The machine has not been used during these weeks that I have been trying to get it cleaned (only work on it here and there as we don't live in the same city).
Here is a recent log from Malwarebytes:
==================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5989
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/8/2011 11:38:35 AM
mbam-log-2011-03-08 (11-38-35).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 294077
Time elapsed: 1 hour(s), 34 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Noon.Noon.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Noon.Noon (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25E76F98-E9A4-8ED4-013D-359B62A4E5A6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ED2390A-E6F6-F895-FE75-013E2D97184A} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files\common files\noon.dll (Trojan.BHO) -> Quarantined and deleted successfully.
==================
Now, scans from CA Antivirus, Spyware Doctor, and Malwarebytes are coming up clean. However, I see something else that doesn't seem right.
There is a temp folder (c:\temp) that keeps getting these regular log files that I don't recognize. They occur as often as 5 minutes apart. Some are very small, like this:
17:25:12.062 IEProcess=C:\Program Files\Internet Explorer\iexplore.exe
17:25:12.109 non-system, exit
And some are longer like this:
------------------------------
16:26:09.796 IE Finished
16:26:09.796 Cur tick: 65149359, next check: 66049656
16:41:10.109 Check for job
16:41:10.109 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
16:41:10.484 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://dcdcgroup.com...ction</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR</ua>
<cookie>clickme=1</cookie>
</click>
16:41:10.484 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=accounting+for+construction&ref=http%3A%2F%2Fdcdcgroup.com%2Fsearch%2F%3Faccounting%2Bfor%2Bconstruction&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+GTB6.6%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+InfoPath.2%3B+.NET+CLR&clickme=1
16:41:10.484 DESK=gdkajine
16:41:10.484 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...T CLR&clickme=1
16:41:10.796 IE Started
16:51:15.156 IE Finished
16:51:15.156 Cur tick: 66654718, next check: 67249671
17:01:10.109 Check for job
17:01:10.109 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
17:01:10.406 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://easyburningca...chise</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR</ua>
<cookie>clickme=1</cookie>
</click>
17:01:10.406 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=how+to+franchise&ref=http%3A%2F%2Feasyburningcamslive.info%2Fsearch%2F%3Fhow%2Bto%2Bfranchise&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+GTB6.6%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CLR&clickme=1
17:01:10.406 DESK=gdkajine
17:01:10.406 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...T CLR&clickme=1
17:01:10.718 IE Started
17:11:14.125 IE Finished
17:11:14.125 Cur tick: 67853687, next check: 68449671
17:21:10.125 Check for job
17:21:10.125 Request=r-ads.info/_/getupdate.php?id1=10005&id2=1
17:21:10.500 Answer=<job>
<ext>r-ads.info/_/getupdate.php?id1=#ID1#&id2=#ID2#</ext>
<period>20</period>
<seed>fref312e</seed>
</job>
<click>
<url>http://r-ads.info/in...clickme=1</url>
<referer>http://brochureisumm...y tax</referer>
<x>10</x>
<y>10</y>
<w>800</w>
<h>500</h>
<cnt>5</cnt>
<ua>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13</ua>
<cookie>clickme=1</cookie>
</click>
17:21:10.500 URL=http://r-ads.info/index.php?affid=39&subid=10005&q=dallas+texas+property+tax&ref=http%3A%2F%2Fbrochureisummary.com%2Fsearch%2F%3Fdallas%2Btexas%2Bproperty%2Btax&ua=Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+5.1%3B+en-US%29+AppleWebKit%2F534.13+%28KHTML%2C+like+Gecko%29+Chrome%2F9.0.597.94+Safari%2F534.13&clickme=1
17:21:10.562 DESK=gdkajine
17:21:10.609 Run="C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://r-ads.info/in...34.13&clickme=1
17:21:11.015 IE Started
17:31:15.750 IE Finished
17:31:15.750 Cur tick: 69055312, next check: 69649671
------------------------------
Looking through these files shows that something is still starting an IE process (seemingly under the SYSTEM account, as I have been killing this process from task manager) and trying to remotely request data from other servers.
I don't know what this is, and from the URLs in the log, I don't think it is a "preferred feature".
Here is my OTL log:
======================
OTL logfile created on: 4/10/2011 12:37:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Sources
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 188.57 Gb Free Space | 80.97% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 158.85 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Computer Name: JEWEL-PC | User Name: Jewel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/10 12:35:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Sources\OTL.exe
PRC - [2011/02/14 16:39:18 | 001,883,984 | ---- | M] (SmartSync Software) -- C:\Program Files\SmartSync Software\SmartSync Pro\SmSrvc.exe
PRC - [2011/01/07 14:54:12 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\FGuard.exe
PRC - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/08/26 23:10:00 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/08/26 23:09:59 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/07/27 22:04:48 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/07/27 22:04:46 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/04 14:35:10 | 000,610,304 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\AgentMon.exe
PRC - [2008/09/04 14:35:10 | 000,229,376 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/04/05 11:07:02 | 000,573,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/03/28 17:38:32 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
========== Modules (SafeList) ==========
MOD - [2011/04/10 12:35:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Sources\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2006/04/05 10:52:38 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/03/31 10:19:02 | 001,156,568 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2011/01/07 14:54:08 | 000,247,760 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/26 23:10:00 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010/07/27 22:04:48 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/04 14:35:10 | 000,610,304 | ---- | M] (Kaseya) [Auto | Running] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KaseyaAgent)
SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2008/08/06 16:27:22 | 002,164,088 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
========== Driver Services (SafeList) ==========
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/08/27 12:47:42 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/08/27 12:47:42 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/08/26 23:10:17 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010/08/26 23:10:17 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010/08/26 23:10:17 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2010/08/26 23:10:16 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/06/11 12:34:22 | 003,225,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/17 16:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 01:21:26 | 000,061,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/03/30 14:35:58 | 000,020,792 | ---- | M] (Kaseya) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KaPFA.sys -- (KAPFA)
DRV - [2007/11/15 03:48:20 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/08/01 20:07:37 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007/02/05 10:23:20 | 003,624,128 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/28 17:56:06 | 000,027,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/03/28 17:55:58 | 000,069,760 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/03/28 17:55:04 | 000,055,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2006/03/28 17:54:46 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/?ppud=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE E4 F9 13 23 29 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\Firefox\ [2011/04/09 17:49:36 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/02/16 16:55:34 | 000,000,754 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.2.3 HP000D9D1BC014
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SmartSync Pro 3] C:\Program Files\SmartSync Software\SmartSync Pro\SmartSync.exe (SmartSync Software)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 17\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1182294394375 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://k.slpowers.c...c/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 8.8.8.8 205.152.132.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/06 17:14:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/10 12:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/10 12:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/10 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/04/10 12:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/04/09 18:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/09 18:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/04/09 18:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jewel\Local Settings\Application Data\Apple
[2011/04/09 18:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/04/09 18:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/04/09 18:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jewel\Local Settings\Application Data\Threat Expert
[2011/04/09 17:49:35 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/04/09 17:49:34 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/04/09 17:49:34 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/04/09 17:45:14 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/04/09 17:45:14 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/04/09 17:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/04/09 13:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/10 12:41:10 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/10 12:36:46 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/04/09 18:31:14 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/04/09 18:31:14 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/04/09 18:29:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/09 18:21:41 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/09 18:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 18:20:44 | 1878,446,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/09 17:45:23 | 000,651,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/09 13:05:10 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Win32-Adclicker.DYN - CA Technologies.url
