Last week, a virus/trojan attack my machine and it is using it as a SPAM Engine.
See attached image below to see the result of Failed Outgoing Email Messages..
Here are more details:
1. The virus/trojan start sending emails as soon as I connect to Internet.
2. If I connect to Work Internet (DOMAIN Network), it will not send emails.
3. It will send about several hundred emails per day, and it will rest for some time, then it will start sending emails again.
4. I wil start geting popup boxes from Norton AntiVirus Process "ccApp.exe" reporting failed outgoing email due to spam and other reasons. When I kill the process "ccApp.exe" the popup boxes will stop, but the SPAM Program will continue to send emails.
5. My machine will become very slow when the SPAM program is sending emails.
6. I tried several Anti Spam/Anti Trojan program, but no success.
Screen Shot: http://bit.ly/cnq1Ik
============== The Requested Logs ============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 16:55:49
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\220785\LOCALS~1\Temp\ffdirpod.sys
---- System - GMER 1.0.15 ----
SSDT 8A94BDD0 ZwAlertResumeThread
SSDT 8AA97598 ZwAlertThread
SSDT 8A8F2DB0 ZwAllocateVirtualMemory
SSDT 8A847260 ZwConnectPort
SSDT 8A91AEB0 ZwCreateMutant
SSDT 8A95C850 ZwCreateThread
SSDT 8AAEBF88 ZwFreeVirtualMemory
SSDT 8A9688E8 ZwImpersonateAnonymousToken
SSDT 8AAAC3D0 ZwImpersonateThread
SSDT 8A92EEC8 ZwMapViewOfSection
SSDT 8A92EC28 ZwOpenEvent
SSDT 8AAF30B8 ZwOpenProcessToken
SSDT 8A910830 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBAADD880] <-- ROOTKIT !!!
SSDT 8AACCA98 ZwResumeThread
SSDT 8AAF0248 ZwSetContextThread
SSDT 8A835178 ZwSetInformationProcess
SSDT 8A83AEA8 ZwSetInformationThread
SSDT 8A90A968 ZwSuspendProcess
SSDT 8AAC5B40 ZwSuspendThread
SSDT 8AACCB70 ZwTerminateProcess
SSDT 8AAD7C68 ZwTerminateThread
SSDT 8AAF0210 ZwUnmapViewOfSection
SSDT 8A8FB4F8 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
Device Ntfs.SYS (NT File System Driver/Microsoft Corporation)
Device 8AAF5448
Device Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] dewae <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415b5a46 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415bc212 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415bc223 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415b5a46
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415bc212
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415bc223
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\dewae@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415b5a46 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415bc212 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016415bc223 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\dewae@Group Boot Bus Extender
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Premium\@Order 0x08 0x00 0x00 0x00 ...
---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 07/02/2010 05:23:46 pm - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\My Data\220785 Data\Anti Virus and Spam Issues
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000401 | Country: Saudi Arabia | Language: ARA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 1.40 Gb Free Space | 5.00% Space Free | Partition Type: FAT32
Drive D: | 27.95 Gb Total Space | 7.45 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 0841-220785NB
Current User Name: 220785
NOT logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "d:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- d:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"4672:UDP" = 4672:UDP:*:Enabled:UDP
"4662:TCP" = 4662:TCP:*:Enabled:TCP
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\ENGINE.EXE" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\ENGINE.EXE:*:Enabled:Text processing -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\tmengine.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\tmengine.exe:*:Enabled:TM Engine -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\lexAPI.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\BIN\lexAPI.exe:*:Enabled:LEXAPI server -- File not found
"C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe" = C:\Program Files\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone -- File not found
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Disabled:Microsoft Office Word -- File not found
"C:\Program Files\eMule.de 0.46c v17\emule.exe" = C:\Program Files\eMule.de 0.46c v17\emule.exe:*:Enabled:eMule.de 0.46c -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = D:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = D:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = D:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- File not found
"D:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = D:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- File not found
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Documents and Settings\220785\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\220785\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe" = C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe:LocalSubNet:Enabled:UltiDev Cassini Web Server for ASP.NET 2.0 -- (UltiDev LLC)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Skype\Phone\Skype.exe" = D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\hp\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26119A24-8F74-4F62-A278-AB3984B12C04}" = Microsoft Web Platform Installer 2.0 RC
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{40247AAC-AB0D-449C-882F-90401C3351E8}" = UltiDev Cassini Web Server Explorer
"{42347B75-9660-2DA4-63FD-D35E344E1036}" = Nero 7 Premium
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B7F21B-789E-42C0-8746-FD829A543F56}" = Sphairon modem driver
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{675B3ECA-1C5E-4885-BE75-742A8FED7510}" = Application Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{705D8A9E-87F3-4E18-89C6-FAAF9444CD1F}" = Windows Workflow Foundation Human Workflow Sample
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{740D370D-E2B0-4FF2-91EC-A57DF48FC3DA}" = VistaDB Express
"{7482779A-D19E-48DA-9CAC-8DB51F949864}" = Lotus Notes 8.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5DC3FD-9971-4431-86F7-1C54B0C9DEB4}" = Prayer Times 2007
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0401-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Arabic) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0017-0401-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Arabic) 2007
"{90120000-0017-0401-0000-0000000FF1CE}_OMUI.ar-sa_{14635BAD-0CD2-4FD4-AC29-66AA72E0ABF9}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.ar-sa_{5A2F65A4-808F-4A1E-973E-92E17824982D}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.ar-sa_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.ar-sa_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0401-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Arabic) 2007
"{90120000-0044-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_OMUI.ar-sa_{2BF4A888-AB1A-4569-A7A3-B38F9C7CF7BF}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0401-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Arabic) 2007
"{90120000-00A1-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}_OMUI.ar-sa_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0100-0401-0000-0000000FF1CE}" = Microsoft Office O MUI (Arabic) 2007
"{90120000-0100-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0101-0401-0000-0000000FF1CE}" = Microsoft Office X MUI (Arabic) 2007
"{90120000-0101-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0401-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (Arabic) 2007
"{90120000-0114-0401-0000-0000000FF1CE}_OMUI.ar-sa_{D149D5F3-C220-4B8D-A344-9622CF446521}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0 RC2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5676-5A64-800000000003}" = Adobe Reader Extended Language Support Font Pack
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4020201-7769-4C53-8365-426CD0C0EF63}" = Coolite Toolkit Community v0.8.1
"{D890B413-DB39-4B43-BE62-D0FDCB6FB96A}" = Dell Client Configuration Utility
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDF6E319-BCD9-4FE3-9D69-26B2F47BEF7C}" = Microsoft SQL Server 2005 Samples
"{E05CE6CE-F3FD-46FB-9C2D-568D0A91A24A}" = Basic Design Template
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E136BB09-1BB2-49A0-9FF3-5C25564D3819}" = FastCGI x86
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F5ADAB30-86CE-4FE1-AB93-E4CFE73AABFE}" = Adobe LiveCycle Designer ES
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6C8DAED-8CC7-43FD-9DA4-1F629B873A17}" = UltiDev Cassini Web Server for ASP.NET 2.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HTML Help Workshop" = HTML Help Workshop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OMUI.ar-sa" = Microsoft Office Language Pack 2007 - Arabic العربية
"ProInst" = Intel® PROSet/Wireless Software
"Shop for HP Supplies" = Shop for HP Supplies
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"VistaDB Express" = VistaDB Express
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile Resources
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter
"XP PRO IIS Admin_is1" = XP PRO IIS Admin Build 1.8.1
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07/02/2010 09:25:44 am | Computer Name = 0841-220785NB | Source = ESENT | ID = 455
Description = wuaueng.dll (220) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 07/02/2010 10:12:08 am | Computer Name = 0841-220785NB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 07/02/2010 10:12:24 am | Computer Name = 0841-220785NB | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 07/02/2010 10:13:02 am | Computer Name = 0841-220785NB | Source = MSSQL$SQLEXPRESS | ID = 17190
Description = FallBack certificate initialization failed with error code: 1.
Error - 07/02/2010 10:13:15 am | Computer Name = 0841-220785NB | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 07/02/2010 10:14:04 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 32(error not found) occurred while
creating or opening file 'd:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\AdventureWorksDW_Data.mdf'.
Diagnose and correct the operating system error, and retry the operation.
Error - 07/02/2010 10:14:04 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file d:\Program Files\Microsoft SQL
Server\MSSQL.2\MSSQL\Data\AdventureWorksDW_Data.mdf for file number 1. OS error:
32(error not found).
Error - 07/02/2010 10:14:05 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17207
Description = FCB::Open: Operating system error 32(error not found) occurred while
creating or opening file 'D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\DATA\Umbraco403.mdf'.
Diagnose and correct the operating system error, and retry the operation.
Error - 07/02/2010 10:14:05 am | Computer Name = 0841-220785NB | Source = MSSQLSERVER | ID = 17204
Description = FCB::Open failed: Could not open file D:\Program Files\Microsoft SQL
Server\MSSQL.2\MSSQL\DATA\Umbraco403.mdf for file number 1. OS error: 32(error
not found).
Error - 07/02/2010 10:14:42 am | Computer Name = 0841-220785NB | Source = Report Server Windows Service (MSSQLSERVER) | ID = 107
Description = Report Server Windows Service (MSSQLSERVER) cannot connect to the
report server database.
[ System Events ]
Error - 07/02/2010 09:08:00 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 09:10:42 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 09:13:35 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 09:18:21 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 09:20:23 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 09:22:23 am | Computer Name = 0841-220785NB | Source = DCOM | ID = 10010
Description = The server {781B925F-0BF8-4C7B-A2A8-A8B11B488A07} did not register
with DCOM within the required timeout.
Error - 07/02/2010 10:12:08 am | Computer Name = 0841-220785NB | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain IDBHQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 07/02/2010 10:12:33 am | Computer Name = 0841-220785NB | Source = Print | ID = 23
Description = Printer Sametime Print Capture failed to initialize because a suitable
Sametime Print Capture driver could not be found.
< End of report >
OTL logfile created on: 07/02/2010 05:23:46 pm - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = D:\My Data\220785 Data\Anti Virus and Spam Issues
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000401 | Country: Saudi Arabia | Language: ARA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.93 Gb Total Space | 1.40 Gb Free Space | 5.00% Space Free | Partition Type: FAT32
Drive D: | 27.95 Gb Total Space | 7.45 Gb Free Space | 26.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 0841-220785NB
Current User Name: 220785
NOT logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
PRC - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/18 01:55:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/09/18 01:55:36 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/09/18 01:55:36 | 000,644,464 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2009/05/21 22:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/05/21 21:54:18 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/08 15:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- D:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
PRC - [2007/08/24 07:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/13 13:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
PRC - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
PRC - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
PRC - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2005/12/19 09:08:30 | 001,347,584 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2005/12/19 09:08:26 | 001,200,128 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2005/12/13 17:45:00 | 000,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/12/13 17:41:00 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2005/11/16 15:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/28 16:26:40 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2005/10/14 13:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
PRC - [2005/10/07 14:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
PRC - [2005/07/27 16:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE
PRC - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/06/28 23:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2003/08/27 14:20:00 | 000,094,208 | R--- | M] (Cypress Semiconductor) -- C:\WINDOWS\SM1bg.exe
========== Modules (SafeList) ==========
MOD - [2010/02/07 16:53:06 | 000,549,376 | ---- | M] (OldTimer Tools) -- D:\My Data\220785 Data\Anti Virus and Spam Issues\OTL.exe
MOD - [2006/08/25 18:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2009/10/27 13:21:28 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/10/11 04:17:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/09/18 01:55:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/09/18 01:55:36 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/18 01:55:36 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/18 01:55:36 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/05/21 22:09:24 | 000,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/05/21 22:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/04/08 18:10:50 | 000,042,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/03/03 14:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Disabled | Stopped] -- D:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:56 | 000,031,624 | ---- | M] (IBM Corp) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- D:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/12/03 20:05:42 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/12/03 20:05:32 | 000,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/09/26 03:51:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/10/15 13:06:36 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2007/08/24 06:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/03/03 23:12:56 | 028,771,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/03/03 23:12:54 | 014,560,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2007/03/03 23:12:02 | 000,202,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer)
SRV - [2007/03/03 23:09:40 | 000,017,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer) SQL Server Reporting Services (MSSQLSERVER)
SRV - [2007/02/08 00:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- d:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/25 17:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/12/19 09:08:30 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/11/30 13:33:04 | 000,180,224 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/11/23 11:45:10 | 000,159,744 | ---- | M] (Dell Inc) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 13:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 13:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/14 03:53:50 | 000,087,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/10/14 03:51:20 | 000,318,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2005/08/26 16:00:26 | 000,092,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/08/08 13:54:00 | 000,167,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/03/15 12:12:14 | 000,287,232 | ---- | M] (PJ Technologies, Inc.) [Auto | Running] -- C:\Program Files\PJ Technologies\GOVsrv\GOVsrv.EXE -- (GOVsrv)
SRV - [2004/09/30 20:49:36 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2004/08/04 15:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabic.arabia.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-sa
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 7C 5C AF E0 9A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = idbsmp*;idbsrv8;idbportal*;idbapps*;idbnet*;10*;f1n1*;otf;webcast;172*;idbdev.oraacpt;idbdev;*.rservices.com;iciec*;idbs
rv6*;idbhf*;portal*;www.isdb.org;sync1.isdb.org;webmail.isdb.org;*.idbhq.org;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = idb-proxy:8080
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/24 02:02:46 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/02/07 08:30:14 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: D:\My Data\220785 Data\Downloads\ColorPix.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] d:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SDFix] D:\My Data\220785 Data\Downloads\SDFix\SDFix\RunThis.bat ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1bg.exe (Cypress Semiconductor)
O4 - HKCU..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - d:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKLM\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKLM\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKLM\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKLM\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKCU\..Trusted Domains: idbhq.org ([oracelsrv2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: idbnet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: isdb.org ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: otf ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rservices.com ([reuterstrader.session] http in Trusted sites)
O15 - HKCU\..Trusted Domains: umbraco403 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([http] in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1263941747843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1263941634765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.isdb.org...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.30 10.1.1.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idbhq.org
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/22 03:45:42 | 000,000,130 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/06/18 10:58:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 14 Days ==========
[2010/02/07 14:36:11 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Anti Virus and Spam Issues
[2010/02/07 14:24:30 | 000,000,000 | -HSD | C] -- C:\Recycled
[2010/02/07 00:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/02/06 23:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/02/06 15:37:34 | 000,149,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/02/06 15:37:15 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/02/06 01:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/06 01:20:07 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\ComboFix
[2010/02/06 01:10:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/06 01:06:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/06 01:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/06 01:06:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/06 01:06:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/06 01:06:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/06 01:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/05 02:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Malwarebytes
[2010/02/05 02:50:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/05 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 02:50:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 01:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/02/04 01:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/04 00:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\HpUpdate
[2010/02/04 00:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/02/02 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Wave Systems Corp
[2010/02/02 12:15:16 | 000,625,032 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 12:06:21 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/02 12:06:21 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/02 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/01 19:54:40 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\Tamer School
[2010/02/01 19:53:28 | 000,000,000 | ---D | C] -- D:\My Data\220785 Data\My Scans
[2010/02/01 19:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Local Settings\Application Data\HP
[2010/01/31 12:54:33 | 000,000,000 | --SD | C] -- D:\My Data\220785 Data\My Shapes
[2010/01/31 08:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/01/31 08:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/01/30 15:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Application Data\domino
[2010/01/30 11:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Wave Systems Corp
[2010/01/30 08:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\220785\Desktop\Users-Grp_32-bit
[2010/01/28 14:53:58 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2009/09/11 09:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2008/12/02 18:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2007/11/07 12:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2007/11/07 12:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/07/02 08:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/12/11 23:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2006/11/28 11:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2006/06/19 10:19:35 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/06/18 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Lotus
[2006/06/18 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/06/18 11:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/06/18 11:07:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
[2010/02/07 17:27:32 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\dewae.sys
[2010/02/07 17:25:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job
[2010/02/07 17:15:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/07 17:12:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/07 17:11:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/07 17:11:16 | 2674,057,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 14:58:48 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\220785\NTUSER.DAT
[2010/02/07 14:58:26 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/02/07 14:58:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\220785\ntuser.ini
[2010/02/07 14:58:04 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/07 14:54:26 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:26 | 000,000,498 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 02:00:26 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/07 02:00:26 | 000,000,308 | RHS- | M] () -- C:\boot.ini
[2010/02/07 02:00:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/07 01:55:16 | 000,002,910 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/02/07 01:55:02 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/06 15:37:00 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/02/06 15:37:00 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/02/06 15:37:00 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/06 15:37:00 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/06 01:32:08 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\Spybot - Search & Destroy.lnk
[2010/02/05 23:58:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/02/05 10:38:22 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2010/02/04 01:18:02 | 000,213,228 | ---- | M] () -- C:\WINDOWS\hpoins43.dat
[2010/02/04 00:06:50 | 001,663,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 12:15:16 | 000,625,032 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2010/02/02 12:15:16 | 000,242,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2010/02/02 11:18:40 | 000,005,882 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/02 08:57:56 | 000,003,976 | RHS- | M] () -- C:\Documents and Settings\220785\ntuser.pol
[2010/02/02 00:09:12 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/01 23:01:49 | 000,018,042 | ---- | M] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:06 | 000,018,042 | ---- | M] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/31 12:52:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/30 15:08:42 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 15:04:38 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/01/30 14:58:30 | 000,036,995 | ---- | M] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 14:38:36 | 000,824,678 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/30 14:38:36 | 000,655,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/30 14:38:36 | 000,151,112 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/30 14:11:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/30 12:00:54 | 000,000,037 | ---- | M] () -- C:\WINDOWS\notes.ini
[2010/01/30 11:19:24 | 000,011,684 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/29 21:46:36 | 000,037,376 | ---- | M] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls
========== Files Created - No Company Name ==========
[2010/02/07 14:54:25 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\NTREGOPT.lnk
[2010/02/07 14:54:25 | 000,000,498 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\ERUNT.lnk
[2010/02/07 08:33:25 | 2674,057,216 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 08:59:35 | 000,001,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/02/06 01:32:06 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\Spybot - Search & Destroy.lnk
[2010/02/06 01:10:50 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2010/02/06 01:10:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/06 01:06:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/06 01:06:35 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/06 01:06:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/06 01:06:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/06 01:06:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/05 23:58:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpyHunter.lnk
[2010/02/05 02:50:59 | 000,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 00:19:24 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
[2010/02/02 12:06:21 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/02/02 12:06:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/02 09:18:55 | 000,005,882 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/01 23:01:48 | 000,018,042 | ---- | C] () -- D:\My Data\220785 Data\rule the world.docx
[2010/02/01 22:56:08 | 000,018,042 | ---- | C] () -- C:\Documents and Settings\220785\Desktop\rule the world.docx
[2010/01/30 14:58:27 | 000,036,995 | ---- | C] () -- C:\Documents and Settings\220785\install.xml
[2010/01/30 12:38:17 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/01/30 12:00:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\notes.ini
[2010/01/29 21:44:38 | 000,037,376 | ---- | C] () -- D:\My Data\220785 Data\Necklus - Reem Math.xls
[2010/01/24 01:27:56 | 000,002,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/01/22 04:17:43 | 000,002,910 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/01/16 22:57:36 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\dewae.sys
[2009/10/14 13:44:11 | 000,000,770 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/10/14 13:14:40 | 000,000,057 | ---- | C] () -- C:\WINDOWS\ASC.ini
[2009/08/28 14:55:55 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/08/28 14:55:50 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/08/28 14:52:01 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/08/28 14:49:19 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/08/28 14:48:32 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/08/28 14:44:57 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/08/27 06:15:22 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/27 04:34:46 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCUSTOM.DLL
[2009/07/31 21:49:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MagicPlayDVD.ini
[2009/07/15 16:34:33 | 000,000,159 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/10 14:38:46 | 000,000,302 | ---- | C] () -- C:\WINDOWS\ConfigCenter.INI
[2009/07/02 02:22:45 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\220785\Application Data\$_hpcst$.hpc
[2009/03/28 01:22:53 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\fusioncache.dat
[2008/12/06 13:22:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\pfxlib3.dll
[2008/12/06 13:22:16 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\isamdll.dll
[2008/12/06 13:22:14 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wrap32.dll
[2008/12/02 18:15:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2008/10/06 13:14:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/30 16:25:22 | 000,000,184 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/08/30 15:44:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BARBIE.INI
[2008/08/30 15:36:21 | 000,000,407 | ---- | C] () -- C:\WINDOWS\HairStyl.ini
[2008/05/11 12:01:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/12/09 15:41:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\imageCache7.db
[2007/11/28 13:12:10 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\220785\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/23 12:44:30 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/04/03 16:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/03/24 11:47:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007/03/10 19:48:05 | 000,003,379 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/08 20:15:47 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2007/02/08 20:10:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/01/18 11:23:24 | 000,000,299 | ---- | C] () -- C:\WINDOWS\sap_old_sapdoccd.ini
[2007/01/16 18:55:03 | 000,000,303 | ---- | C] () -- C:\WINDOWS\oldsapdoccd.ini
[2007/01/06 12:50:05 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/12/09 23:15:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\sapgrph.ini
[2006/12/04 23:17:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/04 12:35:22 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2006/11/28 18:05:40 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
[2006/06/20 13:46:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GovAppLog.dll
[2006/06/18 12:46:07 | 000,001,158 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/18 12:29:34 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/06/18 12:06:48 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/18 12:06:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/06/18 11:54:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/18 11:54:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/03/25 17:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 15:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 15:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 15:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 15:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 15:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 15:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 15:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 15:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 15:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 15:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 15:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/20 12:35:06 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2005/11/30 13:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 13:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/02/28 23:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/14 14:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2006/06/18 11:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2006/06/18 12:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2006/06/19 10:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/12/14 20:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/02/11 10:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007/05/17 11:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/11 23:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/12/04 02:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/03/28 01:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UltiDev
[2009/03/28 02:27:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18A5344A-6C23-4426-87EF-647E010A2997}
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
[2009/07/18 15:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/08/03 16:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/19 12:04:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2007/11/28 12:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\FUJIFILM
[2008/11/11 23:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Juniper Networks
[2009/04/20 15:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\IBM
[2009/07/16 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\X-Setup Pro
[2010/01/19 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Windows Live Writer
[2010/01/30 15:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\domino
[2010/02/04 01:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\220785\Application Data\Wave Systems Corp
[2010/02/07 17:25:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EA450A77-A4E1-406C-9F58-1E7E03CDDD81}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 03:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 03:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 21:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\backup\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 03:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/18 01:55:40 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/09/18 01:55:40 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/09/18 01:55:40 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/02/07 17:33:26 | 000,791,552 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\dewae.sys
[2009/09/18 01:55:40 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2009/09/18 01:55:38 | 000,050,064 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2009/09/18 01:55:38 | 000,092,488 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2009/04/20 22:12:14 | 000,149,768 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\wpshelper.sys
[color="#A23BEC"]< %systemroot%\System32\config\*.sav >
[2006/06/18 11:06:16 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/06/18 11:06:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/18 11:06:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< End of report >