls
[2010/12/06 00:06:32 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Dave For Marie.doc
[2010/12/03 08:00:40 | 000,591,872 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Wrenches.jpg
[2010/12/01 23:30:28 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle TVCenter Pro.lnk
[2010/12/01 22:08:00 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/01 22:07:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/12/01 20:23:18 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\pinnacle tv registration.doc
[2010/11/30 20:51:03 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Book2.xls
[2010/11/30 20:37:36 | 000,016,896 | ---- | M] () -- C:\log.xls
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/11/28 11:31:20 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Closed Drop Down.xls
[2010/11/27 23:05:13 | 000,176,832 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\PDF_A vs PDF_E vs PDF_X.pdf
[2010/11/27 23:01:55 | 000,268,586 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Google Maps.pdf
[2010/11/27 22:59:45 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Book1.pdf
[2010/11/25 14:34:43 | 000,016,478 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Book2.xlsm
[2010/11/24 20:26:43 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\PlaceVlookup Macro.xls
[2010/11/19 19:21:32 | 000,017,580 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Book1.xlsm
[2010/11/19 18:05:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/11/15 20:07:08 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\MD List.xls
[2010/11/11 20:13:21 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Book1.csv
[2010/11/10 08:02:16 | 000,003,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\c.html
[2010/11/10 08:02:16 | 000,003,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\b.html
[2010/11/10 08:02:16 | 000,003,564 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\a.html
[2010/11/10 07:44:44 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Book2.htm
[2010/11/10 07:40:32 | 000,007,013 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Book1.htm
[2010/11/09 09:52:35 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2010/11/09 09:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\odbc32.dll
[2010/11/09 09:52:35 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2010/11/09 09:52:35 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2010/11/09 09:52:35 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2010/11/09 09:52:35 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2010/11/08 07:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2010/11/08 07:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2010/11/07 08:14:08 | 000,434,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 08:14:08 | 000,068,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/05 19:34:12 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/11/05 19:34:12 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/11/05 19:34:12 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/11/05 19:34:12 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/11/05 19:34:12 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/11/05 19:34:12 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/11/05 19:34:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/11/05 19:34:12 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/11/05 19:34:12 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/11/05 19:34:12 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/11/05 19:34:12 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/11/05 19:34:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/11/05 19:34:12 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/11/05 19:34:11 | 006,075,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/11/05 19:34:11 | 003,604,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/11/05 19:34:11 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/11/05 19:34:11 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/11/05 19:34:11 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/11/05 19:34:11 | 000,468,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/11/05 19:34:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/11/05 19:34:11 | 000,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/11/05 19:34:11 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/11/05 19:34:11 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/11/05 19:34:11 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/11/05 19:34:11 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/11/05 19:34:11 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/11/05 19:34:11 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/11/05 19:34:11 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/11/05 19:34:11 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/11/05 19:34:11 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/11/05 19:34:11 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/11/05 19:34:11 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/11/05 19:34:11 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/11/05 19:34:11 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/11/05 19:34:11 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/11/05 19:34:11 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/11/05 19:34:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/11/05 19:34:11 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/11/05 19:34:11 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/11/05 19:34:11 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/11/05 19:34:11 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/11/05 19:34:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/11/05 19:34:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/11/05 19:34:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/11/05 19:34:11 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/11/05 19:34:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/11/05 19:34:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/11/03 07:25:53 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/11/03 07:24:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/11/03 07:24:56 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/11/03 07:24:55 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/11/03 07:24:55 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/11/02 06:20:12 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
[2010/10/30 20:04:42 | 000,079,209 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Moaning Chains.wav
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/10/28 08:13:22 | 000,290,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/10/27 07:26:58 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\take home test.doc
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/10/26 08:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/10/25 18:45:19 | 000,017,132 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\domains.xlsm
[2010/10/25 17:28:25 | 000,008,969 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\domains.xlsx
[2010/10/23 16:23:05 | 011,425,995 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\5995413084_Washer_2004.pdf
[2010/10/22 23:11:00 | 000,016,076 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\myMax.xlsm
[2010/10/22 22:45:24 | 000,018,542 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Timer1.xlsm
[2010/10/22 22:05:32 | 000,016,426 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Timer2.xlsm
[2010/10/20 07:08:57 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Percent CF.xls
[2010/10/18 06:07:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/10/18 06:06:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2010/10/18 06:06:11 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2010/10/17 19:45:00 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\Fred20101017.xls
[2010/10/17 17:27:08 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT09.ini
[2010/10/16 22:46:17 | 002,101,696 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Meg Jumping Hay Bail.JPG
[2010/10/16 18:58:53 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\DateChange.doc
[2 C:\Documents and Settings\Dave\My Documents\*.tmp files -> C:\Documents and Settings\Dave\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/13 17:36:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/13 17:33:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/01/13 17:31:07 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/12 20:29:14 | 005,854,496 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Here They Come Again - Van Morrison - .mp3
[2011/01/12 19:12:08 | 000,011,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Erin.xlsx
[2011/01/09 21:43:39 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/01/09 21:43:39 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/09 00:01:55 | 000,023,768 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Student ID.xlsm
[2011/01/03 08:24:39 | 000,059,147 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Inv_22086_from_RyGan_Print.pdf
[2010/12/29 22:04:44 | 000,013,252 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Fee Intervals.xlsx
[2010/12/24 00:00:17 | 000,861,633 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Travel.docx
[2010/12/19 13:56:04 | 000,003,017 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\EBS Claim 12-19-2010.aspx.htm
[2010/12/19 13:50:24 | 000,134,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-03-2010.jpg
[2010/12/19 13:43:41 | 000,034,034 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 05-21-2010.jpg
[2010/12/19 13:40:05 | 000,048,572 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-22-2009.jpg
[2010/12/19 13:34:43 | 000,049,428 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-13-2010.jpg
[2010/12/19 13:28:56 | 000,048,583 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 07-26-2010.jpg
[2010/12/19 13:22:40 | 000,070,649 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.jpg
[2010/12/19 13:22:27 | 000,500,224 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 3.ppt
[2010/12/19 13:19:47 | 000,070,531 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 2.jpg
[2010/12/19 13:17:44 | 000,070,185 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009 1.jpg
[2010/12/19 13:15:09 | 000,070,185 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-24-2009.jpg
[2010/12/19 13:08:07 | 000,037,646 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 08-10-2010.jpg
[2010/12/19 12:51:08 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim2.aspx.htm
[2010/12/19 12:49:44 | 000,001,520 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MemberNewClaim1.aspx.htm
[2010/12/19 12:46:06 | 000,038,545 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Lisa Marulli 12-19-2010.jpg
[2010/12/18 12:11:33 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Posting Data & Code How To.doc
[2010/12/05 23:27:57 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Dave For Marie.doc
[2010/12/03 08:00:36 | 000,591,872 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Wrenches.jpg
[2010/12/01 23:30:28 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010/12/01 23:30:28 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010/12/01 23:30:28 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010/12/01 23:30:28 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010/12/01 23:30:28 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010/12/01 23:30:28 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle TVCenter Pro.lnk
[2010/12/01 22:08:00 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/12/01 20:23:17 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\pinnacle tv registration.doc
[2010/12/01 20:13:00 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/12/01 20:08:19 | 000,045,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\OmniTV.rom
[2010/11/30 20:43:33 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Book2.xls
[2010/11/30 20:37:36 | 000,016,896 | ---- | C] () -- C:\log.xls
[2010/11/28 11:31:19 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Closed Drop Down.xls
[2010/11/27 23:05:11 | 000,176,832 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\PDF_A vs PDF_E vs PDF_X.pdf
[2010/11/27 23:01:53 | 000,268,586 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Google Maps.pdf
[2010/11/27 22:59:43 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Book1.pdf
[2010/11/25 14:34:42 | 000,016,478 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Book2.xlsm
[2010/11/24 20:26:43 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\PlaceVlookup Macro.xls
[2010/11/19 19:19:22 | 000,017,580 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Book1.xlsm
[2010/11/15 19:42:53 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\MD List.xls
[2010/11/11 20:08:46 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Book1.csv
[2010/11/10 08:02:16 | 000,003,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\c.html
[2010/11/10 08:02:16 | 000,003,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\b.html
[2010/11/10 08:02:16 | 000,003,564 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\a.html
[2010/11/10 07:44:44 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Book2.htm
[2010/11/10 07:40:31 | 000,007,013 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Book1.htm
[2010/11/02 06:20:12 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
[2010/10/30 20:04:36 | 000,079,209 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Moaning Chains.wav
[2010/10/27 07:26:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\take home test.doc
[2010/10/25 17:28:40 | 000,017,132 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\domains.xlsm
[2010/10/25 17:24:48 | 000,008,969 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\domains.xlsx
[2010/10/23 23:48:14 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/23 16:23:04 | 011,425,995 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\5995413084_Washer_2004.pdf
[2010/10/22 23:09:11 | 000,016,076 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\myMax.xlsm
[2010/10/22 22:05:32 | 000,016,426 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Timer2.xlsm
[2010/10/22 21:54:56 | 000,018,542 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Timer1.xlsm
[2010/10/20 07:08:52 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Percent CF.xls
[2010/10/17 19:44:59 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\Fred20101017.xls
[2010/10/16 22:46:17 | 002,101,696 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Meg Jumping Hay Bail.JPG
[2010/10/16 09:37:43 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\DateChange.doc
[2010/10/16 09:11:03 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2010/09/24 07:20:04 | 000,218,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 11:08:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\housecall.guid.cache
[2010/05/16 09:50:59 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/21 12:33:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/01/06 20:57:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2010/01/06 20:57:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/09/10 21:22:08 | 000,000,067 | ---- | C] () -- C:\WINDOWS\prfile.ini
[2009/02/05 19:44:17 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/09/16 21:05:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/06/08 16:24:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/02/13 21:09:55 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/02/13 19:39:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2008/01/19 22:56:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/09/05 19:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/23 11:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/11 23:44:06 | 000,004,059 | ---- | C] () -- C:\Documents and Settings\Dave\Application Data\HPCOM_48BitScanUpdate.log
[2007/06/11 23:44:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/15 14:52:44 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007/05/15 14:51:59 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/05/15 14:51:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/05/15 14:51:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/05/15 14:21:45 | 000,003,751 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/05/15 14:21:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/18 22:06:33 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/28 11:36:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/10/06 21:59:49 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/08/31 11:46:13 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/07/24 20:50:43 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/06/26 20:50:39 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/06/26 20:50:39 | 000,000,339 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/06/26 20:49:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/06/26 20:49:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/05/09 20:55:04 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/01/16 17:08:43 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2005/12/15 18:41:55 | 000,000,141 | ---- | C] () -- C:\WINDOWS\prtmate.ini
[2005/12/11 02:22:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\savtst32.INI
[2005/09/23 19:15:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/12 18:29:35 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2005/03/12 17:53:39 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2005/01/15 23:13:39 | 000,000,141 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/12/07 02:39:15 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/28 20:28:44 | 000,002,076 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/28 17:41:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2004/08/07 12:29:28 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\Dtwain32.dll
[2004/04/23 20:54:03 | 000,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2004/04/18 23:59:22 | 000,000,391 | ---- | C] () -- C:\WINDOWS\Jelly.ini
[2004/04/08 00:05:54 | 000,000,129 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2004/04/08 00:05:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2004/04/02 18:32:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2004/03/12 20:16:44 | 000,000,778 | ---- | C] () -- C:\WINDOWS\MTB12ST.INI
[2004/03/11 10:46:49 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/02/29 20:01:40 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/02/29 16:22:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/29 16:22:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/29 14:07:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/29 13:23:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2003/07/29 13:14:01 | 000,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/07/29 13:13:28 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/07/29 12:47:04 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/29 12:47:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/07/29 05:51:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 15:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/05/30 15:00:00 | 000,000,299 | ---- | C] () -- C:\WINDOWS\LProS.ini
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >


extras.txt

OTL Extras logfile created on: 01/13/11 11:45:10 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Dave\Desktop\Cleaners 1-11
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.33 Gb Total Space | 11.25 Gb Free Space | 14.74% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\Program Files\MusicBrainz Picard\picard.exe" = C:\Program Files\MusicBrainz Picard\picard.exe:*:Disabled:The next generation MusicBrainz tagger -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}" = SPSS 14.0 for Windows Evaluation Version
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{536E1504-E2E0-4B25-9D61-5418DE8319A4}" = WinWay Resume Deluxe
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9E5667DA-2EE7-4D1C-A1DE-D27300266EA5}" = Datasets and Data Analysis Plus 4.0 for Elementary Statistics
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XI.SP2 (Win64/32/CE)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAFCC5EF-E4D0-47EF-8E4B-168B3644A1E3}" = Garmin City Navigator North America NT 2009 Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}" = Hallmark Card Studio 2005 Deluxe
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Acky's XP Breakout Demo" = Acky's XP Breakout Demo
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PhotoDeluxe Home Edition 4.1" = Adobe PhotoDeluxe Home Edition 4.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AoA DVD Ripper_is1" = AoA DVD Ripper
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.10 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"Avery Wizard 2.1 MSW2000" = Avery® Wizard 2.1 forMicrosoft® Word 2000
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.684
"C-Media Audio" = C-Media 3D Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D" = Conexant SoftK56 Modem(M)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EVEREST Home Edition_is1" = EVEREST Home Edition v1.00
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hewlett-Packard Extended Keyboard" = Hewlett-Packard Extended Keyboard
"HitmanPro35" = Hitman Pro 3.5
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"hp psc 2170 series_Driver" = hp psc 2170 series
"ICQ" = ICQ
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}" = msxml4SP2
"LabelCreator Pro" = LabelCreator Pro
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"MinitabDeinstKeySV" = Minitab Student Release 12
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pandora's Jar (standalone)_is1" = Pandora's Jar (standalone) 8.1.1
"Picasa 3" = Picasa 3
"Playlist Creator 3" = Playlist Creator 3
"PrimoPDF3.0" = PrimoPDF
"Print Server" = Print Server
"PrintFile" = PrintFile
"PS2" = PS2
"RealPlayer 6.0" = RealPlayer
"Recordpad" = Recordpad
"Rhapsody" = Rhapsody
"SnagIt7" = SnagIt 7
"SopCast" = SopCast 3.0.3
"Stamp" = Stamp Uninstall
"StreamTorrent 1.0" = StreamTorrent 1.0
"Switch" = Switch Sound File Converter
"TaxACT 2002" = TaxACT 2002
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 New York" = TaxACT 2008 New York
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 New York" = TaxACT 2009 New York
"TaxACT New York 2002" = TaxACT New York 2002
"TaxACT New York 2003" = TaxACT New York 2003
"TaxACT New York 2004" = TaxACT New York 2004
"TaxACT New York 2005" = TaxACT New York 2005
"TaxACT New York 2006" = TaxACT New York 2006
"TaxACT New York 2007" = TaxACT New York 2007
"tinySpell_is1" = tinySpell 1.9.11
"uTorrent" = µTorrent
"VCast Music Essentials Manager" = V CAST Music Manager
"VLC media player" = VLC media player 1.0.2
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xlcompare_is1" = 4TOPS Compare Excel Files version 2.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pixie" = Pixie 3.1 (remove only)
"Windows System Scanner" = Windows System Scanner

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/22/10 6:16:14 PM | Computer Name = LIVINGROOM | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 01/09/11 11:12:08 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/12/11 9:30:36 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/12/11 9:46:01 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/13/11 8:27:27 AM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/13/11 8:28:43 AM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

Error - 01/13/11 8:28:47 AM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}.
The
error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe"
-Embedding

Error - 01/13/11 8:13:30 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/13/11 8:18:31 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 01/13/11 8:19:20 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

[ TuneUp Events ]
Error - 12/08/08 12:49:01 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/08/08 1:13:04 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/17/08 9:12:55 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/20/08 9:50:53 AM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 12/20/08 10:33:36 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 02/27/09 9:59:01 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 02/28/09 1:00:31 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 03/01/09 3:41:37 PM | Computer Name = LIVINGROOM | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

Procexp.txt

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 88.06 0 K 16 K
procexp.exe 244 5.97 8,920 K 13,568 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
services.exe 468 2.99 1,816 K 5,116 K Services and Controller app Microsoft Corporation
TeaTimer.exe 1864 1.49 121,356 K 122,592 K System settings protector Safer-Networking Ltd.
jqs.exe 1632 1.49 2,144 K 1,796 K Java™ Quick Starter Service Sun Microsystems, Inc.
wmiprvse.exe 1316 2,272 K 4,800 K WMI Microsoft Corporation
WINWORD.EXE 4000 14,480 K 31,152 K Microsoft Office Word Microsoft Corporation
winlogon.exe 424 6,576 K 4,244 K Windows NT Logon Application Microsoft Corporation
TSCHelp.exe 2372 596 K 2,364 K TechSmith HTML Help Helper TechSmith Corporation
System 4 0 K 216 K
svchost.exe 648 3,104 K 5,068 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 700 1,848 K 4,536 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 756 16,112 K 25,648 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 796 2,336 K 3,284 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 900 1,256 K 3,532 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1796 3,036 K 4,924 K Generic Host Process for Win32 Services Microsoft Corporation
SUPERANTISPYWARE.EXE 1192 62,632 K 632 K SUPERAntiSpyware Application SUPERAntiSpyware.com
spoolsv.exe 1508 4,008 K 6,988 K Spooler SubSystem App Microsoft Corporation
SnagIt32.exe 2172 6,324 K 13,296 K SnagIt Screen Capture for Windows TechSmith Corporation
smss.exe 336 176 K 404 K Windows NT Session Manager Microsoft Corporation
remoterm.exe 2008 2,076 K 3,888 K Remote Control Application Pinnacle Systems
RBroker.exe 3412 752 K 2,884 K RegBroker Module
PMCLoader.exe 860 36,296 K 43,716 K Pinnacle Systems GmbH
notepad.exe 2052 988 K 3,024 K Notepad Microsoft Corporation
mDNSResponder.exe 856 1,168 K 3,696 K Bonjour Service Apple Inc.
lsass.exe 488 2,284 K 1,208 K LSA Shell (Export Version) Microsoft Corporation
iTunesHelper.exe 912 8,516 K 13,188 K iTunesHelper Apple Inc.
iPodService.exe 2628 2,428 K 4,048 K iPodService Module (32-bit) Apple Inc.
Interrupts n/a 0 K 0 K Hardware Interrupts
GoogleToolbarNotifier.exe 1880 2,968 K 664 K GoogleToolbarNotifier Google Inc.
firefox.exe 764 99,636 K 114,116 K Firefox Mozilla Corporation
explorer.exe 1388 32,332 K 2,092 K Windows Explorer Microsoft Corporation
DPCs n/a 0 K 0 K Deferred Procedure Calls
csrss.exe 400 1,544 K 3,960 K Client Server Runtime Process Microsoft Corporation
AvastUI.exe 632 3,908 K 1,700 K avast! Antivirus AVAST Software
AvastSvc.exe 1092 9,268 K 37,188 K avast! Service AVAST Software
AppleMobileDeviceService.exe 356 4,672 K 7,052 K MobileDeviceService Apple Inc.
alg.exe 2920 1,116 K 3,520 K Application Layer Gateway Service Microsoft Corporation
aawservice.exe 1032 19,384 K 1,208 K Ad-Aware Service Lavasoft

VEW.txt

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/01/2011 12:01:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/01/2011 7:19:20 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 13/01/2011 7:18:31 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 13/01/2011 7:13:30 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 13/01/2011 7:28:47 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}. The error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe" -Embedding

Log: 'System' Date/Time: 13/01/2011 7:28:43 AM
Type: error Category: 0
Event: 10000 Source: DCOM
Unable to start a DCOM Server: {46986115-84D6-459C-8F95-52DD653E532E}. The error: "%3" Happened while starting this command: "C:\Program Files\Winamp\winamp.exe" -Embedding

Log: 'System' Date/Time: 13/01/2011 7:27:27 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 12/01/2011 8:46:01 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 12/01/2011 8:30:36 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 09/01/2011 10:12:08 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 22/12/2010 5:16:14 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 21/12/2010 6:24:12 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 20/12/2010 5:33:23 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 20/12/2010 4:11:44 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 17/12/2010 7:29:54 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 16/12/2010 8:39:31 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 16/12/2010 7:38:58 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

Log: 'System' Date/Time: 12/12/2010 5:40:50 PM
Type: error Category: 0
Event: 7 Source: Cdrom
The device, \Device\CdRom0, has a bad block.

Log: 'System' Date/Time: 01/12/2010 10:07:58 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 01/12/2010 10:07:58 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 01/12/2010 10:07:54 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/01/2011 11:45:56 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 12/01/2011 7:52:28 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 12/01/2011 5:07:03 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 09/01/2011 11:25:12 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 06/01/2011 11:45:51 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 05/01/2011 4:58:24 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 31/12/2010 4:58:26 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 30/12/2010 11:45:57 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 28/12/2010 7:04:11 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 23/12/2010 11:46:28 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 16/12/2010 5:21:59 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 09/12/2010 11:46:21 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 03/12/2010 8:51:11 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 02/12/2010 1:12:54 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 29/11/2010 11:14:09 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 22/11/2010 11:13:13 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 19/11/2010 6:24:46 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 15/11/2010 11:12:31 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 14/11/2010 4:01:26 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 10/11/2010 5:09:56 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
  • 0

#9
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Whoops! I guess I forgot the Application log from VEW.exe. Here it is:

VEW.txt For Application Run

Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/01/2011 12:21:14 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/01/2011 2:11:25 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90140000-001F-0409-0000-0000000FF1CE}', feature 'SpellingAndGrammarFiles_1033' failed during request for component '{7CD29B07-AAE3-4369-A719-811252BA5576}'

Log: 'Application' Date/Time: 23/12/2010 10:24:32 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{91140000-0011-0000-0000-0000000FF1CE}', feature 'WORDFiles' failed during request for component '{019C826E-445A-4649-A5B0-0BF08FCC4EEE}'

Log: 'Application' Date/Time: 12/12/2010 3:52:27 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{91E30409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP6Files' failed during request for component '{CC29EC81-7BC2-11D1-A921-00A0C91E2AA2}'

Log: 'Application' Date/Time: 12/12/2010 3:50:04 PM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{91E30409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP5Files' failed during request for component '{D362F5FA-9939-40E1-BC1F-EF575164DAB9}'

Log: 'Application' Date/Time: 02/12/2010 6:50:49 PM
Type: warning Category: 0
Event: 1524 Source: Userenv
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
Your event logs are showing a few interesting items.

Looks like Microsoft Office is not fully installed and is having problems. Uninstall, use the
http://support.microsoft.com/kb/290301 if necessary and reinstall.

Your time is not updating. Right click on the clock and Adjust Date/Time. Set the time to the current time and date and then select Internet Time and try to synchronize the time.

SUPERAntiSpyware is not happy. Uninstall it for now.


upnphost service is turned off or missing a file.

1. Click Start, point to Programs, point to Administrative Tools, and then click Services.
2. Double-click the upnphost service.
3. Click the Log On tab.
4. Verify that the service has not been disabled for the hardware profile that you are using. If it has, click Enable.
5. Click the General tab. Verify that the service has not been disabled in the Startup Type box. If it has, click Automatic to have it start when you start the computer. Press Start and see if you get an error message.

XP cannot unload your classes registry file - use the Fixit at: http://support.microsoft.com/kb/837115

Winamp is having a problem. Uninstall for now. I don't see it in the uninstall list. Perhaps there is an uninstall option in C:\program Files\Winamp\ if not you can do:
http://forums.winamp...?threadid=51699

Finally:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. This is usually caused by P2P services such as
LimeWire 5.5.16
µTorrent

Freecorder Toolbar

Freecorder Toolbar 3.0 Application

which you should install for now.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

Link 1
Link 2
Link 3


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

After you have done all of the above, right click on My Computer and select Manage then Event Viewer. Right click on System and Clear all events (no need to save them first). Repeat for Applications. Reboot.

Run your test again.

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

If still slow, reboot into Safe Mode with Networking
http://www.computerh...sues/chsafe.htm
and try the test again.

Ron
  • 0

Advertisements


#11
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Before I run your suggested list of tasks, I have a few comments/questions which may impact what you want me to do. I'm not questioning your advice, merely pointing out a few things and trying to learn why (or why not) these may be an issue related to slower download speeds.

re: Looks like Microsoft Office is not fully installed and is having problems.

I am running 2003 and parts of 2010 at this time. I am not ready to fully move to 2010 for some applications, so 2010 is not fully installed. 2 questions:

1 - How would this be related to degraded download speeds?
2 - What other issues could be caused by a partial install?

re: Your time is not updating.

As far as I can tell, my system clock is matches the clock at this site:
http://www.timeandda...city.html?n=421

1 - Why do you say it is not updating?
2 - How would this be related to degraded download speeds?

re: SUPERAntiSpyware is not happy. Uninstall it for now.

1 - How would this be related to degraded download speeds?

I will work on the other items in the meantime.

Thanks once again

Edited by DerbyDad03, 15 January 2011 - 09:05 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
I'm just trying to eliminate any Event log that indicates a problem. Windows is a very complex beast and sometimes an error that seems minor will have far reaching consequences. If you are running the same mishmash of Office on your other PC and it is happy with it then keep it that way.

Ron
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
I'm not saying the time is wrong. Windows says that it can't verify the time with an online time source.

Log: 'System' Date/Time: 13/01/2011 11:45:56 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
  • 0

#14
DerbyDad03

DerbyDad03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OK, here's where I'm at. Somethings went OK, others, well not so much.

re: Microsoft Office If you are running the same mishmash of Office on your other PC and it is happy with it then keep it that way.

This system is the only machine with the mishmash, however, the download speed problem was present when only Office 2003 was installed. The addition of Office 2010 (or parts thereof) is probably not part of the problem since the problem existed before 2010 was installed.

That said, after running what I was able to run from your latest task list, I am having trouble starting Excel 2010. The application keeps trying to "configure" itself and then tells me that the license can not be verified. I may have to uninstall anyway just to get it working again.

I did nothing with Office 2010 while performing the following tasks, yet at this point it no longer works.

re: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

This is interesting. When I followed to steps to update the time, I saw this under Internet Time:

The time has been successfully synchronized with time.window.com on
1/12/11 at 10:06 PM


Next synchronization: 1/19/11 at 10:06 PM

I clicked Update Now and the message changed to:

The time has been successfully synchronized with time.window.com on
1/16/11 at 3:34 PM


Next synchronization: 1/23/11 at 3:34 PM

The seems to indicate that system is set to sync the time once every 7 days, yet the event log says that the time isn't synced only 49152 seconds (~13 hours) after the last update. Why is it even trying so soon?

re: SUPERAntiSpyware is not happy. Uninstall it for now.

Done

re: upnphost service is turned off or missing a file.
...snip...
5. Click the General tab. Verify that the service has not been disabled in the Startup Type box. If it has, click Automatic to have it start when you start the computer. Press Start and see if you get an error message.


It was disabled in the Start Up type. I changed it to Automatic, click Apply and then Start.
This error popped up:

Could not start the Universal Plug and Play Device Host service on Local Computer

Error 1068: The dependency service or group failed to start.

re: XP cannot unload your classes registry file - use the Fixit at: http://support.microsoft.com/kb/837115

I did not find a "Fix it" in that kb article, at least not the typical "guy with the wrench" Fix it.

Is this what you wanted me to run?

To use the Microsoft User Profile Hive Cleanup Service (UPHClean), follow these steps:
    1.  Download UPHClean. 
            To download and install UPHClean, visit the following Microsoft Web site: 
            http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582

re: Winamp is having a problem. ... Perhaps there is an uninstall option in C:\program Files\Winamp\

if not you can do: http://forums.winamp...?threadid=51699


There is no C:\program Files\Winamp\ folder.

There was an uninstall option in the All Programs/Winamp folder but the shortcut did not work. Windows searched but didn't find the application.

I tried to follow the steps at the link you provided, but the first three items didn't exist, so I stopped.

Delete these folders.
c:\Program Files\Mjuice Media Player

c:\Program Files\Winamp

c:\WINDOWS\Start Menu\Programs\Winamp

I looked for a couple of other items and didn't find them either. Should I look for every file and registry entry listed and delete whichever ones I find?

re: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

I deleted all of the apps that you listed.

re: george.exe

I ran george.exe. Sometime around Stage 5 or 6 I got a message that said: "PEV.exe has encountered a problem and needs to close"

george.exe completed, the log is pasted below.

re: Malwarebytes' Anti-Malware

Log pasted below

re: After you have done all of the above, right click on My Computer and select Manage then Event Viewer.

Since I did not complete all of the tasks in your list, I did not clear the event logs or run VEW.exe

I wanted to wait until I read your comments on the issues listed above.

re: Run your test again.

As of now, there is no improvement.

As always, thanks for your time.

ComboFix Log

ComboFix 11-01-16.02 - Dave 01/16/11 16:57:46.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1471 [GMT -5:00]
Running from: c:\documents and settings\Dave\Desktop\george.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\Dave\My Documents\DPE.DUS
c:\documents and settings\James\My Documents\DPE.DUS
c:\documents and settings\Lisa\My Documents\DPE.DUS

.
((((((((((((((((((((((((( Files Created from 2010-12-16 to 2011-01-16 )))))))))))))))))))))))))))))))
.

