OTL logfile created on: 22/04/2011 19:34:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mariann\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 49.48 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
Computer Name: CAFFE-A911AD535 | User Name: Mariann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/22 19:32:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariann\My Documents\Downloads\OTL.com
PRC - [2011/04/22 09:42:49 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
PRC - [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/22 23:35:41 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/21 16:52:48 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/19 14:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
========== Modules (SafeList) ==========
MOD - [2011/04/22 19:32:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariann\My Documents\Downloads\OTL.com
MOD - [2011/03/22 23:35:41 | 000,045,134 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/03/22 23:35:41 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/09 18:51:37 | 000,028,766 | ---- | M] (IWON) [Auto | Stopped] -- C:\Program Files\IWONG\bar\1.bin\9ubarsvc.exe -- (IWONGService)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/03 11:59:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/21 16:52:48 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
========== Driver Services (SafeList) ==========
DRV - [2011/04/22 19:16:51 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{152B084E-FE0E-4033-AB81-36AACE7FB35F}\MpKslfde31c54.sys -- (MpKslfde31c54)
DRV - [2011/04/18 00:10:11 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2010/10/03 23:43:44 | 000,169,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/19 14:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/10/11 21:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Free Game Bar 2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.selectedEngine: "Free Game Bar 2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home#!/|http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {6d85fe0e-8666-499b-b5f1-110625cf67ea}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:3.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.fastbrows...EE224DD282}&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IWONG\bar\1.bin [2010/10/09 18:51:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\2.bin [2011/03/22 23:35:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/31 19:25:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 19:08:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 19:08:20 | 000,000,000 | ---D | M]
[2009/10/29 20:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Extensions
[2009/10/29 20:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Extensions\[email protected]
[2011/04/17 18:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions
[2010/11/29 20:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/26 01:35:13 | 000,000,000 | ---D | M] (Free Game Bar 2 Community Toolbar) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{6d85fe0e-8666-499b-b5f1-110625cf67ea}
[2011/01/22 19:11:29 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2011/03/26 01:35:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\[email protected]
[2010/07/24 01:21:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\extensions\[email protected]
[2010/01/20 13:23:38 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Mozilla\Firefox\Profiles\ch2n1grt.default\searchplugins\conduit.xml
[2011/04/17 18:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/31 19:25:50 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/10/09 18:51:41 | 000,000,000 | ---D | M] (IWON) -- C:\PROGRAM FILES\IWONG\BAR\1.BIN
[2009/10/29 20:38:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/22 23:35:46 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN
[2011/03/18 01:27:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/18 01:27:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/18 01:27:55 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/18 01:27:55 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (The blinkx Toolbar) - {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] File not found
O4 - HKLM..\Run: [ISUSScheduler] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Go to PlaySushi web site - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252018130218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mariann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mariann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/02 11:10:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{404cce22-5399-11df-8144-001d09ce8def}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{f905fd30-7adb-11df-8193-001d09ce8def}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe
O33 - MountPoints2\{f905fd31-7adb-11df-8193-001d09ce8def}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe" -a "%1" %* (Microsoft Corporation)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe" -a "%1" %* (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2011/04/22 19:05:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/22 09:42:49 | 000,348,160 | -HS- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
[2011/04/22 09:40:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mariann\PrivacIE
[2011/04/21 20:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Trusteer
[2011/03/28 19:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Start Menu\Programs\Google Chrome
[2011/03/28 19:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\Temp
[2008/12/23 09:32:46 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2006/12/12 11:59:08 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.MSXML2.dll
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/22 19:21:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/22 19:20:57 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/22 19:20:57 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/22 19:17:48 | 000,015,894 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 19:17:47 | 000,015,894 | -HS- | M] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 19:17:01 | 000,013,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 19:16:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 19:15:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 19:15:04 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/22 19:02:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003UA.job
[2011/04/22 18:41:30 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/22 09:42:49 | 000,348,160 | -HS- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe
[2011/04/20 20:02:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003Core.job
[2011/04/20 19:55:57 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/20 00:21:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/11 18:26:39 | 000,000,684 | ---- | M] () -- C:\WINDOWS\Payroll.ini
[2011/04/11 18:09:39 | 000,004,629 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/11 18:09:39 | 000,000,439 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/04/11 17:46:19 | 000,000,079 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2011/04/11 17:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2011/03/28 19:59:34 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Mariann\Desktop\Google Chrome.lnk
[2011/03/28 19:59:34 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/24 01:20:52 | 000,203,457 | ---- | M] () -- C:\Documents and Settings\Mariann\Desktop\District Council minutes.pdf
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/22 09:42:49 | 000,015,894 | -HS- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/04/22 09:42:49 | 000,015,894 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ldr3cfk6y84isk2iryxkl77j2p4o7oih7sb24388f8i8jdx
[2011/03/28 19:59:34 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Mariann\Desktop\Google Chrome.lnk
[2011/03/28 19:59:34 | 000,002,278 | ---- | C] () -- C:\Documents and Settings\Mariann\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/28 19:57:22 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003UA.job
[2011/03/28 19:57:21 | 000,000,932 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1326574676-839522115-1003Core.job
[2011/03/24 01:20:52 | 000,203,457 | ---- | C] () -- C:\Documents and Settings\Mariann\Desktop\District Council minutes.pdf
[2011/02/04 12:56:57 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2011/01/31 19:01:04 | 000,193,413 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/01/31 19:01:03 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/01/05 02:08:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/05 02:03:21 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/27 11:39:10 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\SageSantander.dll
[2010/09/14 11:35:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SageBankOfAmerica.dll
[2010/05/26 16:30:24 | 000,057,940 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/19 22:19:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/04/19 22:19:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/04/06 18:28:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeConfig.dll
[2010/04/05 23:54:05 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/21 02:43:33 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/21 02:43:32 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/02 12:10:15 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2009/11/04 20:32:37 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/10/18 18:00:32 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Mariann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 23:42:38 | 000,003,020 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2009/09/07 15:20:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/09/06 10:45:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/05 12:00:43 | 000,113,114 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2009/09/05 12:00:43 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2009/09/05 11:48:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2009/09/05 11:09:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2009/09/04 00:40:29 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/09/04 00:40:28 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/09/03 18:15:17 | 000,000,684 | ---- | C] () -- C:\WINDOWS\Payroll.ini
[2009/09/03 18:15:12 | 000,000,439 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/03 18:14:03 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2009/09/03 18:14:03 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDlg32.dll
[2009/09/03 18:14:03 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLch32.dll
[2009/09/03 18:14:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBar32.dll
[2009/09/03 18:14:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2009/09/03 18:14:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAppBar.dll
[2009/09/03 18:14:03 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.dll
[2009/09/03 18:14:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SgStat32.dll
[2009/09/03 18:14:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLogo32.dll
[2009/09/03 18:14:03 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RepDes32.exe
[2009/09/03 18:13:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_RegTLB.dll
[2009/09/03 13:15:42 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/03 13:01:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/03 11:51:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/03 11:51:24 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/03 11:51:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/02 12:00:49 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/02 11:59:30 | 000,274,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/02 11:13:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 11:07:16 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 16:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2009/07/24 12:33:22 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/07/24 12:33:16 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/07/24 12:33:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/07/24 12:33:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/07/24 12:33:08 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/07/24 12:33:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/07/24 12:32:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/07/24 12:32:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/07/24 12:32:48 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/07/24 12:32:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/07/24 12:32:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/07/24 12:32:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/07/24 12:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/06/13 14:12:56 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/12/22 10:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/02 20:06:22 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SgDate.dll
[2008/12/01 16:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2006/11/01 15:50:40 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\PDFInstall.exe
[2006/04/14 11:37:26 | 000,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/28 18:40:12 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\libsndfile.dll
[2006/01/01 11:00:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2005/12/31 15:19:08 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/12/31 15:13:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/07/11 13:33:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/03/22 00:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 00:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 11:00:00 | 000,435,828 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 11:00:00 | 000,068,558 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/09 10:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMailRL.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\TMail3FL.SYS
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\rlfnlf.sys
[1998/03/20 01:00:00 | 000,001,048 | -HS- | C] () -- C:\WINDOWS\System32\flfnlf.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FAB64002
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F7FE589
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76953F21
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05670151
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:249F95D0
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AA3DAA3
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16ADBA30
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D86EE01
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:872B86AD
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E411AA0D
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55422315
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5311B0B8
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD04902E
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A032A04
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFCDF84
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CA0CE093
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65AB2A58
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:488F7244
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A05F750A
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
< End of report >
OTL Extras logfile created on: 22/04/2011 19:34:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mariann\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 49.48 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
Computer Name: CAFFE-A911AD535 | User Name: Mariann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Mariann\Local Settings\Application Data\ddh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00708F40-D3AF-F9CF-1266-9F2B71C89FCD}" = CCC Help Korean
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0B3C6F7E-D65F-7A03-2AB0-51373C3126E0}" = Catalyst Control Center Localization Spanish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1172ABB9-B574-99CB-90C9-FF8A628D1FEF}" = Catalyst Control Center Localization Italian
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B02917B-3505-2E81-CA0C-52CC26843DB2}" = Catalyst Control Center Localization Japanese
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21CD0653-AE07-4C9F-8353-8A1075DEB7B6}" = Payroll for Windows
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16
"{2A102D8B-87BB-4EE1-2254-C9C2539CFBCD}" = Catalyst Control Center Localization German
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3282A138-07A1-4F06-8764-959C8E7AB53B}" = Payroll for Windows
"{33E3C0D0-91F7-DD1C-FB42-264EAEAED3AF}" = CCC Help Italian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A2B7EF9-E8F4-7BB2-15B7-B8B203DEEA23}" = ccc-core-preinstall
"{3FC29AC3-68C5-4D75-9681-F53D2B393E80}" = DotNet20withMsi30
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58D3565F-C39E-12B8-2EDF-049BF2A36604}" = CCC Help Portuguese
"{590D44F3-642A-4A8E-AD8C-29939C6C3987}" = Payroll for Windows
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Accounts
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7810D83D-9916-A791-58F8-F0A503EE2146}" = ccc-utility
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7BAED0BC-542A-7083-0621-FE8660881D84}" = CCC Help French
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CFA59AF-1F7F-FACC-CADC-9A2B1282FDF5}" = Catalyst Control Center Localization French
"{8E7C8231-BCF8-FE52-77B0-7A251A44D3A7}" = Catalyst Control Center Graphics Light
"{8FB6032D-34D3-F732-7E33-04688C012E04}" = Catalyst Control Center Core Implementation
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9117AB89-42D2-4722-AF0D-54028B830F3D}" = Payroll for Windows
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6E2B411-1C3B-4F09-C264-00ED125C45F7}" = Skins
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9FED82D-30FA-484D-882D-3BFB4822C857}" = Payroll for Windows
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF5A3AA5-B888-4860-B505-34E191E39355}" = Sage Instant Payroll v11.00
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B866B631-B62F-06C2-E68B-43E03C1DC025}" = CCC Help German
"{BB37A301-EA8E-FA98-415D-A165B38110C9}" = Catalyst Control Center Graphics Full New
"{BCE2DE29-CADB-C109-B7BD-8062373A4CD2}" = Catalyst Control Center Graphics Full Existing
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C352CBBA-8CBF-4232-B75E-15D8EC264921}" = Payroll for Windows
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C62AF3C2-5398-FFF8-1D2F-D4993EB98FAB}" = CCC Help English
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD6F5AF8-1136-B2F5-4988-A09DB32D5F17}" = Catalyst Control Center Localization Korean
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D63F7DDB-9BCF-D0BB-EC7A-65B8579556E9}" = Catalyst Control Center Localization Portuguese
"{D811DF29-612D-7378-C030-5ADA844A8F5B}" = CCC Help Japanese
"{D88CC56B-241C-97E7-80C0-88D1C4A09365}" = CCC Help Spanish
"{DA970CFA-7385-EB52-EBAA-4D535C6795D4}" = Catalyst Control Center Localization Chinese Standard
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD77FE5B-B4C1-182B-1A87-026D8ACD5326}" = CCC Help Chinese Traditional
"{ECF8E0CD-FBD3-A155-677F-5A99E204480F}" = CCC Help Chinese Standard
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F14CD747-C220-05B4-8CDE-F1222B4D984E}" = ccc-core-static
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F5066DEF-8350-4A01-9C09-FA4749D92B58}" = Payroll for Windows
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9329C54-11AF-4A17-B2D8-C019B81AA1B4}" = Accounts
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FD201D5A-D637-40B9-9A96-96411EBF646A}" = Catalyst Control Center Localization Chinese Traditional
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.1
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BFGC" = Big Fish Games: Game Manager
"BFG-Secrets of the Dragon Wheel" = Secrets of the Dragon Wheel
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BVSSOL_is1" = BVS Solitaire Collection version 6.6
"Ease Audio Converter_is1" = Ease Audio Converter 5.01
"GoToAssist" = GoToAssist 8.0.0.514
"HMRC Employer CD-ROM 2010 " = HMRC Employer CD-ROM 2010
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7061F715-D782-4120-A034-2B4B4F28CC1D}" = Sage 50 Accounts 2010
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F9329C54-11AF-4A17-B2D8-C019B81AA1B4}" = Sage Instant Accounts v14
"IWONGbar Uninstall" = IWON
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Burner Plus" = MP3 Burner Plus
"MyWebSearch bar Uninstall" = My Web Search
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Paddy Power Poker" = Paddy Power Poker
"Paddy Power Poker Odds Calculator_is1" = Paddy Power Poker Odds Calculator 1.3.0
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PKR" = PKR
"Playsushi" = Playsushi
"Rapport_msi" = Rapport
"Shop for HP Supplies" = Shop for HP Supplies
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21/04/2011 05:05:50 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.
Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader369a7af2cff24c799185270133e1f97e.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokebcd82bea2a8c46629e971563ddc82d59.Invoke(Object , IRequest )
at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)
at Sage.Integration.Messaging.MessagingService.Process(IRequest request)
Error - 21/04/2011 15:54:12 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host
Error - 21/04/2011 15:54:15 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.
Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReadere80b4dec450a4ab0b53ee58fc8791420.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokea355b623823540dd856d189529cd810b.Invoke(Object , IRequest )
at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)
at Sage.Integration.Messaging.MessagingService.Process(IRequest request)
Error - 22/04/2011 04:33:33 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host
Error - 22/04/2011 04:33:36 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.
Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReaderc0fd0439166d4af6b0154ce89e229ec6.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invokeb77fa7b25a33426d9c5793cdef332580.Invoke(Object , IRequest )
at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)
at Sage.Integration.Messaging.MessagingService.Process(IRequest request)
Error - 22/04/2011 04:43:42 | Computer Name = CAFFE-A911AD535 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
Error - 22/04/2011 13:31:15 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host
Error - 22/04/2011 13:31:22 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.
Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader80eeec5188ac4d76b6ccf24b08784da0.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invoke2a0bb08fcbba4d12a8e90e6337ac899b.Invoke(Object , IRequest )
at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)
at Sage.Integration.Messaging.MessagingService.Process(IRequest request)
Error - 22/04/2011 14:16:52 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Socket:Exception caught in OnStartup - A socket operation was attempted
to an unreachable host
Error - 22/04/2011 14:17:02 | Computer Name = CAFFE-A911AD535 | Source = Sage.SData.Service | ID = 0
Description = Exception caught during the processing of a message Verb: POST Uri:
http://caffe-a911ad535:5493/sdata/$system/servers Original Message: Invalid payload
detected, expecting 'entryType' found 'http://schemas.sage.com/sdata/2008/1:entryType'.
Stack
Trace: at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadStartGroup(XmlReader
reader, String name, String type, String ns, Int32 internalCount) at Sage.Common.Metadata.RuntimeObjectXmlReader.ReadReference[T](XmlReader
reader, T component, String name, ISerializationSettings settings) at ObjectXmlReader14d530295d5549cc961fe2bfb744417d.Deserialize(XmlReader
, Object , String , ISerializationSettings ) at Sage.Common.Metadata.RuntimeObjectXmlReader.Deserialize(XmlReader
reader, Object component, String name) at Sage.Common.Syndication.FeedSerializer.LoadFromStream[T](T
feedEntry, Stream stream) at Sage.Integration.Messaging.RequestTargetRuntimeInvoker.GetRequestFeedEntry[T](IRequest
request) at Invoke5a0b85193b4046e593fdaec81ab64992.Invoke(Object , IRequest )
at Sage.Integration.Messaging.RequestTargetRegistration.RequestTargetInvoker.Invoke(IRequest
request) at Sage.Integration.Messaging.Request.Process(RequestTargetInvoker invoker)
at Sage.Integration.Messaging.MessagingService.Process(IRequest request)
[ OSession Events ]
Error - 08/06/2010 15:26:41 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/04/2011 13:15:41 | Computer Name = CAFFE-A911AD535 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 11/04/2011 13:15:41 | Computer Name = CAFFE-A911AD535 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 19/04/2011 19:13:21 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.101.1649.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 21/04/2011 05:12:08 | Computer Name = CAFFE-A911AD535 | Source = Print | ID = 6161
Description = The document Microsoft Word - Weekly agenda 21.04.11 owned by Mariann
failed to print on printer HP Deskjet F4500 series. Data type: NT EMF 1.008. Size
of the spool file in bytes: 185148. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\CAFFE-A911AD535.
Win32 error code returned by the print processor: 6 (0x6).
Error - 22/04/2011 04:43:41 | Computer Name = CAFFE-A911AD535 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.103.209.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current
Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.
Error - 22/04/2011 14:06:10 | Computer Name = CAFFE-A911AD535 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22/04/2011 14:07:15 | Computer Name = CAFFE-A911AD535 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK8 Fips MpFilter
Error - 22/04/2011 14:15:32 | Computer Name = CAFFE-A911AD535 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >