Thanks kahdah!
Here's my OTL.Txt log:
OTL logfile created on: 7/25/2010 4:06:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 88.71 Gb Free Space | 79.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.78 Gb Free Space | 95.57% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Joanna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
PRC - C:\Program Files\Memorex Button Manager\MmrBtnMgr.exe (Memorex Corp.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
========== Win32 Services (SafeList) ========== SRV - (YSIZQZ) -- File not found
SRV - (DIJ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec AntiVirus\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec AntiVirus\SNAC.EXE (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (WaveEnrollmentService) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe (Wave Systems Corp.)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
========== Driver Services (SafeList) ========== DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100723.002\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SysPlant) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (VX6000) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (WaveFDE) -- C:\WINDOWS\system32\drivers\WaveFDE.sys (Windows ® Codename Longhorn DDK provider)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (DXEC01) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080523
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.co...?channel=us-smbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080523
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.co...?channel=us-smbIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2080523
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/19 11:32:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1840991C-D215-4865-93F1-5C5F6A67FE5B}: C:\Documents and Settings\Joanna\Local Settings\Application Data\{1840991C-D215-4865-93F1-5C5F6A67FE5B} [2010/07/19 23:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 19:55:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 19:55:51 | 000,000,000 | ---D | M]
[2010/07/23 19:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanna\Application Data\Mozilla\Extensions
[2010/07/23 19:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joanna\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/24 09:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanna\Application Data\Mozilla\Firefox\Profiles\mfb15k59.default\extensions
[2010/07/23 19:50:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joanna\Application Data\Mozilla\Firefox\Profiles\mfb15k59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 09:03:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Joanna\Application Data\Mozilla\Firefox\Profiles\mfb15k59.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/07/25 16:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 19:55:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/24 00:49:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/07/22 19:07:09 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 19:07:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/07/23 09:47:22 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/02/06 13:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/07/22 19:07:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2010/04/02 06:30:43 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/12 22:04:19 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/08/12 22:04:19 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/08/12 22:04:19 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/08/12 22:04:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/08/12 22:04:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/08/12 22:04:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/08/12 22:04:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/22 16:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/22 16:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/22 16:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/22 16:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/22 16:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/22 16:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/22 16:41:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2010/07/23 16:16:15 | 000,415,370 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14344 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Memorex Button Manager] C:\Program Files\Memorex Button Manager\MmrBtnMgr.exe (Memorex Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Joanna\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: examsoft.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joanna\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (kheffd.dll) - File not found
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{015f1484-8f9a-11de-bcde-001c234f5bb6}\Shell\Autoplay\COmMANd - "" = E:\iswxie.pif -- File not found
O33 - MountPoints2\{015f1484-8f9a-11de-bcde-001c234f5bb6}\Shell\AutoRun\command - "" = E:\iswxie.pif -- File not found
O33 - MountPoints2\{015f1484-8f9a-11de-bcde-001c234f5bb6}\Shell\exploRE\cOmManD - "" = E:\iswxie.pif -- File not found
O33 - MountPoints2\{015f1484-8f9a-11de-bcde-001c234f5bb6}\Shell\open\CommanD - "" = E:\iswxie.pif -- File not found
O33 - MountPoints2\{47c2fe71-665c-11dd-bc4f-001c234f5bb6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{63c83fa4-3079-11de-bcb5-001c234f5bb6}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{b95239e4-8766-11de-bccf-001c234f5bb6}\Shell - "" = AutoRun
O33 - MountPoints2\{b95239e4-8766-11de-bccf-001c234f5bb6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b95239e4-8766-11de-bccf-001c234f5bb6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
========== Files/Folders - Created Within 30 Days ========== [2010/07/25 12:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Wave Systems Corp
[2010/07/24 09:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\My Documents\Downloads
[2010/07/24 09:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Desktop\C
[2010/07/23 19:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Application Data\Mozilla
[2010/07/23 12:41:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joanna\Recent
[2010/07/21 22:33:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/21 22:33:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/21 17:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Local Settings\Application Data\NTRU Cryptosystems
[2010/07/21 17:26:05 | 000,161,920 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpshelper.sys
[2010/07/21 17:24:13 | 000,092,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/07/21 17:23:37 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/21 17:23:37 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/21 17:19:03 | 000,000,000 | ---D | C] -- C:\SEP
[2010/07/21 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\sysinternals
[2010/07/21 17:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/07/21 17:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/20 12:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Desktop\03282010
[2010/07/20 11:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Desktop\Virus kill
[2010/07/20 11:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/20 11:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/19 23:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joanna\Local Settings\Application Data\{1840991C-D215-4865-93F1-5C5F6A67FE5B}
[2010/07/14 08:57:36 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/05 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/05 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/07/25 16:08:54 | 000,766,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\mkncnaeq.sys
[2010/07/25 16:01:42 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Joanna\NTUSER.DAT
[2010/07/25 15:55:08 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1412038611-1316041038-1082009855-1005UA.job
[2010/07/25 12:55:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1412038611-1316041038-1082009855-1005Core.job
[2010/07/25 12:28:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/25 12:28:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/25 12:28:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/25 12:28:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/25 12:28:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/25 12:27:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 12:26:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joanna\Local Settings\Application Data\WavXMapDrive.bat
[2010/07/25 12:25:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 12:25:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 12:25:26 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 17:33:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joanna\ntuser.ini
[2010/07/24 10:51:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\faqaogl.sys
[2010/07/24 10:51:01 | 000,000,122 | ---- | M] () -- C:\WINDOWS\System32\safms
[2010/07/24 10:50:57 | 000,010,514 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\Malwarebytes.docx
[2010/07/23 20:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/23 20:08:17 | 000,004,245 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\bookmarks-2010-07-23.json
[2010/07/23 19:55:55 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Joanna\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/23 19:55:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/23 16:16:15 | 000,415,370 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/22 19:47:17 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Joanna\Local Settings\Application Data\IconCache.db
[2010/07/21 22:33:31 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 19:49:30 | 000,012,078 | ---- | M] () -- C:\Documents and Settings\Joanna\My Documents\Websites.xlsx
[2010/07/21 17:23:55 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/21 17:23:55 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/21 17:23:55 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/21 17:23:55 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/20 20:48:24 | 000,003,612 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/07/20 20:48:24 | 000,001,174 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/07/20 20:09:24 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/20 11:46:02 | 000,000,389 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/20 11:14:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Psariqamalanune.bin
[2010/07/19 23:47:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hpifo.dat
[2010/07/16 19:55:10 | 000,012,291 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\Armstrong motto.docx
[2010/07/16 16:02:24 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\restorative_justice.doc
[2010/07/12 13:54:55 | 000,012,203 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\Sacto Trails.docx
[2010/07/12 13:54:39 | 000,011,888 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\AAA conf.docx
[2010/07/08 22:59:19 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Joanna\My Documents\Fig Olive tapenade.doc
[2010/07/07 22:46:16 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Joanna\Desktop\final draft recommendation letter Joanna Armstrong.doc
[2010/07/05 15:12:26 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/07/24 10:51:01 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\faqaogl.sys
[2010/07/24 10:51:01 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\safms
[2010/07/24 10:50:57 | 000,010,514 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\Malwarebytes.docx
[2010/07/23 20:08:17 | 000,004,245 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\bookmarks-2010-07-23.json
[2010/07/23 19:55:55 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/23 16:04:32 | 2136,965,120 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 22:33:31 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 17:23:37 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/21 17:23:37 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/19 23:47:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hpifo.dat
[2010/07/19 23:47:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Psariqamalanune.bin
[2010/07/19 23:46:06 | 000,766,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\mkncnaeq.sys
[2010/07/16 19:53:47 | 000,012,291 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\Armstrong motto.docx
[2010/07/16 16:02:12 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\restorative_justice.doc
[2010/07/12 13:54:54 | 000,012,203 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\Sacto Trails.docx
[2010/07/11 00:43:46 | 000,011,888 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\AAA conf.docx
[2010/07/08 22:59:18 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Joanna\My Documents\Fig Olive tapenade.doc
[2010/07/07 22:46:16 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Joanna\Desktop\final draft recommendation letter Joanna Armstrong.doc
[2010/07/05 15:12:26 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NCH Toolbox.lnk
[2010/07/02 21:40:08 | 000,012,078 | ---- | C] () -- C:\Documents and Settings\Joanna\My Documents\Websites.xlsx
[2010/01/15 23:13:50 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\LPng.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/24 10:26:28 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/08/15 17:08:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/05/22 23:21:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/22 23:18:01 | 000,000,389 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/22 23:06:24 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/05/22 23:03:49 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/05/22 23:03:49 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/05/22 22:59:38 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/22 22:59:36 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/22 22:36:51 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/22 22:36:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/05/22 22:35:26 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/13 12:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 12:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 12:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 12:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 12:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 12:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 12:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 12:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 12:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 12:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 12:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 13:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 13:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 13:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 13:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 13:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 13:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 13:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 13:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 13:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 13:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 07:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/06/15 08:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2006/08/14 09:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 06:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2005/08/10 11:56:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESxUtil.dll
[2004/09/10 11:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 11:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1996/11/18 01:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 01:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1996/11/18 01:00:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 01:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[1996/05/25 17:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll
========== LOP Check ========== [2008/06/01 22:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/11 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2008/12/02 17:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/07/05 15:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/05/22 23:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/07/21 17:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/08/12 22:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/18 13:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanna\Application Data\Barnes & Noble
[2008/12/02 17:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanna\Application Data\FileOpen
[2008/05/22 23:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joanna\Application Data\Wave Systems Corp
[2010/07/25 12:28:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/25 12:28:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/25 12:28:54 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/25 12:28:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/25 12:28:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/24 17:33:54 | 000,032,408 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2010/07/25 12:25:18 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2008/11/22 22:53:27 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2004/08/11 15:15:00 | 000,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2008/11/22 22:26:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004/08/11 15:15:00 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS
[2009/10/10 18:35:01 | 000,230,424 | ---- | M] () -- C:\DC6810xp-001.raw
[2008/05/22 22:38:12 | 000,006,719 | RH-- | M] () -- C:\dell.sdr
[2008/08/26 15:34:28 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2010/07/25 12:25:26 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys
[2008/06/05 08:50:30 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/12/02 17:50:10 | 000,017,578 | ---- | M] () -- C:\install.log
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/05/22 22:59:34 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/28 09:32:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/25 12:25:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/12/02 17:50:00 | 000,000,502 | ---- | M] () -- C:\uninstall.log
[2008/12/10 00:11:10 | 000,000,297 | ---- | M] () -- C:\VundoFix.txt
< %systemroot%\system32\*.dll /lockedfiles >[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/09/17 18:28:20 | 000,087,368 | ---- | M] (Symantec Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009/09/17 18:30:54 | 000,107,848 | ---- | M] (Symantec Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009/09/17 18:30:58 | 000,357,704 | ---- | M] (Symantec Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >[2010/07/24 10:51:01 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\faqaogl.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/07/25 16:09:45 | 000,766,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\mkncnaeq.sys
[2010/07/21 17:23:55 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/06/02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\wpshelper.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2002/03/04 20:09:00 | 000,011,264 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\htmlprnt.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
< End of report >
And here's my Extras.Txt log:
OTL Extras logfile created on: 7/25/2010 4:06:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 88.71 Gb Free Space | 79.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.78 Gb Free Space | 95.57% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP
Current User Name: Joanna
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\winlogon.exe" = C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Disabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Disabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32 -- (Microsoft Corporation)
"C:\WINDOWS\system32\logonui.exe" = C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Joanna\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Joanna\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Joanna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Joanna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Joanna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Joanna\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch
-- File not found
"C:\Program Files\ExamSoft\SofTest\softest.exe" = C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest
-- File not found
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0249E03D-1DB0-4BAE-95F3-C79A7A14E255}" = ArcSoft TotalMedia Backup
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B91DC7F1-022B-43F7-A70F-A15E44510B54}" = SofTest
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF2B125A-358E-448B-86B0-6429935464BA}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MemorexButtonManager" = Memorex Button Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"SearchAssist" = SearchAssist
"ToolBox" = NCH Toolbox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/24/2010 12:03:05 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 7/24/2010 12:03:08 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1967498370.
Error - 7/24/2010 4:55:07 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/24/2010 7:18:05 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/24/2010 7:18:13 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.
Error - 7/24/2010 7:37:47 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/24/2010 7:37:47 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/25/2010 3:55:07 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/25/2010 4:55:06 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/25/2010 6:55:06 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
[ Application Events ]
Error - 7/24/2010 12:03:05 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Error - 7/24/2010 12:03:08 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 1967498370.
Error - 7/24/2010 4:55:07 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/24/2010 7:18:05 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/24/2010 7:18:13 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.
Error - 7/24/2010 7:37:47 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/24/2010 7:37:47 PM | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/25/2010 3:55:07 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/25/2010 4:55:06 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
Error - 7/25/2010 6:55:06 PM | Computer Name = LAPTOP | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 8/19/2009 11:48:44 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70992
seconds with 7920 seconds of active time. This session ended with a crash.
Error - 8/26/2009 11:40:57 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 648 seconds with 180 seconds of active time. This session ended with a crash.
Error - 10/9/2009 9:06:15 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 94869
seconds with 8160 seconds of active time. This session ended with a crash.
Error - 10/14/2009 11:43:00 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 248376
seconds with 21360 seconds of active time. This session ended with a crash.
Error - 10/18/2009 12:37:45 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 160812
seconds with 29580 seconds of active time. This session ended with a crash.
Error - 10/19/2009 12:00:22 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 83467
seconds with 4320 seconds of active time. This session ended with a crash.
Error - 1/16/2010 2:33:37 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34994
seconds with 600 seconds of active time. This session ended with a crash.
Error - 4/15/2010 11:19:00 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 502141
seconds with 19920 seconds of active time. This session ended with a crash.
Error - 6/10/2010 1:12:05 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1301208
seconds with 28740 seconds of active time. This session ended with a crash.
Error - 7/15/2010 5:29:15 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 181326
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/23/2010 3:20:29 PM | Computer Name = LAPTOP | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001FE119A6A8. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 7/23/2010 3:35:22 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The YSIZQZ service terminated unexpectedly. It has done this 1 time(s).
Error - 7/23/2010 3:35:35 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Wave UCSPlus service terminated unexpectedly. It has done this
1 time(s).
Error - 7/23/2010 3:35:44 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The TdmService service terminated unexpectedly. It has done this
1 time(s).
Error - 7/24/2010 11:36:13 AM | Computer Name = LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001FE119A6A8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 7/24/2010 4:00:19 PM | Computer Name = LAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 7/24/2010 4:00:31 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 7/24/2010 4:00:35 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
Error - 7/25/2010 3:26:43 PM | Computer Name = LAPTOP | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 7/25/2010 3:27:21 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
< End of report >
And finally, here's my Rookit log (I'm hoping I did this right - Other than the C drive, I left "system" and "registry" checked):
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-25 17:19:59
Windows 5.1.2600 Service Pack 3
Running: fyv8xr5j.exe; Driver: C:\DOCUME~1\Joanna\LOCALS~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT 8A696EA8 ZwAlertResumeThread
SSDT 8A827FD0 ZwAlertThread
SSDT 89EE6278 ZwAllocateVirtualMemory
SSDT 8A4F02E8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT 8A84A3C0 ZwCreateMutant
SSDT 8A5FCD78 ZwCreateThread
SSDT 8A824588 ZwFreeVirtualMemory
SSDT 8A5E7848 ZwImpersonateAnonymousToken
SSDT 8A824898 ZwImpersonateThread
SSDT 8A677430 ZwMapViewOfSection
SSDT 8A4A0CE8 ZwOpenEvent
SSDT 8A6ABCE8 ZwOpenProcessToken
SSDT 8A8442F8 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xA8C22880]
SSDT 8A83E410 ZwResumeThread
SSDT 8A683BA8 ZwSetContextThread
SSDT 8A4ED2F8 ZwSetInformationProcess
SSDT 8A844980 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT 8A474BF0 ZwSuspendProcess
SSDT 8A827EF8 ZwSuspendThread
SSDT 8A83E618 ZwTerminateProcess
SSDT 8A816820 ZwTerminateThread
SSDT 8A8D17A8 ZwUnmapViewOfSection
SSDT 8A5A2B88 ZwWriteVirtualMemory
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\mkncnaeq@Type 1
Reg HKLM\SYSTEM\ControlSet001\Services\mkncnaeq@Start 0
Reg HKLM\SYSTEM\ControlSet001\Services\mkncnaeq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet001\Services\mkncnaeq@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\mkncnaeq@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\mkncnaeq@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mkncnaeq@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\mkncnaeq@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\mkncnaeq@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\mkncnaeq@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\mkncnaeq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\mkncnaeq@Group Boot Bus Extender
---- EOF - GMER 1.0.15 ----