Seeking help with two poorly PCs, both displaying the same problem - they'll only run in safe mode, or safe mode with networking. Boot either one normally, and it'll be unresponsive before quickly hanging completely, within the space of 30 seconds for one, or a couple of minutes for the other.
I suspect malware, but I only have circumstantial evidence, the most convincing of which is that yesterday I tried to run chkdsk on the one that hangs quicker. Safe mode, no apps running. chkdsk said "could not lock disk" and then it said "chkdsk could not start because another process is using the disk" and asked me if I'd like to schedule it to start on next reboot. I did this and let it run overnight, so I don't know what it found or did, if anything, but it hasn't helped.
I've followed the malware and spyware cleaning guide on this machine, but I don't know how useful it will have been in safe mode:
- MBAM found three infected items (registry keys for MyWebSearch, which I found and thought I had cleaned a few days ago)
- Trend Micro AV found nothing
- GMER found no system modification
- OTL ran quickly to completion
MBAM and OTL logs below. Still working through the procedure on the other machine.
Andy
---
vMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4076
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
07/05/2010 21:29:58
mbam-log-2010-05-07 (21-29-58).txt
Scan type: Quick scan
Objects scanned: 111130
Time elapsed: 5 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and
deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---
OTL logfile created on: 07/05/2010 22:23:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,023.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 86.61 Gb Free Space | 88.69% Space Free | Partition Type: NTFS
Drive D: | 92.25 Gb Total Space | 86.90 Gb Free Space | 94.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-54769632BA0
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/04/28 22:11:42 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/04/04 10:45:38 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/24 20:09:36 | 000,169,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/02/12 18:52:44 | 000,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\platformdependent\ProToolbarComm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/04/28 22:11:42 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/10/21 01:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/04 02:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/04 01:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/03/03 09:46:13 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/08/14 12:08:59 | 000,181,584 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service)
========== Driver Services (SafeList) ==========
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/04 17:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 17:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 17:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/04/03 00:08:54 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/04/03 00:08:52 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/04/03 00:08:48 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/04 00:12:44 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/03/03 10:08:15 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/06/27 02:58:16 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/21 19:28:30 | 000,209,536 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\m5288.sys -- (m5288)
DRV - [2005/11/10 12:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/10/05 17:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/11 13:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/03/30 08:24:00 | 000,230,400 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/10/27 15:21:30 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 13:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.SYS -- (DNINDIS5)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.2.0.1073
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/01/24 08:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 13:31:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 10:45:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/19 00:22:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2008/12/30 18:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/04 20:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i263r173.default\extensions
[2009/09/04 07:49:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i263r173.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/17 20:30:08 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\i263r173.default\searchplugins\bing.xml
[2008/12/30 01:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 07:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230576961612 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1230576948893 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/07 19:07:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f43b6616-d5cb-11dd-8b8d-0018f362a021}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/08/07 19:36:34 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 90 Days ==========
[2010/04/28 22:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/04/28 22:11:41 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/22 22:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/22 22:40:07 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/04/22 15:45:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/22 15:36:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/04/22 15:36:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/03/17 00:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Tracing
[2010/03/17 00:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/17 00:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/17 00:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/17 00:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/17 00:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
========== Files - Modified Within 90 Days ==========
