Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

xp Security 2011 removal Help


  • Please log in to reply

#1
mazcasa

mazcasa

    New Member

  • Member
  • Pip
  • 1 posts
Hi I need some help to remove XP security 2011, my grandaughter accidently clicked on it but we quickly realised what it was so we have not clicked on it's pop ups. Here is the note pad info from the Oldtimer program I downloaded.




OTL logfile created on: 22/04/2011 19:34:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mariann\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 49.48 Gb Free Space | 44.27% Space Free | Partition Type: NTFS

Computer Name: CAFFE-A911AD535 | User Name: Mariann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 19:32:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariann\My Documents\Downloads\OTL.com
PRC - [2011/04/22 09:42:49 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
PRC - [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/22 23:35:41 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/21 16:52:48 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 19:32:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariann\My Documents\Downloads\OTL.com
MOD - [2011/03/22 23:35:41 | 000,045,134 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/03/22 23:35:41 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/09 18:51:37 | 000,028,766 | ---- | M] (IWON) [Auto | Stopped] -- C:\Program Files\IWONG\bar\1.bin\9ubarsvc.exe -- (IWONGService)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/03 11:59:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/21 16:52:48 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - [2011/04/22 19:16:51 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{152B084E-FE0E-4033-AB81-36AACE7FB35F}\MpKslfde31c54.sys -- (MpKslfde31c54)
DRV - [2011/04/18 00:10:11 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Game Bar 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.selectedEngine: "Free Game Bar 2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home#!/|http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {6d85fe0e-8666-499b-b5f1-110625cf67ea}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:3.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: 9uffxtb[email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.fastbrows...EE224DD282}&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IWONG\bar\1.bin [2010/10/09 18:51:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin [2011/03/22 23:35:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/31 19:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 19:08:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 19:08:20 | 000,000,000 | ---D | M]

[2009/10/29 20:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Extensions
[2009/10/29 20:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Extensions\[email protected]
[2011/04/17 18:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions
[2010/11/29 20:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 01:35:13 | 000,000,000 | ---D | M] (Free Game Bar 2 Community Toolbar) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{6d85fe0e-8666-499b-b5f1-110625cf67ea}
[2011/01/22 19:11:29 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/03/26 01:35:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\[email protected]
[2010/07/24 01:21:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\[email protected]
[2010/01/20 13:23:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\searchplugins\conduit.xml
[2011/04/17 18:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/31 19:25:50 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/10/09 18:51:41 | 000,000,000 | ---D | M] (IWON) -- C:\PROGRAM FILES\IWONG\BAR\1.BIN
[2009/10/29 20:38:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/22 23:35:46 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN
[2011/03/18 01:27:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/18 01:27:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/18 01:27:55 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/18 01:27:55 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252018130218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mariann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mariann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/02 11:10:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{404cce22-5399-11df-8144-001d09ce8def}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{f905fd30-7adb-11df-8193-001d09ce8def}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe
O33 - MountPoints2\{f905fd31-7adb-11df-8193-001d09ce8def}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe" -a "%1" %* (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 19:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/22 09:42:49 | 000,348,160 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
[2011/04/22 09:40:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mariann\PrivacIE
[2011/04/21 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Trusteer
[2011/03/28 19:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Start Menu\Programs\Google Chrome
[2011/03/28 19:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Temp
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2006/12/12 11:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/22 19:21:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/22 19:20:57 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/22 19:20:57 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/22 19:17:48 | 000,015,894 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 19:17:47 | 000,015,894 | -HS- | M] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 19:17:01 | 000,013,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 19:16:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 19:15:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 19:15:04 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/22 19:02:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003UA.job
[2011/04/22 18:41:30 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/22 09:42:49 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
[2011/04/20 20:02:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003Core.job
[2011/04/20 19:55:57 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 00:21:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:26:39 | 000,000,684 | ---- | M] () -- C:\WINDOWS\Payroll.ini
[2011/04/11 18:09:39 | 000,004,629 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/11 18:09:39 | 000,000,439 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/11 17:46:19 | 000,000,079 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2011/04/11 17:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2011/03/28 19:59:34 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Mariann\Desktop\Google Chrome.lnk
[2011/03/28 19:59:34 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/24 01:20:52 | 000,203,457 | ---- | M] () -- C:\Documents and Settings\Mariann\Desktop\District Council minutes.pdf
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/22 09:42:49 | 000,015,894 | -HS- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 09:42:49 | 000,015,894 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/03/28 19:59:34 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Mariann\Desktop\Google Chrome.lnk
[2011/03/28 19:59:34 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/28 19:57:22 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003UA.job
[2011/03/28 19:57:21 | 000,000,932 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003Core.job
[2011/03/24 01:20:52 | 000,203,457 | ---- | C] () -- C:\Documents and Settings\Mariann\Desktop\District Council minutes.pdf
[2011/02/04 12:56:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2011/01/31 19:01:04 | 000,193,413 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/01/31 19:01:03 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/01/05 02:08:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 02:03:21 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/27 11:39:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SageSantander.dll
[2010/09/14 11:35:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SageBankOfAmerica.dll
[2010/05/26 16:30:24 | 000,057,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/19 22:19:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/19 22:19:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/06 18:28:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeConfig.dll
[2010/04/05 23:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/21 02:43:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/21 02:43:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/02 12:10:15 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2009/11/04 20:32:37 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/10/18 18:00:32 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 23:42:38 | 000,003,020 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2009/09/07 15:20:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/09/06 10:45:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/05 12:00:43 | 000,113,114 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2009/09/05 12:00:43 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2009/09/05 11:48:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/09/05 11:09:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/09/04 00:40:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/09/04 00:40:28 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/09/03 18:15:17 | 000,000,684 | ---- | C] () -- C:\WINDOWS\Payroll.ini
[2009/09/03 18:15:12 | 000,000,439 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/03 18:14:03 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2009/09/03 18:14:03 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2009/09/03 18:14:03 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2009/09/03 18:14:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2009/09/03 18:14:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2009/09/03 18:14:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2009/09/03 18:14:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2009/09/03 18:14:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2009/09/03 18:14:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2009/09/03 18:14:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RepDes32.exe
[2009/09/03 18:13:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_RegTLB.dll
[2009/09/03 13:15:42 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/03 13:01:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/03 11:51:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/03 11:51:24 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/03 11:51:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/02 12:00:49 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/02 11:59:30 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/02 11:13:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 11:07:16 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 16:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/07/24 12:33:22 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/07/24 12:33:16 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/07/24 12:33:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/07/24 12:33:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/07/24 12:33:08 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/07/24 12:33:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/07/24 12:32:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/07/24 12:32:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/07/24 12:32:48 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/07/24 12:32:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/07/24 12:32:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/07/24 12:32:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/07/24 12:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/06/13 14:12:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/02 20:06:22 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2008/12/01 16:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/28 18:40:12 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\libsndfile.dll
[2006/01/01 11:00:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2005/12/31 15:19:08 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/12/31 15:13:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/07/11 13:33:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/09 10:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76953F21
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:249F95D0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D86EE01
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:872B86AD
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55422315
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65AB2A58
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9

< End of report >


OTL Extras logfile created on: 22/04/2011 19:34:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mariann\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 49.48 Gb Free Space | 44.27% Space Free | Partition Type: NTFS

Computer Name: CAFFE-A911AD535 | User Name: Mariann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00708F40-D3AF-F9CF-1266-9F2B71C89FCD}" = CCC Help Korean
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0B3C6F7E-D65F-7A03-2AB0-51373C3126E0}" = Catalyst Control Center Localization Spanish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1172ABB9-B574-99CB-90C9-FF8A628D1FEF}" = Catalyst Control Center Localization Italian
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B02917B-3505-2E81-CA0C-52CC26843DB2}" = Catalyst Control Center Localization Japanese
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21CD0653-AE07-4C9F-8353-8A1075DEB7B6}" = Payroll for Windows
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A102D8B-87BB-4EE1-2254-C9C2539CFBCD}" = Catalyst Control Center Localization German
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3282A138-07A1-4F06-8764-959C8E7AB53B}" = Payroll for Windows
"{33E3C0D0-91F7-DD1C-FB42-264EAEAED3AF}" = CCC Help Italian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A2B7EF9-E8F4-7BB2-15B7-B8B203DEEA23}" = ccc-core-preinstall
"{3FC29AC3-68C5-4D75-9681-F53D2B393E80}" = DotNet20withMsi30
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58D3565F-C39E-12B8-2EDF-049BF2A36604}" = CCC Help Portuguese
"{590D44F3-642A-4A8E-AD8C-29939C6C3987}" = Payroll for Windows
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Accounts
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7810D83D-9916-A791-58F8-F0A503EE2146}" = ccc-utility
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7BAED0BC-542A-7083-0621-FE8660881D84}" = CCC Help French
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CFA59AF-1F7F-FACC-CADC-9A2B1282FDF5}" = Catalyst Control Center Localization French
"{8E7C8231-BCF8-FE52-77B0-7A251A44D3A7}" = Catalyst Control Center Graphics Light
"{8FB6032D-34D3-F732-7E33-04688C012E04}" = Catalyst Control Center Core Implementation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9117AB89-42D2-4722-AF0D-54028B830F3D}" = Payroll for Windows
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6E2B411-1C3B-4F09-C264-00ED125C45F7}" = Skins
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9FED82D-30FA-484D-882D-3BFB4822C857}" = Payroll for Windows
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF5A3AA5-B888-4860-B505-34E191E39355}" = Sage Instant Payroll v11.00
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B866B631-B62F-06C2-E68B-43E03C1DC025}" = CCC Help German
"{BB37A301-EA8E-FA98-415D-A165B38110C9}" = Catalyst Control Center Graphics Full New
"{BCE2DE29-CADB-C109-B7BD-8062373A4CD2}" = Catalyst Control Center Graphics Full Existing
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C352CBBA-8CBF-4232-B75E-15D8EC264921}" = Payroll for Windows
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C62AF3C2-5398-FFF8-1D2F-D4993EB98FAB}" = CCC Help English
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD6F5AF8-1136-B2F5-4988-A09DB32D5F17}" = Catalyst Control Center Localization Korean
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D63F7DDB-9BCF-D0BB-EC7A-65B8579556E9}" = Catalyst Control Center Localization Portuguese
"{D811DF29-612D-7378-C030-5ADA844A8F5B}" = CCC Help Japanese
"{D88CC56B-241C-97E7-80C0-88D1C4A09365}" = CCC Help Spanish
"{DA970CFA-7385-EB52-EBAA-4D535C6795D4}" = Catalyst Control Center Localization Chinese Standard
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD77FE5B-B4C1-182B-1A87-026D8ACD5326}" = CCC Help Chinese Traditional
"{ECF8E0CD-FBD3-A155-677F-5A99E204480F}" = CCC Help Chinese Standard
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F14CD747-C220-05B4-8CDE-F1222B4D984E}" = ccc-core-static
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F5066DEF-8350-4A01-9C09-FA4749D92B58}" = Payroll for Windows
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9329C54-11AF-4A17-B2D8-C019B81AA1B4}" = Accounts
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD201D5A-D637-40B9-9A96-96411EBF646A}" = Catalyst Control Center Localization Chinese Traditional
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BFGC" = Big Fish Games: Game Manager
"BFG-Secrets of the Dragon Wheel" = Secrets of the Dragon Wheel
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BVSSOL_is1" = BVS Solitaire Collection version 6.6
"Ease Audio Converter_is1" = Ease Audio Converter 5.01
"GoToAssist" = GoToAssist 8.0.0.514
"HMRC Employer CD-ROM 2010 " = HMRC Employer CD-ROM 2010
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Sage 50 Accounts 2010
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F9329C54-11AF-4A17-B2D8-C019B81AA1B4}" = Sage Instant Accounts v14
"IWONGbar Uninstall" = IWON
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Burner Plus" = MP3 Burner Plus
"MyWebSearch bar Uninstall" = My Web Search
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Paddy Power Poker" = Paddy Power Poker
"Paddy Power Poker Odds Calculator_is1" = Paddy Power Poker Odds Calculator 1.3.0
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PKR" = PKR
"Playsushi" = Playsushi
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/04/2011 05:05:50 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.

Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader369a7af2cff24c799185270133e1f97e.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokebcd82bea2a8c46629e971563ddc82d59.Invoke(Object , IRequest )

at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)

at Sage.Integration.Messaging.MessagingService.Process(IRequest request)

Error - 21/04/2011 15:54:12 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host

Error - 21/04/2011 15:54:15 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.

Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReadere80b4dec450a4ab0b53ee58fc8791420.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokea355b623823540dd856d189529cd810b.Invoke(Object , IRequest )

at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)

at Sage.Integration.Messaging.MessagingService.Process(IRequest request)

Error - 22/04/2011 04:33:33 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host

Error - 22/04/2011 04:33:36 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.

Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReaderc0fd0439166d4af6b0154ce89e229ec6.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokeb77fa7b25a33426d9c5793cdef332580.Invoke(Object , IRequest )

at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)

at Sage.Integration.Messaging.MessagingService.Process(IRequest request)

Error - 22/04/2011 04:43:42 | Computer Name = CAFFE-A911AD535 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 22/04/2011 13:31:15 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host

Error - 22/04/2011 13:31:22 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.

Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader80eeec5188ac4d76b6ccf24b08784da0.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invoke2a0bb08fcbba4d12a8e90e6337ac899b.Invoke(Object , IRequest )

at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)

at Sage.Integration.Messaging.MessagingService.Process(IRequest request)

Error - 22/04/2011 14:16:52 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host

Error - 22/04/2011 14:17:02 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.

Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader14d530295d5549cc961fe2bfb744417d.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invoke5a0b85193b4046e593fdaec81ab64992.Invoke(Object , IRequest )

at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)

at Sage.Integration.Messaging.MessagingService.Process(IRequest request)

[ OSession Events ]
Error - 08/06/2010 15:26:41 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/04/2011 13:15:41 | Computer Name = CAFFE-A911AD535 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/04/2011 13:15:41 | Computer Name = CAFFE-A911AD535 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 21/04/2011 05:12:08 | Computer Name = CAFFE-A911AD535 | Source = Print | ID = 6161
Description = The document Microsoft Word - Weekly agenda 21.04.11 owned by Mariann
failed to print on printer HP Deskjet F4500 series. Data type: NT EMF 1.008. Size
of the spool file in bytes: 185148. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\CAFFE-A911AD535.
Win32 error code returned by the print processor: 6 (0x6).

Error - 22/04/2011 04:43:41 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.209.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 22/04/2011 14:06:10 | Computer Name = CAFFE-A911AD535 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 22/04/2011 14:07:15 | Computer Name = CAFFE-A911AD535 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips MpFilter

Error - 22/04/2011 14:15:32 | Computer Name = CAFFE-A911AD535 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP