I have had this problem for about 3 weeks. Randomly, sometimes every 10 minutes, sometimes every few hours, a full-screen Internet Explorer window will pop up with an advertisement on it. This happens even if I don't have a web browser open. I use Firefox as a web browser. I use Avast! as a virus detector.
I have also noticed that iexplore.exe is running as a process in Windows Task manager. I can end the process, but within a few seconds it starts up again. I don't know if this is normal behavior or not.
Occasionally, while doing a disk search or when Avast! finishes a boot scan, the computer will reboot itself. When it comes back I get a BSOD with the error "INVALID_PROCESS_DETACH_ATTEMPT". The computer reboots normally after a power-cycle.
I have run the virus scanner for the last week and have had the following results:
7-11-10 Boot Scan: No virus found
7-12-10 Boot Scan: PUP:Win32 PUP-gen [PUP] (This was from a file I downloaded to install VNC)
7-12-10 Boot Scan: No virus found
7-13-10 Boot scan: JS.Pdfka-AJV[Expl]
Java:Djewers-T [Tr] (8 instances of this)
7-13-10 Full scan: No virus found
7-14-10 Full Scan: No virus found
7-17-10 Boot scan: HTML-Downloader-S[Trj]
7-17-10 Full ScanL No virus found
Each time Avast! found something I would send it to the Avast! "Chest"
Before the first scan on 7-17-10, I ran the following applications per your forum post http://www.geekstogo...uide-t2852.html
Malwarebytes AntiMalware (see log below)
GMER (see log below)
OTL (see logs below)
If you can figure out what is going on, I'd appreciate it.
Thank you.
Log of Malwarebyte Anti-Malware (mbam-log 2010-07-17 (10-31-10).txt):
Malwarebytes' Anti-Malware 1.46
Database version: 4320
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
7/17/2010 10:31:10 AM
mbam-log-2010-07-17 (10-31-10).txt
Scan type: Quick scan
Objects scanned: 144894
Time elapsed: 11 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Log of GMER:
GMER - http://www.gmer.net
Rootkit scan 2010-07-17 12:49:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\ufloapoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAddBootEntry [0xF54EA130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwClose [0xF550350D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0xF54EBCE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0xF54EBD3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0xF54EBE50]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateKey [0xF5502EC1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0xF54EBC38]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0xF54EBD8A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0xF54EBC8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0xF54EBDFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteBootEntry [0xF54EA154]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteKey [0xF5503BD3]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDeleteValueKey [0xF5503CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwDuplicateObject [0xF54EC582]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateKey [0xF5503A3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwEnumerateValueKey [0xF55038A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0xF54E9F5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwModifyBootEntry [0xF54EA178]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0xF54EBD12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0xF54EBD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0xF54EBE7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenKey [0xF550321D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0xF54EBC64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenProcess [0xF54EC3BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0xF54EBDCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0xF54EBCBA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenThread [0xF54EC49E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0xF54EBE28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryKey [0xF5503724]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0xF54EAB48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryValueKey [0xF5503576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF5534210]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0xF54EC6F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0xF54EC2F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwRestoreKey [0xF550255C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetBootEntryOrder [0xF54EA19C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetBootOptions [0xF54EA1C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0xF54E9FB6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5533EC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0xF54EA0C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSystemDebugControl [0xF54EA0D8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF55F7620]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3052] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
Logs for OTL: (OTL.TXT)
OTL logfile created on: 7/17/2010 5:29:18 PM - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Chris\My Documents\DOWNLOADS\malwarebytes
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 307.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 245.21 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 478.75 Mb Total Space | 478.33 Mb Free Space | 99.91% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 9.53 Gb Total Space | 2.21 Gb Free Space | 23.19% Space Free | Partition Type: FAT
Drive I: | 15.73 Gb Total Space | 13.68 Gb Free Space | 87.01% Space Free | Partition Type: FAT32
Drive J: | 145.88 Gb Total Space | 82.75 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Computer Name: PRIMARY1
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/17 17:26:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\My Documents\DOWNLOADS\malwarebytes\OTL.exe
PRC - [2010/07/03 00:05:47 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/07/09 21:43:38 | 001,830,856 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2008/04/17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/03 12:21:42 | 000,236,040 | ---- | M] () -- C:\WINDOWS\system32\DeltaIITray.exe
PRC - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
PRC - [2007/04/20 08:59:30 | 001,169,720 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/01/15 16:28:00 | 000,090,112 | ---- | M] () -- C:\Program Files\SP TimeSync 2.3\SP TimeSync.exe
PRC - [2005/09/24 01:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2003/07/11 20:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
========== Modules (SafeList) ==========
MOD - [2010/07/17 17:26:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\My Documents\DOWNLOADS\malwarebytes\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/03 00:05:47 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/07/09 21:43:38 | 001,830,856 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2008/04/17 10:08:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/04/20 09:03:02 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\klif.sys -- (TSP)
DRV - [2010/07/03 00:05:52 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/22 17:11:34 | 000,130,400 | ---- | M] (FlexRadio Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlexRadio.sys -- (FlexRadio)
DRV - [2010/01/22 17:11:34 | 000,030,688 | ---- | M] (FlexRadio Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlexRadioMidi.sys -- (FlexRadioMidi)
DRV - [2010/01/22 17:11:34 | 000,028,256 | ---- | M] (FlexRadio Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlexRadioAudio.sys -- (FlexRadioAudio)
DRV - [2009/06/23 04:18:16 | 000,054,400 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2009/06/23 04:18:10 | 000,030,336 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2009/03/31 19:20:54 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/01/19 13:11:22 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPortIO.SYS -- (DLPortIO)
DRV - [2008/11/07 09:11:06 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2008/04/17 10:07:52 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/01 20:44:59 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/03/01 20:44:59 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/03/01 20:44:43 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/02/29 11:28:04 | 000,010,304 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2007/12/03 12:21:30 | 000,297,992 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2007/09/14 14:31:38 | 000,042,752 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2007/06/27 11:54:46 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0) LibUsb-Win32 (HPSDR/Flex)
DRV - [2007/01/31 17:38:06 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/07/09 16:05:00 | 000,019,456 | ---- | M] (N8VB vCOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vCOM.sys -- (vCOM)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/17 04:15:22 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2001/09/04 07:22:52 | 000,019,534 | ---- | M] (3Com Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TCAITDI.SYS -- (TCAITDI)
DRV - [2000/06/06 14:08:04 | 000,021,233 | ---- | M] (3Com Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\TCAICCHG.SYS -- (tcaicchg)
DRV - [1997/04/22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://onsite1.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://onsite1.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2
FF - prefs.js..extensions.enabledItems: ilab@intuit:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/26 18:56:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/13 13:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 01:00:31 | 000,000,000 | ---D | M]
[2008/12/07 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2010/07/17 17:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iay2w610.default\extensions
[2010/04/27 18:08:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iay2w610.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 18:09:02 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iay2w610.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/04/27 18:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\iay2w610.default\extensions\ilab@intuit
[2010/07/17 10:03:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 19:42:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/06/01 21:05:29 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
O1 HOSTS File: ([2008/12/27 22:23:15 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe (Maxtor)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [ROBOTFTPSCHED] C:\Program Files\FTPShell\botsched.exe ()
O4 - HKCU..\Run: [SP TimeSync] C:\Program Files\SP TimeSync 2.3\SP TimeSync.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ckpNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://image.weather...rwx_600x405.jpg
O24 - Desktop Components:1 () -
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/26 18:57:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/05/02 13:00:52 | 000,000,224 | -HS- | M] () - H:\AUTOEXEC.BAK -- [ FAT ]
O32 - AutoRun File - [2004/05/02 13:00:52 | 000,000,224 | ---- | M] () - H:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2008/01/20 18:29:48 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk J:\
O33 - MountPoints2\{77ee93bf-e597-11dc-a91b-b0372f84f2dc}\Shell - "" = AutoRun
O33 - MountPoints2\{77ee93bf-e597-11dc-a91b-b0372f84f2dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77ee93bf-e597-11dc-a91b-b0372f84f2dc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/17 10:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\My Malware utilities
[2010/07/13 08:05:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/13 08:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/11 14:14:50 | 000,312,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/07/11 14:14:30 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/11 14:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/09 00:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/07 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\NBEMS.files
[2010/07/07 10:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Fldigi-3.20.19
[2010/07/06 09:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2010/07/06 09:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\Codestuff
[2010/07/05 23:01:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/05 22:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/05 19:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/05 09:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/03 18:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/03 00:06:20 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/03 00:06:14 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/03 00:01:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/07/02 21:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/02 21:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/07/02 20:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/02 20:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/01 19:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2010/07/01 19:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/01 19:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/01 19:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/01 19:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2010/07/01 05:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\My Documents\ezpass_june_10_files
[2010/06/30 19:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\SDR DB backups
[2010/05/27 20:47:20 | 000,073,728 | ---- | C] (TC Applied Technologies Ltd.) -- C:\WINDOWS\System32\FlexRadio.cpl
[2010/05/27 20:47:19 | 000,130,400 | ---- | C] (FlexRadio Systems) -- C:\WINDOWS\System32\drivers\FlexRadio.sys
[2010/05/27 20:47:19 | 000,106,496 | ---- | C] (FlexRadio Systems) -- C:\WINDOWS\System32\FlexRadioAsio.dll
[2010/05/27 20:47:19 | 000,030,688 | ---- | C] (FlexRadio Systems) -- C:\WINDOWS\System32\drivers\FlexRadioMidi.sys
[2010/05/27 20:47:19 | 000,028,256 | ---- | C] (FlexRadio Systems) -- C:\WINDOWS\System32\drivers\FlexRadioAudio.sys
[2010/05/27 20:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Local Settings\Application Data\Downloaded Installations
========== Files - Modified Within 90 Days ==========
[2010/07/17 16:38:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/17 16:33:27 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/07/17 16:33:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/17 16:33:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/17 16:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 16:33:00 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/17 13:06:03 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Chris\NTUSER.DAT
[2010/07/17 13:06:03 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Chris\ntuser.ini
[2010/07/17 11:29:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/16 22:59:02 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/07/16 22:59:00 | 000,003,048 | ---- | M] () -- C:\WINDOWS\RBuilder.ini
[2010/07/15 06:02:01 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 07:20:46 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\VPN Client.lnk
[2010/07/11 19:15:44 | 000,000,844 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/11 19:15:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/11 19:15:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/11 14:14:50 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/07/11 14:14:49 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/11 14:03:49 | 000,002,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DDUtil v 1.8.6.lnk
[2010/07/11 13:56:11 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\PowerSDR v1.18.5.lnk
[2010/07/08 22:41:36 | 000,000,216 | ---- | M] () -- C:\WINDOWS\EurekaLog.ini
[2010/07/07 19:02:15 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\HiJackThis.lnk
[2010/07/07 17:08:36 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/07 17:08:36 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/07 17:08:36 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/07 10:09:27 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Fldigi 3.20.19.lnk
[2010/07/07 10:09:27 | 000,001,579 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Flarq 4.3.1.lnk
[2010/07/04 09:06:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/04 08:25:20 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\k1230.ocx
[2010/07/03 01:00:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/03 00:06:09 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/03 00:06:08 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/03 00:05:52 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/03 00:01:17 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/02 21:10:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2010/07/02 05:56:00 | 000,016,900 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\test.html
[2010/07/01 05:18:07 | 000,012,631 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\ezpass_june_10.htm
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:39:38 | 000,312,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 21:23:27 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/06/22 08:00:12 | 000,001,878 | -H-- | M] () -- C:\Documents and Settings\Chris\My Documents\Default.rdp
[2010/06/09 05:06:25 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 03:13:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/04 21:23:06 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ccbrowser.lnk
[2010/06/04 21:14:09 | 000,119,271 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\ccbrowser.elf
[2010/05/28 19:29:29 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SDRDataTransfer.lnk
[2010/05/27 20:49:10 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerSDR v2.0.0.lnk
[2010/05/27 20:47:20 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Chris\Desktop\FlexRadio.lnk
[2010/05/26 18:57:10 | 000,023,110 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/05/14 23:32:47 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerSDR v1.18.3.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 06:38:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Chris\My Documents\amp analysis.xls
========== Files Created - No Company Name ==========
[2010/07/13 07:09:33 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/11 14:14:50 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2010/07/07 10:22:30 | 000,002,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DDUtil v 1.8.6.lnk
[2010/07/07 10:09:27 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Fldigi 3.20.19.lnk
[2010/07/07 10:09:27 | 000,001,579 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Flarq 4.3.1.lnk
[2010/07/04 09:06:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/03 18:44:03 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\HiJackThis.lnk
[2010/07/03 02:18:45 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/03 00:09:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 00:01:17 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/02 21:10:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\Spybot - Search & Destroy.lnk
[2010/07/01 05:18:01 | 000,012,631 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\ezpass_june_10.htm
[2010/06/27 17:01:02 | 000,016,900 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\test.html
[2010/06/04 21:23:06 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ccbrowser.lnk
[2010/05/29 22:17:21 | 000,119,271 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\ccbrowser.elf
[2010/05/27 20:49:10 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerSDR v2.0.0.lnk
[2010/05/27 20:47:20 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Chris\Desktop\FlexRadio.lnk
[2010/05/26 18:54:53 | 000,023,110 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/04/28 06:38:41 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Chris\My Documents\amp analysis.xls
[2010/01/08 21:22:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/29 18:25:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/04/20 08:34:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\qslw.ini
[2009/01/03 16:13:46 | 000,003,048 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2009/01/03 16:13:19 | 000,000,144 | ---- | C] () -- C:\WINDOWS\cenlog.ini
[2009/01/03 16:12:37 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/12/30 06:16:08 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPortIO.SYS
[2008/12/27 22:10:35 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2008/12/20 20:20:05 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/08/02 17:14:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azmap2.INI
[2008/04/17 10:08:56 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/17 10:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/03/23 08:57:51 | 000,000,222 | ---- | C] () -- C:\WINDOWS\HRDLog001.INI
[2008/03/03 06:44:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\xsa2.dll
[2008/02/28 21:54:07 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/28 21:50:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AutoRun.INI
[2008/02/28 06:48:28 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2008/02/28 06:43:56 | 000,025,853 | ---- | C] () -- C:\WINDOWS\System32\sk98nt4.ini
[2008/02/28 06:43:56 | 000,025,853 | ---- | C] () -- C:\WINDOWS\System32\InstInfo.ini
[2008/02/28 06:41:27 | 000,003,199 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/02/28 06:41:26 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/02/28 06:26:38 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2010/07/11 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/09/08 13:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/03/10 19:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/03/02 11:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/03/17 06:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2009/11/02 10:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2008/11/28 23:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sling Media
[2010/03/13 16:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/03 00:01:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/10/16 21:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Afreet
[2010/04/04 09:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
[2010/07/07 10:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\DDUtil
[2008/12/06 09:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Flex5000
[2010/04/25 13:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FlexRadio
[2010/07/11 13:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FlexRadio Systems
[2009/09/08 13:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\GARMIN
[2008/04/13 14:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Nikon
[2009/06/25 09:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Research In Motion
[2010/02/21 09:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\RNA Software
[2008/12/07 14:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Simon Brown, HB9DRV
[2008/02/29 09:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Subversion
[2008/02/29 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TextPad
[2008/09/16 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TrustedQSL
[2008/05/10 08:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\VAT-Spy
[2010/07/17 16:38:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
[2010/07/17 16:32:59 | 000,010,972 | ---- | M] () -- C:\aaw7boot.log
[2008/02/26 18:57:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/11 19:15:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/11 13:10:44 | 000,000,000 | ---- | M] () -- C:\CALL3.TXT
[2008/02/26 18:57:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/17 16:33:00 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 20:55:31 | 000,001,835 | ---- | M] () -- C:\HTTPTemp.txt
[2008/09/04 05:42:42 | 000,000,249 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/26 18:57:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/26 18:57:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/13 17:24:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/17 16:32:59 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/16 22:59:02 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/08/08 06:22:46 | 000,002,704 | ---- | M] () -- C:\rollback.ini
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
< %systemroot%\Fonts\*.dll >
[2005/09/24 01:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
< %systemroot%\Fonts\*.ini >
[2008/02/26 18:57:35 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 23:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2007/12/17 19:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2008/02/28 22:07:53 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\outcmd.dat
[2008/03/01 10:25:18 | 000,032,036 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Outlook.FAV
[2008/03/01 10:32:41 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Outlook.NK2
[2008/03/03 06:49:44 | 000,000,046 | ---- | M] () -- C:\Program Files\ARC250PROcty18.dtr
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 20:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2008/04/13 20:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2007/08/13 19:54:10 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 14:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 20:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 20:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 20:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 20:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 20:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 13:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/02/26 02:24:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/26 02:24:38 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/26 02:24:37 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 15:37:08
========== Alternate Data Streams ==========
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2388C2C5
< End of report >
OTL Extras logfile created on: 7/17/2010 5:29:19 PM - Run 1
OTL by OldTimer - Version Folder = C:\Documents and Settings\Chris\My Documents\DOWNLOADS\malwarebytes
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,023.00 Mb Total Physical Memory | 307.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 245.21 Gb Free Space | 82.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 478.75 Mb Total Space | 478.33 Mb Free Space | 99.91% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 9.53 Gb Total Space | 2.21 Gb Free Space | 23.19% Space Free | Partition Type: FAT
Drive I: | 15.73 Gb Total Space | 13.68 Gb Free Space | 87.01% Space Free | Partition Type: FAT32
Drive J: | 145.88 Gb Total Space | 82.75 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Computer Name: PRIMARY1
Current User Name: Chris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = TextPad.ini] -- C:\Program Files\TextPad 4\TextPad.exe (Helios Software Solutions)
========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"EnableFirewall" = 1
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- File not found
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- File not found
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- File not found
"C:\Program Files\DXLab Suite\DXKeeper\DXKeeper.exe" = C:\Program Files\DXLab Suite\DXKeeper\DXKeeper.exe:*:Enabled:DXKeeper -- (AA6YQ)
"C:\Documents and Settings\Chris\My Documents\DOWNLOADS\Radio\DM780 to DXK gateway\dm780_dxk_gw_2.exe" = C:\Documents and Settings\Chris\My Documents\DOWNLOADS\Radio\DM780 to DXK gateway\dm780_dxk_gw_2.exe:*:Enabled:dm780_dxk_gw_2 -- (Peter Consult)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E8A56D3-A4BE-48C4-B8B4-CE1B961869D1}" = USBIO Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{23B6001D-F7FC-4751-8432-9EBAECD9A4D9}" = PowerSDR v1.10.4
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 20
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{342f0dd5-99ef-48f4-b3f3-bab80f555903}_is1" = SDRDataTransfer v3.3.4
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3515EC86-5FF9-4406-A098-8EC67C8E0704}" = PowerSDR v1.18.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{390757A9-26D1-4F95-887B-E33B7539E1F1}" = PowerSDR v1.18.2
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{404E8C0A-3202-44FA-8BFE-5496F7DE4693}_is1" = vspMgr 1.0.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{461401CC-BFD3-4A0E-B99E-23EAC6991819}" = ARC250 PRO
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B4E68FD-93E9-498B-A43A-71C709CC62C6}_is1" = SDRDataTransfer v3.1.2
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4DBB804D-27BF-45EF-9A00-DFD5BD57BE82}" = UDP Gateway DM780 to DXKeeper
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{56C26831-6829-4377-A9A1-14691666F8B9}" = SDR Data Transfer
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN (32 bit)
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6222169C-B7A1-4F99-88E8-0E6D7E2A180E}" = PerSono Pro
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{763FAC34-7781-4751-89AB-3441D1E469E7}" = DDUtil
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{784630F1-A736-4B0E-AC23-652C2D729D9F}" = DDUtil
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Maxtor MaxBlast
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C3CE145-0EB8-4888-8B3B-AF4D7A8EE97C}" = PowerSDR v1.18.5
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91B57466-C3CD-47A7-989D-872B19FFDC21}" = FlexRadio Systems Software 2.0 Beta
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B6D0F294-B844-4FAF-9993-FAC10E9E0F94}" = AlacrityPC
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5D8FA4C-40A8-45EA-85AF-4C5C55E627F7}" = PowerSDR v1.18.3
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD63755E-7F45-4E2E-BB44-7AEEE48D74C1}" = PerSono Pro
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC33421C-0E1C-470A-BE37-7B7C82677812}" = EchoLink
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2EA5233-8AC4-4A59-A521-FBD1A0778A06}" = XMLFox
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F365ED67-CB9B-4D77-9B13-8CB319E7AE11}" = PowerSDR v1.18.0
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{F87EE6E7-AB46-4A13-821D-3CFF24443CF5}" = SP TimeSync 2.3
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"3ComNicUnInstall" = 3Com NIC Diagnostics
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS Probe V2.20.02" = ASUS Probe V2.20.02
"ATCSMon_is1" = ATCSMon 3.7.5
"avast5" = avast! Pro Antivirus
"AZMap" = AZMap
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"BLACKBOX-PROG Programming Software" = BLACKBOX-PROG Programming Software
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Caribbean Roads & Topo (Maps for Garmin GPS receivers)_is1" = Version 1.20
"Century Club Logger_is1" = Century Club Logger Version 5.00n4
"CodeStuff Starter" = CodeStuff Starter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CSCLIB" = Canon Camera Support Core Library
"CW Skimmer_is1" = CW Skimmer 1.4
"CW Trainer" = CW Trainer
"DIGTRX_is1" = DIGTRX 3.11
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"EZNEC_-5000_is1" = EZNEC Demo v. 5.0
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"Fldigi-3.12.3" = Fldigi 3.12.3
"Fldigi-3.12.5" = Fldigi 3.12.5
"Fldigi-3.20.19" = Fldigi 3.20.19
"FlexRadio FLEX-x000 Driver_is1" = FlexRadio
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{CD63755E-7F45-4E2E-BB44-7AEEE48D74C1}" = PerSono Pro
"IP-Sound" = IP-Sound 0.57a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1" = Malwarebytes' RogueRemover
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixW" = MixW 2.18 (Feb-19-2007)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N1MM logger" = N1MM logger
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Omni-Rig_is1" = Omni-Rig 1.9
"PhotoStitch" = Canon Utilities PhotoStitch
"QSL Wizard_is1" = QSL Wizard 2.00
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ROBOTFTP2002PRO_is1" = FTPShell Client
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = DXLabLauncher
"ST6UNST #2" = PropView
"ST6UNST #3" = DXView
"ST6UNST #4" = DXKeeper
"ST6UNST #5" = Pathfinder
"ST6UNST #6" = Commander
"ST6UNST #7" = SpotCollector
"ST6UNST #8" = WinWarbler
"ST6UNST #9" = Fldigi-DXLabs Gateway
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TrustedQSL_is1" = TrustedQSL 1.11
"Ultravnc2_is1" = UltraVNC
"VATSpy" = VAT-Spy
"Virtual Audio Cable 4.8" = Virtual Audio Cable 4.8
"VLC media player" = VLC media player 1.0.5
"Weather View 32" = Weather View 32
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WSJT_is1" = WSJT Version 7.03 r1090
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WZCLINE" = WinZip Command Line Support Add-On 1.1 SR-1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_CURRENT_USER Uninstall List ==========
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 7/9/2010 7:28:04 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/9/2010 7:28:04 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/9/2010 7:28:04 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/9/2010 7:28:04 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/9/2010 8:03:46 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/9/2010 8:03:46 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/11/2010 12:22:42 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/11/2010 12:22:42 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/11/2010 12:22:42 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
Error - 7/11/2010 12:22:42 PM | Computer Name = PRIMARY1 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 7/14/2010 1:28:36 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 455
Description = wuaueng.dll (2108) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 7/14/2010 1:28:56 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 489
Description = wuauclt (2788) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 7/14/2010 1:28:56 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 455
Description = wuaueng.dll (2788) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 7/14/2010 1:29:06 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 489
Description = wuauclt (2788) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 7/14/2010 1:29:06 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 455
Description = wuaueng.dll (2788) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 7/14/2010 1:29:37 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 489
Description = wuauclt (2872) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 7/14/2010 1:29:37 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 455
Description = wuaueng.dll (2872) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 7/14/2010 1:29:47 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 489
Description = wuauclt (2872) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 7/14/2010 1:29:47 AM | Computer Name = PRIMARY1 | Source = ESENT | ID = 455
Description = wuaueng.dll (2872) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 7/17/2010 4:36:39 PM | Computer Name = PRIMARY1 | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version, faulting module
msvcr80.dll, version 8.0.50727.4053, fault address 0x0001500a.
[ System Events ]
Error - 7/17/2010 12:57:54 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.
Error - 7/17/2010 12:57:55 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053
Error - 7/17/2010 12:58:24 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Mail Scanner service.
Error - 7/17/2010 12:58:24 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053
Error - 7/17/2010 12:58:54 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Web Scanner service.
Error - 7/17/2010 12:58:55 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053
Error - 7/17/2010 12:59:32 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avast! Mail Scanner service.
Error - 7/17/2010 12:59:42 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053
Error - 7/17/2010 1:02:27 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
Error - 7/17/2010 4:34:56 PM | Computer Name = PRIMARY1 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
< End of report >