[2011/04/09 13:00:47 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Jewel\Desktop\Encyclopedia entry TrojanWinNT-Alureon.S - Learn more about malware - Microsoft Malware Protection Center.url
[2011/04/09 12:58:52 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/09 12:41:57 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/09 12:38:33 | 000,444,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/09 12:38:33 | 000,072,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/10 12:41:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/10 12:36:46 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2011/04/10 12:24:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/04/09 18:31:14 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/04/09 18:31:14 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/04/09 18:29:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/09 18:29:53 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/04/09 17:49:35 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/04/09 17:49:35 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/04/09 17:49:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/04/09 17:49:35 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/04/09 17:49:35 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/04/09 17:45:15 | 000,651,226 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/04/09 13:05:10 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Win32-Adclicker.DYN - CA Technologies.url
[2011/04/09 13:00:47 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Jewel\Desktop\Encyclopedia entry TrojanWinNT-Alureon.S - Learn more about malware - Microsoft Malware Protection Center.url
[2011/04/09 12:41:57 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/02/16 15:08:27 | 000,000,610 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/02/11 01:13:16 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Y7ahHjtlP567
[2011/02/11 01:13:16 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Y7ahHjtlP567r
[2011/02/11 00:08:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/02/11 00:07:49 | 000,061,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\nic1394.sys
[2011/01/30 23:13:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/14 13:10:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/03/03 12:18:04 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/11 09:38:20 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/06/11 09:38:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/06/10 13:59:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/04/07 23:40:13 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2007/10/22 21:38:58 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2007/09/01 23:36:52 | 000,000,106 | ---- | C] () -- C:\WINDOWS\KPD.INI
[2007/08/07 20:21:16 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/08/07 20:21:15 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/08/07 19:21:45 | 000,068,900 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2007/08/07 19:21:45 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2007/08/01 20:24:12 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\L8042mou.Sys
[2007/07/31 18:12:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/28 19:00:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/14 21:40:30 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Jewel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/24 12:36:13 | 000,000,217 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/06/22 20:23:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/19 20:29:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Jewel\Local Settings\Application Data\fusioncache.dat
[2007/06/07 09:49:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/07 08:47:07 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/06/07 08:47:07 | 000,174,819 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/06 17:17:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/06 17:11:27 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/06/06 12:37:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/06 12:36:44 | 000,857,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/28 08:00:00 | 000,444,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,072,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
========== LOP Check ==========
[2007/07/31 22:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2007/06/24 13:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2007/07/31 22:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
[2011/04/10 00:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/26 22:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jewel\Application Data\GetRightToGo
[2007/08/13 22:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jewel\Application Data\Snapfish
[2011/01/14 19:11:20 | 000,000,476 | ---- | M] () -- C:\WINDOWS\Tasks\20100409_162100_Jewel.job
[2011/01/14 19:11:18 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\20100409_162100_Jewel2.job
[2011/03/08 16:57:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
======================
I am also including below the Extras.txt log file from the OTL scan:
======================
OTL Extras logfile created on: 4/10/2011 12:37:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Sources
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 188.57 Gb Free Space | 80.97% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 158.85 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Computer Name: JEWEL-PC | User Name: Jewel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Documents and Settings\Jewel\Local Settings\Temp\vncviewer.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"E:\Setup\HPZnet01.exe" = E:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled: -- (Hewlett-Packard Co.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\temp\KRlyCLis.exe" = C:\temp\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener
"C:\Documents and Settings\Jewel\Local Settings\Temp\KRlyCLis.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener -- (Kaseya)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server -- (RealVNC Ltd.)
"C:\temp\KRlyCCon.exe" = C:\temp\KRlyCCon.exe:*:Enabled:KRlyCCon
"C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2D41\Setup\HPZnet01.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2D41\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- (Hewlett-Packard)
"C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2E90\HPSDU.exe" = C:\Documents and Settings\Jewel\Local Settings\Temp\7zS2E90\HPSDU.exe:*:Enabled:HP Scan Diagnostic Utility
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02BA9203-12CC-894F-B986-4E9EFF8BC14A}" = CCC Help Japanese
"{0364C04C-6E3E-AB50-08BD-8AE5002EF8DB}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06A3F04F-B869-FB73-F0BF-CB1A49514E38}" = Catalyst Control Center Core Implementation
"{08147A04-DEA8-443B-3837-7EEEE351560C}" = Catalyst Control Center Localization Japanese
"{0D16E3F2-08D6-6EA1-DAEF-EF4D5C4BD072}" = CCC Help Italian
"{0F60A17A-AB50-FCE6-76E4-D30242B3E7B0}" = Catalyst Control Center Localization Italian
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16D81724-A58A-C20C-5790-468C7EAD3ECA}" = Catalyst Control Center Localization Finnish
"{1A2EAC38-60F3-86F7-B518-3761E77E30F7}" = Catalyst Control Center Localization Russian
"{1AA98911-FADB-41F2-2C9E-E3E7AEDCAECA}" = Catalyst Control Center Graphics Full New
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22D30F20-CB72-0230-3CB5-C31BCBF78AB5}" = Catalyst Control Center Localization German
"{26590A16-E70A-4A34-8D49-BD261A1FC5FD}" = CCC Help Danish
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2952B4C3-ED86-11DE-9057-E85FA094DEAD}" = CCC Help Turkish
"{29B50056-2065-16F9-61D2-79FFE1ABABED}" = Catalyst Control Center Localization Swedish
"{2A84A092-37EF-4F5E-55BA-DE7310C89656}" = ccc-core-preinstall
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{339D2328-5494-A715-27AB-AC61E9E6C352}" = Catalyst Control Center Graphics Light
"{344FD9C1-3068-71B9-089F-F6A562CC5D8C}" = Catalyst Control Center Localization Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A8A29E6-D4DE-1C8E-8A14-6EECE3482324}" = Catalyst Control Center Localization Portuguese
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D29A08C-4D7A-22C7-4DA7-3DF4A3AA57F4}" = CCC Help Spanish
"{3EBFF4BC-1F23-129C-A1B4-83EA377B3B7E}" = CCC Help Russian
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{50CD1264-F1B3-128C-DD5A-5ED488152457}" = Catalyst Control Center Graphics Full Existing
"{50F29AD6-0E41-452D-021C-106EB7EA383A}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5D732C8D-0558-5943-5CEB-802D95664E5D}" = CCC Help English
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{63DE8625-31E4-2A5B-AEFD-48C016D775BF}" = CCC Help Swedish
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2C18DB-B45D-D60E-CDD7-CEFC769A9E5E}" = Catalyst Control Center Localization Thai
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{742E3576-AA94-E766-39C2-CE441F0EBF91}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{792B507D-075E-F2D8-DCAC-736BF8F1FD06}" = CCC Help Korean
"{7AD0293F-EBAE-46BA-74F2-9B64A27C97F9}" = Catalyst Control Center Localization Polish
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{82B880E9-D0E9-E7F9-25C6-9E2A0E7D4D4E}" = Catalyst Control Center Localization Greek
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87DCF127-24D4-4A83-DAA3-0BF056CF344D}" = CCC Help German
"{88A70E49-393A-1056-0D60-9EFAF1B4BE11}" = Catalyst Control Center Localization Norwegian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6509B1-DDE7-E62C-222F-9D08337A2ED2}" = CCC Help Hungarian
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8CA5B43B-0904-3D3F-2338-43551437C8AD}" = Catalyst Control Center Localization Dutch
"{8E992F0B-2F59-ACF1-9B06-5FB2769F53E9}" = CCC Help French
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93ACD5DE-29D1-4B0A-0EE1-EE58334EF845}" = ccc-utility
"{94DA7C00-FE0D-06C8-06CC-37133FAA461D}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52314FB-8246-727B-AAB8-AAC18EDDA97F}" = Catalyst Control Center Localization Spanish
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BB5202A5-B5B4-4899-ADD9-984EA71FA979}" = Catalyst Control Center - Branding
"{BBCF9D58-809D-9BE7-A92F-FA7F925477D9}" = Catalyst Control Center Localization Chinese Standard
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C4DCAD15-B754-4FD9-8035-713FE919B118}" = PrintMaster Gold 17
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6E8B756-6E2E-4D4B-304D-46698E9BECEA}" = CCC Help Thai
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{CB073BAE-1804-0FCA-D063-CB45AFF5C640}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5BB7DF-4B9D-D421-D786-16EDD678DBBA}" = CCC Help Dutch
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D105A381-BE51-6C97-AD58-7B9080562544}" = Catalyst Control Center Localization Turkish
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D37E224D-667B-97A9-3C99-185039C5B6BC}" = CCC Help Chinese Standard
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D593F493-AA74-0657-CF52-CD69E1E8464D}" = CCC Help Polish
"{DAAFE24A-9B25-640D-C00C-E32F8153123E}" = Catalyst Control Center Localization Czech
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}" = Nero 7 Essentials
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3D3F767-C9CF-45FF-67AB-6C5278FE3361}" = Catalyst Control Center Localization French
"{E4F4D55D-46C0-150B-EAB5-62A6F7986AD7}" = CCC Help Finnish
"{E986E3ED-A9F7-5C0C-9E8C-BA5C9E84221D}" = CCC Help Portuguese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D4EA0C-B8A0-35BD-4EEA-8178D59AA589}" = CCC Help Norwegian
"{F89C3E22-321B-D376-2044-8E52EC95851B}" = Catalyst Control Center Localization Danish
"{FBF87F09-93C6-F129-66E2-BF5E73229F3E}" = Skins
"{FC058842-1EE8-D2AB-1650-FFD7DE2C0571}" = CCC Help Czech
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Browser Defender_is1" = Browser Defender 3.0
"Bubblets_is1" = Bubblets 1.0
"cciss_av" = CA Anti-Virus
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSI Live Update 3" = MSI Live Update 3
"PC Alert 4" = PC Alert 4
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealVNC_is1" = VNC Enterprise Edition E4.4.3
"Shop for HP Supplies" = Shop for HP Supplies
"SmartSync Pro 3" = SmartSync Pro 3
"Spyware Doctor" = Spyware Doctor 8.0
"TreeComp" = TreeComp
"TurboTax 2009" = TurboTax 2009
"Tweak UI 2.10" = Tweak UI
"VETWIN32Vp5" = CA Anti-Virus
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/9/2011 12:56:55 PM | Computer Name = JEWEL-PC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.
Error - 4/9/2011 12:58:37 PM | Computer Name = JEWEL-PC | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 4/9/2011 12:58:37 PM | Computer Name = JEWEL-PC | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 4/9/2011 4:50:42 PM | Computer Name = JEWEL-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/9/2011 5:02:23 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x002627c1.
Error - 4/9/2011 5:06:20 PM | Computer Name = JEWEL-PC | Source = Application Hang | ID = 1002
Description = Hanging application Upgrade.exe, version 6.1.0.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/9/2011 5:10:06 PM | Computer Name = JEWEL-PC | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 469cdcb3, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.
Error - 4/9/2011 5:13:24 PM | Computer Name = JEWEL-PC | Source = MsiInstaller | ID = 11706
Description = Product: PhotoGallery -- Error 1706.No valid source could be found
for product PhotoGallery. The Windows Installer cannot continue.
Error - 4/9/2011 5:16:29 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x93ee074a.
Error - 4/9/2011 5:18:21 PM | Computer Name = JEWEL-PC | Source = Application Error | ID = 1001
Description = Fault bucket 1859476749.
[ System Events ]
Error - 4/9/2011 5:30:00 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 4/9/2011 5:30:00 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 4/9/2011 5:30:55 PM | Computer Name = JEWEL-PC | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.
Error - 4/9/2011 5:31:18 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2482
Error - 4/9/2011 5:31:38 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
Error - 4/9/2011 6:21:15 PM | Computer Name = JEWEL-PC | Source = UPS | ID = 2482
Description = The UPS service could not access the specified Comm Port.
Error - 4/9/2011 6:21:22 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 4/9/2011 6:21:22 PM | Computer Name = JEWEL-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 4/9/2011 6:21:28 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2482
Error - 4/9/2011 6:23:02 PM | Computer Name = JEWEL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd
< End of report >
======================
Thank you for your help in trying to find the culprit.