OTL logfile created on: 8/31/2011 10:21:58 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\john doe\My Documents\tools\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.48 Mb Total Physical Memory | 647.18 Mb Available Physical Memory | 67.45% Memory free
1.60 Gb Paging File | 1.04 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 57.57 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 111.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Computer Name: EXECUTIV-83FD5D | User Name: john doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/08/31 11:38:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john doe\My Documents\tools\OTL\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/06/24 23:13:57 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
PRC - [2010/01/04 22:27:17 | 000,057,344 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/25 15:41:26 | 000,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2006/11/28 14:12:12 | 000,222,720 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006/09/14 18:54:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/09/05 23:10:34 | 000,450,560 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIAudioi\SBADeck\ADeck.exe
PRC - [2005/04/13 11:46:58 | 000,751,104 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
PRC - [2004/03/09 15:59:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
========== Modules (No Company Name) ========== MOD - [2011/07/20 10:59:42 | 001,489,056 | ---- | M] () -- C:\Program Files\WOT\WOT.dll
MOD - [2010/06/24 23:13:57 | 000,480,664 | ---- | M] () -- C:\Program Files\HiYo\Bin\AppServerCommunication.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/04 22:27:17 | 000,057,344 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/10 21:49:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005/04/13 11:46:58 | 000,751,104 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
MOD - [2004/03/09 15:59:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
MOD - [2003/09/10 19:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files\KWorld Multimedia\PVR Plus\TVR\kwspnd.dll
========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Running] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/11/06 14:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ========== DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\john doe\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\john doe\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/10/10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/10/10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/10/10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/09/23 00:30:02 | 000,672,128 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap713x.sys -- (Cap713x)
DRV - [2005/08/03 03:16:10 | 000,202,112 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2005/03/09 02:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/09/29 15:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 15:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 15:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/01 14:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPCA561.SYS -- (CA561)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\john doe\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\john doe\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/08/31 07:04:02 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/08/31 10:57:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/24 23:33:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/08/31 14:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinalWire
[2011/08/31 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\FinalWire
[2011/08/31 13:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/08/31 11:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Desktop\GooredFix Backups
[2011/08/31 10:36:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/31 10:31:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/31 08:18:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\john doe\Recent
[2011/08/31 07:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Local Settings\Application Data\ESET
[2011/08/31 07:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2011/08/31 07:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Start Menu\Programs\Google Chrome
[2011/08/31 07:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Local Settings\Application Data\Deployment
[2011/08/31 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/08/31 07:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/08/31 06:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/30 02:25:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/30 02:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/30 02:25:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/30 02:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/30 02:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/08/30 02:16:30 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/30 02:16:06 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/30 02:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\My Documents\tools
[2011/08/28 00:51:34 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john doe\My Documents\mseinstall.exe
[2011/08/28 00:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\john doe\Application Data\SUPERAntiSpyware.com
[2011/08/28 00:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/28 00:06:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/28 00:05:20 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/08/22 20:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/08/22 11:15:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
========== Files - Modified Within 30 Days ========== [2011/08/31 22:15:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
[2011/08/31 14:37:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/31 14:36:49 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\john doe\Desktop\AIDA64 Extreme Edition.lnk
[2011/08/31 13:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/31 13:32:08 | 1006,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 10:57:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/31 07:15:01 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
[2011/08/31 07:11:23 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\john doe\Desktop\Google Chrome.lnk
[2011/08/31 07:11:23 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\john doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 06:48:29 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/08/30 03:25:38 | 000,545,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/30 03:25:38 | 000,104,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/30 02:25:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 02:16:42 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/08/30 02:16:41 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/08/28 00:52:52 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/08/28 00:51:43 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john doe\My Documents\mseinstall.exe
[2011/08/28 00:24:16 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/22 20:07:40 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Desktop.lnk
========== Files Created - No Company Name ========== [2011/08/31 14:36:49 | 000,000,884 | ---- | C] () -- C:\Documents and Settings\john doe\Desktop\AIDA64 Extreme Edition.lnk
[2011/08/31 07:11:23 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\john doe\Desktop\Google Chrome.lnk
[2011/08/31 07:11:23 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\john doe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/31 07:10:20 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007UA.job
[2011/08/31 07:10:18 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1606980848-725345543-1007Core.job
[2011/08/31 06:48:29 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/08/30 02:25:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/30 02:16:42 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/08/30 02:16:41 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2011/08/30 00:54:13 | 1006,161,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/28 00:52:52 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/08/22 20:07:40 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shortcut to Desktop.lnk
[2010/10/31 23:37:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/07/26 03:17:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\a8.ini
[2010/03/10 22:33:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/03 22:16:02 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2010/01/03 22:16:02 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2010/01/03 22:16:02 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2010/01/03 22:16:02 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/10/26 00:19:43 | 000,000,033 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2008/08/24 21:29:32 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/10 14:00:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2006/09/29 17:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/21 15:58:37 | 000,152,064 | ---- | C] () -- C:\WINDOWS\snap.dat
[2006/08/28 11:18:13 | 000,000,143 | ---- | C] () -- C:\WINDOWS\VWORK32.INI
[2006/08/28 11:11:38 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS76.DLL
[2006/08/28 11:06:05 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\NSVIDEO.dll
[2006/08/28 11:04:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\EZPhotoPanorama2.ini
[2006/08/28 11:03:13 | 000,005,561 | ---- | C] () -- C:\WINDOWS\EZPhotoTools2.ini
[2006/08/28 11:02:33 | 000,001,014 | ---- | C] () -- C:\WINDOWS\EZPhotoBrowser2.ini
[2006/08/28 11:01:09 | 000,000,852 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2006/08/24 23:57:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\p3xunist.exe
[2006/08/24 23:57:49 | 000,003,099 | ---- | C] () -- C:\WINDOWS\TVP3XDrv.ini
[2006/08/24 23:54:20 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/24 23:54:20 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/24 23:54:20 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/24 23:54:20 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/24 23:54:20 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/24 23:54:20 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/24 23:54:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/24 23:54:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/24 23:54:07 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/24 23:54:06 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/24 23:54:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/24 23:52:21 | 000,000,068 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2006/08/24 23:45:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/08/24 23:40:13 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/08/24 23:40:13 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/08/24 23:39:56 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/08/24 23:39:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/08/24 23:39:51 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/08/24 23:39:47 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/24 23:36:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/24 23:09:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/24 19:03:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/24 19:02:15 | 000,283,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/24 12:28:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,545,036 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,104,496 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B66DF0
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
< End of report >
OTL Extras logfile created on: 8/31/2011 10:21:58 PM - Run 2
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Documents and Settings\john doe\My Documents\tools\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
959.48 Mb Total Physical Memory | 647.18 Mb Available Physical Memory | 67.45% Memory free
1.60 Gb Paging File | 1.04 Gb Available in Paging File | 64.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 57.57 Gb Free Space | 73.69% Space Free | Partition Type: NTFS
Drive D: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.79 Gb Total Space | 111.59 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Computer Name: EXECUTIV-83FD5D | User Name: john doe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Disabled:AVG Diagnostics 2011
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Disabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Disabled:IncrediMail
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Disabled:Magentic -- (IncrediMail, Ltd.)
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Disabled:Magentic -- ()
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Disabled:Magentic -- ()
"C:\Documents and Settings\Authorised\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Authorised\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Disabled:Online Shield
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Disabled:Personal E-mail Scanner
"C:\Documents and Settings\Authorised\Application Data\Vusion\WARPVideoStreamer.exe" = C:\Documents and Settings\Authorised\Application Data\Vusion\WARPVideoStreamer.exe:*:Disabled:WARP Video Streamer -- (Vusion Inc.)
"C:\Documents and Settings\All Users\Application Data\5677b2c\WE5677.exe" = C:\Documents and Settings\All Users\Application Data\5677b2c\WE5677.exe:*:Disabled:Windows Enterprise Defender
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{03410010-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{0A656F84-7C04-4705-B52F-074B2A941C74}" = PCI SoftV92 Modem
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1ABB690A-5109-46C6-8034-63E0DAA864D0}" = Dynamic Learning - Practical Cookery (Student)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 22
"{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}" = EZVideo Mail
"{313aa16e-8c61-410c-a225-917462421659}" = EZSuite For EZCam III
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}" = PVR Plus
"{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}" = EZShowtime MMS
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70FDCCEE-E169-47DB-9D2A-2EF70377910E}" = KWorld PVR-TV 7131 Teletext
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}" = EZPhoto Browser
"{7DEF17DA-2FBD-457F-8550-68A116B7ACD9}" = WOT for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117164797}" = Dream Vacation Solitaire FREE
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}" = USB PC Camera
"{A9E336E7-6BCA-4873-891F-49B7EF49D381}" = Dynamic Learning (Student Version)
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B473BAC8-6A90-4D53-96C9-97A759A76EE8}" = EZPhoto Panorama
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6474C58-349D-4BBE-8918-DFD1DE2155CE}" = KWorld PVR-TV 7131/5 Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}" = EZPhoto Tools
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"Bruce's Typing Tutor_is1" = Bruce's Typing Tutor, Version 4.0.3
"CANONBJ_Deinstall_CNMCP76.DLL" = Canon iP1200
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Ezonics Greeting Cam Deluxe" = Ezonics Greeting Cam Deluxe
"Fishdom" = Fishdom
"HiYo" = HiYo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Luxor 2" = Luxor 2
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSI8624Drv" = MSI 8624 Video Capture
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Shockwave" = Shockwave
"TVP3XDrv" = KWorld PVR-TV 7131 WDM Drivers
"Veetle TV" = Veetle TV 0.9.17
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VIA/S3G Display Driver" = VIA/S3G Display Driver
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/30/2011 1:19:59 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Routing, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
. Error code = 0x80070570
Error - 8/30/2011 1:20:05 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
. Error code = 0x80070570
Error - 8/30/2011 1:20:11 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.AddIn, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070570
Error - 8/30/2011 1:20:15 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Windows.Presentation, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 . Error code = 0x80070570
Error - 8/30/2011 1:20:24 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.Activities, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570
Error - 8/30/2011 1:20:36 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570
Error - 8/30/2011 1:26:23 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570
Error - 8/30/2011 1:26:37 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.WorkflowServices, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070570
Error - 8/30/2011 1:26:39 AM | Computer Name = EXECUTIV-83FD5D | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070570
Error - 8/31/2011 6:56:40 PM | Computer Name = EXECUTIV-83FD5D | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 3/17/2011 10:25:46 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/17/2011 10:25:55 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/17/2011 10:53:33 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 11:06:32 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/20/2011 11:34:21 PM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/21/2011 12:48:17 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/21/2011 12:48:55 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 1:04:25 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 1:04:33 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/25/2011 1:07:59 AM | Computer Name = EXECUTIV-83FD5D | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/31/2011 9:18:08 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 8/31/2011 9:18:38 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.
Error - 8/31/2011 9:18:38 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 8/31/2011 9:18:41 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 8/31/2011 9:19:11 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.
Error - 8/31/2011 9:19:11 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 8/31/2011 9:19:41 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.
Error - 8/31/2011 9:19:41 AM | Computer Name = EXECUTIV-83FD5D | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126
Error - 8/31/2011 9:19:56 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B1DBD568-80B2-43FA-AE07-76FB23AA4650}.
The
error: "%6" Happened while starting this command: "C:\Program Files\Windows Live\Toolbar\wltuser.exe"
-Embedding
Error - 8/31/2011 9:20:11 AM | Computer Name = EXECUTIV-83FD5D | Source = DCOM | ID = 10010
Description = The server {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} did not register
with DCOM within the required timeout.
< End of report >
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 98.44 0 K 28 K
procexp.exe 6400 1.56 12,556 K 17,944 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
WZQKPICK.EXE 3064 696 K 388 K WinZip Executable WinZip Computing, Inc.
wmiprvse.exe 10092 2,376 K 5,080 K WMI Microsoft Corporation
wltuser.exe 1384 4,748 K 4,656 K Windows Live Toolbar User Elevation Helper Microsoft Corporation
winlogon.exe 656 7,652 K 4,388 K Windows NT Logon Application Microsoft Corporation
vVX3000.exe 2744 968 K 596 K Microsoft LifeCam Device Application Microsoft Corporation
VTTrayp.exe 2796 984 K 556 K s3contrl (32-bit) S3 Graphics Co., Ltd.
VTTimer.exe 2788 492 K 332 K S3 Graphics, Inc.
System 4 0 K 76 K
svchost.exe 864 3,252 K 2,312 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 940 2,016 K 1,772 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 980 24,876 K 19,016 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1044 1,860 K 1,744 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1152 1,648 K 1,368 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1328 1,332 K 104 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1764 2,564 K 2,016 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1252 3,628 K 1,104 K Spooler SubSystem App Microsoft Corporation
snmp.exe 1740 1,540 K 728 K SNMP Service Microsoft Corporation
SnapDetect.exe 2972 1,752 K 876 K
smss.exe 564 172 K 76 K Windows NT Session Manager Microsoft Corporation
services.exe 700 1,876 K 4,532 K Services and Controller app Microsoft Corporation
ServiceLayer.exe 2864 3,080 K 1,584 K ServiceLayer Module Nokia.
SeaPort.exe 1684 5,188 K 840 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
Scheduled.exe 2640 1,168 K 820 K
qttask.exe 2660 684 K 328 K QuickTime Task Apple Computer, Inc.
PDVDServ.exe 2584 892 K 840 K PowerDVD RC Service Cyberlink Corp.
P3XRCtl.exe 2940 2,444 K 460 K TV7131/5 Remote Control
ONENOTEM.EXE 3136 712 K 312 K Microsoft Office OneNote Quick Launcher Microsoft Corporation
msdtc.exe 1360 1,956 K 492 K MS DTC console program Microsoft Corporation
mqtgsvc.exe 1132 1,456 K 344 K Windows NT MSMQ Trigger Service Microsoft Corporation
mqsvc.exe 1896 2,128 K 980 K Message Queuing Service Microsoft Corporation
MDM.EXE 1592 1,012 K 820 K Machine Debug Manager Microsoft Corporation
mbamservice.exe 1544 101,984 K 48,736 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mbamgui.exe 2804 3,084 K 1,492 K Malwarebytes' Anti-Malware Malwarebytes Corporation
lsass.exe 712 3,928 K 1,120 K LSA Shell (Export Version) Microsoft Corporation
LaunchApplication.exe 2680 8,848 K 1,740 K PC Suite Nokia
jusched.exe 2708 832 K 104 K Java Update Scheduler Sun Microsystems, Inc.
jqs.exe 1516 2,332 K 1,408 K Java Quick Starter Service Sun Microsystems, Inc.
inetinfo.exe 1500 5,844 K 1,860 K Internet Information Services Microsoft Corporation
iexplore.exe 820 50,588 K 17,720 K Internet Explorer Microsoft Corporation
iexplore.exe 3412 11,184 K 3,924 K Internet Explorer Microsoft Corporation
iexplore.exe 208 43,728 K 5,396 K Internet Explorer Microsoft Corporation
HiYo.exe 2736 5,088 K 1,152 K HiYo IncrediMail, Ltd.
GrooveMonitor.exe 2720 2,136 K 736 K GrooveMonitor Utility Microsoft Corporation
explorer.exe 2436 24,316 K 23,336 K Windows Explorer Microsoft Corporation
ekrn.exe 1460 70,072 K 35,220 K ESET Service ESET
egui.exe 2828 1,972 K 3,164 K ESET GUI ESET
ctfmon.exe 2872 920 K 548 K CTF Loader Microsoft Corporation
csrss.exe 628 1,864 K 2,980 K Client Server Runtime Process Microsoft Corporation
cisvc.exe 1440 5,980 K 520 K Content Index service Microsoft Corporation
cidaemon.exe 2568 3,220 K 988 K Indexing Service filter daemon Microsoft Corporation
cidaemon.exe 2176 1,324 K 748 K Indexing Service filter daemon Microsoft Corporation
alg.exe 1616 1,212 K 852 K Application Layer Gateway Service Microsoft Corporation
ADeck.exe 2544 2,520 K 1,020 K Audio Deck VIA Technologies, Inc.