[2010/05/07 21:50:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/07 21:48:48 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/07 21:44:58 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/07 21:44:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/07 21:44:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/07 21:44:08 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/05/07 21:44:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/05/07 21:44:06 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/05/07 21:10:50 | 000,355,033 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2010/05/04 17:49:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 09:14:11 | 000,014,877 | ---- | M] () -- D:\Steph\Birthday list.docx
[2010/04/29 09:08:54 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/04/28 22:11:42 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/04/28 22:10:12 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/04/26 21:30:13 | 000,000,162 | -H-- | M] () -- D:\Steph\~$rthday list.docx
[2010/04/22 22:40:08 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/04/22 15:49:13 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 15:49:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/22 15:49:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/22 12:58:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\settings.dat
[2010/04/21 17:52:02 | 000,000,855 | ---- | M] () -- C:\WINDOWS\goldwave.ini
[2010/04/21 17:48:11 | 000,011,703 | ---- | M] () -- D:\Steph\West End petition.docx
[2010/04/09 21:13:47 | 000,013,129 | ---- | M] () -- D:\Steph\Chocolate Chestnut Cake.docx
[2010/04/05 14:01:52 | 000,012,527 | ---- | M] () -- D:\Steph\Comedy script 2.docx
[2010/04/05 13:22:38 | 000,012,333 | ---- | M] () -- D:\Steph\Blame Carrington.docx
[2010/04/04 10:49:18 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/29 11:26:04 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/29 11:26:04 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/29 11:26:04 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 01:07:30 | 000,019,763 | ---- | M] () -- D:\Steph\Comedy script.docx
[2010/03/20 01:33:29 | 000,011,910 | ---- | M] () -- D:\Steph\Hot chocolate set letter.docx
[2010/03/02 15:47:30 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Highway Code '09.lnk
========== Files Created - No Company Name ==========
[2010/05/07 21:10:49 | 000,355,033 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SysProt.zip
[2010/04/28 22:10:12 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/04/26 21:30:13 | 000,000,162 | -H-- | C] () -- D:\Steph\~$rthday list.docx
[2010/04/22 12:58:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\settings.dat
[2010/04/11 11:57:40 | 000,011,703 | ---- | C] () -- D:\Steph\West End petition.docx
[2010/04/09 21:13:47 | 000,013,129 | ---- | C] () -- D:\Steph\Chocolate Chestnut Cake.docx
[2010/03/25 10:44:46 | 000,012,527 | ---- | C] () -- D:\Steph\Comedy script 2.docx
[2010/03/14 13:05:37 | 000,011,910 | ---- | C] () -- D:\Steph\Hot chocolate set letter.docx
[2010/03/02 15:47:30 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Highway Code '09.lnk
[2009/04/14 22:00:36 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/01/23 20:53:34 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/30 01:24:12 | 000,001,403 | ---- | C] () -- C:\WINDOWS\MQPreset.ini
[2008/12/30 01:24:12 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Multique.ini
[2008/12/30 01:23:15 | 000,006,592 | ---- | C] () -- C:\WINDOWS\gwpreset.ini
[2008/12/30 01:23:15 | 000,000,855 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2008/12/29 18:22:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/13 18:06:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/11 13:44:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/11 12:20:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/12/29 18:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/12/29 18:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/01/23 20:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/08/07 19:07:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/22 15:49:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/08/07 19:07:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/08/07 19:07:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/22 22:49:18 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/04/05 21:19:24 | 000,000,135 | ---- | M] () -- C:\moduleName.txt
[2008/08/07 19:07:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/29 21:48:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/07 21:50:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/08/07 19:41:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/08/07 19:41:10 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/08/07 19:41:10 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >
---
OTL Extras logfile created on: 07/05/2010 22:23:39 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,023.00 Mb Total Physical Memory | 727.00 Mb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 86.61 Gb Free Space | 88.69% Space Free | Partition Type: NTFS
Drive D: | 92.25 Gb Total Space | 86.90 Gb Free Space | 94.19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-54769632BA0
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04677911-D5DC-C500-A4E8-2D5CCC9180E9}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0629A9E3-42C3-38F4-7DE1-84647E9BE9CE}" = ccc-utility
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{15327F19-DCA5-D102-0A11-C8B213AC278A}" = Catalyst Control Center Localization Greek
"{170A555B-8B7C-18A7-FBB3-68FCD8171BEF}" = CCC Help English
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2100F7DB-91AA-8C7C-1917-E41BE3E06C64}" = CCC Help Dutch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23101306-56BD-BD95-DE03-907203A2D121}" = CCC Help Russian
"{23F84188-E168-12FC-68E1-0BC2B9ADA0F7}" = CCC Help Thai
"{252E8DB0-E036-1BFD-D1BA-0434C3B66B41}" = ccc-core-preinstall
"{255B921D-AE7F-8C7A-ACEA-9C7420659DC5}" = Catalyst Control Center Localization Thai
"{25F78FDD-6D45-5229-3602-1026D916B534}" = CCC Help Japanese
"{281D1C3D-50DA-46B4-D3E3-B811A9A3E644}" = Catalyst Control Center Localization Dutch
"{2847E94E-E127-1018-BA2D-1B99C229BE71}" = CCC Help Polish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32AF8E1C-CCC7-78D0-1BD6-E48EFFBBEE92}" = Catalyst Control Center Localization French
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{385DFAC7-B31A-6FB0-1EB6-CD4854D55219}" = Catalyst Control Center Localization Swedish
"{3D6816CE-0943-85C8-8AB4-88C23C38CECB}" = Catalyst Control Center Localization Chinese Traditional
"{4026F0FC-CD1B-C487-B5C6-E815B258A1CA}" = Catalyst Control Center Graphics Light
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security Pro
"{44EBA8D8-C559-A742-692D-51D2049AB8F1}" = CCC Help Finnish
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45E5354A-2CB2-EB0B-D930-29F8DD9F17AC}" = CCC Help Turkish
"{4846B4A3-E2E3-61A3-2B9F-3674291C3C97}" = CCC Help Spanish
"{491E695B-D88A-96B3-5DD6-C8487E6CF145}" = CCC Help Swedish
"{52DF099A-2A4A-4714-756F-3E4719FE4672}" = Skins
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{54043BD9-50E5-96F0-D95F-E8BAACE26D89}" = Catalyst Control Center Localization Finnish
"{54B21299-1523-BA6D-CF0C-37122B5CB762}" = CCC Help Italian
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{67E76212-F672-32C4-0828-5BE8F7B85966}" = Catalyst Control Center Graphics Full New
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A9D8554-E01A-B116-C84D-810589D016A1}" = Catalyst Control Center Localization Japanese
"{6C144163-02C2-B57F-AB61-56DA5546B2BB}" = Catalyst Control Center Localization Spanish
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{74DF227F-21FD-1B67-B1C2-635B14A0158E}" = CCC Help Danish
"{76CA3745-48C8-1B2E-4090-56711467CD43}" = Catalyst Control Center Localization Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B545503-5C31-B8A4-9B77-B6B99ADEC09D}" = Catalyst Control Center Localization Russian
"{7D4A509E-8F02-7850-5837-B50D08D47FF5}" = Catalyst Control Center Localization Czech
"{7DD3D82C-714A-F883-D93B-4C129D5FFA15}" = Catalyst Control Center Localization Norwegian
"{7E95FCBF-A6E7-2475-7A87-C6D4A355AA66}" = Catalyst Control Center Localization German
"{8010923B-40C7-0ECC-95C5-50623E548D96}" = CCC Help Portuguese
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82CD426E-31DC-2F43-205E-E01E5C098F5A}" = CCC Help Chinese Traditional
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{920560B7-6A55-DC40-5525-5F44A494F740}" = CCC Help Czech
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B56936D-273E-F723-89D1-6EB3FC858AB5}" = ccc-core-static
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B545059F-F74D-115D-2BAD-56555D575FCD}" = CCC Help Norwegian
"{C03DF297-96AD-B6D5-92EA-D99F5D76E5A3}" = CCC Help German
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DC3DD5-80E0-88B9-2AF4-DFBEF10E4EBB}" = CCC Help Chinese Standard
"{C66844A2-A373-1EEB-589E-AFD77E661FC9}" = Catalyst Control Center Core Implementation
"{C8781F28-84B1-4DBB-4627-951652B04293}" = CCC Help French
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC8EA619-F11E-AD1F-93B7-7B356752185A}" = Catalyst Control Center Localization Polish
"{CD13227D-2CA4-AB85-8674-5F6ADF42B882}" = Catalyst Control Center Localization Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6FC3A76-C2BD-0B95-FB03-7EE37A8D2B21}" = Catalyst Control Center Localization Hungarian
"{D83D00F3-BBEF-B19D-5FE3-AA3C2BD726E3}" = Catalyst Control Center Localization Turkish
"{D966EC30-E3FF-9B17-BB68-2277D0870F5B}" = Catalyst Control Center Graphics Previews Common
"{E5ADC9FD-8C1F-456E-DFFB-716FE481C520}" = CCC Help Hungarian
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F30E3BD6-F658-FDC3-8FF7-13302359DDD8}" = CCC Help Korean
"{F4B265CB-59BF-CCB2-F606-B8D16EE2D8ED}" = Catalyst Control Center Localization Chinese Standard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F860DD52-99C8-8746-1F2E-71A662B59FEA}" = Catalyst Control Center Graphics Full Existing
"{FAFDA3E9-7035-5EF2-679C-C787EFD01ADF}" = Catalyst Control Center Localization Danish
"{FB63CC95-17BA-A660-35EE-EAEBBA79C30C}" = Catalyst Control Center Localization Italian
"{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}" = ULi Sata Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner (remove only)
"Coupon Printer2.0" = Coupon Printer
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"GoldWave v4.25" = GoldWave v4.25
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multiquence v2.02" = Multiquence v2.02
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Registrar Lite 2.00" = Registrar Lite 2.00
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 08/11/2009 07:42:26 | Computer Name = WIN-54769632BA0 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07/05/2010 16:14:31 | Computer Name = WIN-54769632BA0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07/05/2010 16:15:33 | Computer Name = WIN-54769632BA0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07/05/2010 16:16:57 | Computer Name = WIN-54769632BA0 | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31
Error - 07/05/2010 16:16:57 | Computer Name = WIN-54769632BA0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips Processor tmtdi
Error - 07/05/2010 16:44:08 | Computer Name = WIN-54769632BA0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07/05/2010 16:45:13 | Computer Name = WIN-54769632BA0 | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 07/05/2010 16:45:13 | Computer Name = WIN-54769632BA0 | Source = ati2mtag | ID = 43034
Description = Unknown EDID version
Error - 07/05/2010 16:51:24 | Computer Name = WIN-54769632BA0 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07/05/2010 16:52:45 | Computer Name = WIN-54769632BA0 | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Proxy Service service depends on the Trend Micro TDI
Driver service which failed to start because of the following error: %%31
Error - 07/05/2010 16:52:45 | Computer Name = WIN-54769632BA0 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips Processor tmtdi
< End of report >