2011-01-15 02:28 . 2011-01-15 02:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-01-15 00:23 . 2011-01-15 00:23 -------- d-----w- c:\documents and settings\Lisa\Application Data\uTorrent
2011-01-14 04:14 . 2004-08-04 04:56 86016 -c--a-w- c:\windows\system32\dllcache\netsh.exe
2011-01-14 04:14 . 2004-08-04 04:56 86016 ----a-w- c:\windows\system32\netsh.exe
2011-01-13 22:36 . 2011-01-13 22:40 -------- d-----w- c:\documents and settings\Lisa\Application Data\Apple Computer
2011-01-13 22:34 . 2011-01-13 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-01-13 22:33 . 2011-01-13 22:33 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-01-13 22:32 . 2011-01-13 22:33 -------- d-----w- c:\program files\QuickTime
2011-01-13 22:31 . 2011-01-13 22:31 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Apple
2011-01-13 22:31 . 2011-01-13 22:31 -------- d-----w- c:\program files\Apple Software Update
2011-01-13 22:30 . 2010-09-28 20:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-01-13 22:30 . 2010-09-28 20:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-13 22:30 . 2011-01-13 22:30 -------- d-----w- c:\program files\Bonjour
2011-01-13 22:29 . 2011-01-13 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-01-13 22:29 . 2011-01-13 22:35 -------- d-----w- c:\program files\Common Files\Apple
2011-01-10 02:42 . 2011-01-13 13:15 -------- d-----w- c:\documents and settings\Dave\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2007-05-15 17:57 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2003-03-31 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-03-31 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-11-29 02:54 . 2009-11-29 02:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-05-09 267536]
"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-05-14 644368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2004-3-1 2277376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=c:\windows\pss\SnagIt 7.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=c:\windows\pss\BHODemon 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-05-08 00:54 289088 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-29 02:54 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-06-24 01:07 6110528 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HpMmKbd]
1998-12-09 18:39 122368 -c--a-w- c:\program files\Hewlett-Packard\Extended Keyboard\HpMmKbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2004-06-03 05:50 204800 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 17:02 61440 ----a-w- c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-02-22 17:42 26101032 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-19 02:18 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-12-24 16:17 185896 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/13/08 9:09 PM 716272]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/25/10 6:42 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/25/10 6:42 AM 17744]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [07/14/05 9:37 PM 472644]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/09 3:41 AM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [01/09/06 11:11 PM 30192]
S3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [12/01/10 11:33 PM 401280]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [01/09/10 8:37 PM 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2007-05-05 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4170559575.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2007-09-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2170 series272A572217594EBCF1CEE215E352B92AD073FDE4181619858.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2011-01-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-30 01:42]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 08:40]

2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 08:40]

2004-04-23 c:\windows\Tasks\myautoupdate.job
- C:\myautoupdate.bat [2004-04-07 11:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {02BF25D5-8C17-4B23-BC80-3488ABDDC600}
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
DPF: {33564D57-9980-0010-8000-00AA00389B71}
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\m6zkonzt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: PayPal Plug-In for Firefox: paypalfirefoxplugin@orbiscom - c:\program files\PayPal\PayPal Plug-In
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 17:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-01-16 17:14:36
ComboFix-quarantined-files.txt 2011-01-16 22:14

Pre-Run: 12,695,863,296 bytes free
Post-Run: 12,824,002,560 bytes free

- - End Of File - - 4A693960299CFCF8EFDEA1FDD4DC5479



Malwarebytes Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5533

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

01/16/11 5:24:17 PM
mbam-log-2011-01-16 (17-24-17).txt

Scan type: Quick scan
Objects scanned: 238547
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeope...app&l=x&ext=%s) Good: (http://shell.windows...angID=x&Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,350 posts
  • MVP
The Simple Service Discovery Protocol (SSDP) is required for upnphost service to work so see if it is can start.

Interesting about the time interval. Copy the next line:

C:\Users\Shelly>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config > \Junk.txt

Start, Run, cmd, OK then

right click and Paste or Edit, Paste then hit Enter then type:
notepad \junk.txt

and copy and paste the text to a reply.

It looks like Combofix took out some stuff it shouldn't have which is why you lost your Excel. I'll need for you to open
C:\Qoobox\ComboFix-quarantined-files.txt
and copy and paste the text to a reply then we can restore the files that keep office from working.

Not sure why it crashed at the end tho. Perhaps the presence of some AVG remnants. (For some reason Combofix is allergic to AVG.) Also uninstall Spybot S&D for now. It's teatimer service resists changes. Then download and run AppRemover from
http://www.appremove.../appremover.exe
Hit Next then check the Clean Up a Failed Uninstall then next. If it finds something from AVG then let it remove it.
Combofix found this entry:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

vvdsvc is VJVodClientServices from Nanjing Naga Software Ltd. When running it supposedly consumes a large chunk of bandwidth. Don't see an uninstaller for it. Check in the services window and see if you can stop it and set the Startup Type to Disabled.

You can also uninstall getPlusHelper. It's a download manager foisted on you by Adobe so look for Adobe DLM in the uninstall list.

Combofix also reports you have 4 obsolete Java Console in Firefox. Seems to be a java problem with Firefox. It doesn't delete the old consoles from Firefox when it upgrades. I've found that having two slows down the start of Firefox from 10 seconds to about 50 or more so look in Firefox, Tools, Add_Ons, Extensions and disable or remove any you find which are not the latest.

Run OTL again, Quickscan and post the log.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP