New svchost.exe virus

Hewlett-packard Pavilion zd8000 notebook
July 20, 2010 at 13:03:43
Specs: Windows XP
I have the svchost.exe virus. It is different from the virus I've heard described on the net. The features of it are:

1. There is a svchost.exe that under Windows Task Manager takes up to 150,000k of memory. The S in svchost.exe is not capitalized. When I shut the program down it allows me to, opposed to other svchost.exe files, which shut down the computer within 60 seconds. My computer speeds up significantly when this file is halted. However System Idle Process increases CPU use, and the program eventually restarts itself.

2. Norton anti-virus will tell me security threats were detected when websites with names such as "3km4kmici.com" try and contact svchost.exe (this is not one of the actual websites, it is what the website names look like).

3. Audio will periodically turn off. In Sounds and Audio Devices it will say that no audio devices are detected. However sometimes audio does not turn off completely. I will be able to hear Itunes, but not players on the internet, or vice versa.

4. The internet has become incredibly unstable. Firefox will shut down randomly. I also now get redirected to random add websites when I click on some google links. These adds will also open up randomly in a new tab.

5. Windows will change skins back to a Windows 95 look, and then change back to a more modern skin randomly.

I have tried using the win31.welch removal software from Symantec. It did not detect any virus. I have done virus scans with Norton, it did not detect anything. I have not tried anything else because the description of my virus differs from others on the web. I do not use Yahoo messenger for example.


See More: New svchost.exe virus

Report •

#1
July 20, 2010 at 14:13:43
In order to properly diagnose what you may have, please download OTL from http://oldtimer.geekstogo.com/OTL.exe. When you run it, check the following:

All 6 sections in the 2 columns on the left should have "Use Safelist" selected.

Select 14 days for File Age.

CHECK "Use Company Names"

UNCHECK "Skip Microsoft Files"

"Files Created Within" and "Files Modified Within" should both have "File Age" selected.

CHECK the boxes for BOTH LOP Check and Purity Check.

Then hit "Quick Scan".

This will create 2 text files in the same location as where you downloaded OTL. One will be named OTL.txt and the other will be called Extras.txt. Please copy and paste them here so I can take a look and see if we can figure out where the infection might be.

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP Certified, CCNA Certificate Pending, A+ Certified.

::geek::


Report •

#2
July 20, 2010 at 14:44:03
OTL logfile created on: 7/20/2010 3:32:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Catherine\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 18.82 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive D: | 6.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENOVATIO
Current User Name: Catherine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/07/20 15:28:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Catherine\My Documents\Downloads\OTL.exe
PRC - [2010/06/27 14:43:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 18:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
PRC - [2009/09/08 09:06:17 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
PRC - [2009/06/24 15:03:34 | 002,876,216 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/06/22 12:28:56 | 000,335,872 | ---- | M] (Dura Micro, Inc) -- C:\Program Files\AutoTask\AutoTask.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/04/17 14:03:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2006/10/12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2005/08/11 14:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/02/02 06:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 14:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/08/04 02:00:00 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\freecell.exe
PRC - [2004/03/25 11:35:26 | 001,732,608 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/07/20 15:28:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Catherine\My Documents\Downloads\OTL.exe
MOD - [2010/05/13 23:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/02/02 06:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - [2010/06/28 16:09:26 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/12/04 14:16:40 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/09/08 09:07:05 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/08/24 16:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/15 14:59:44 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/04/17 14:03:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2006/02/26 22:04:50 | 000,902,760 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2004/03/25 11:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/07/13 19:28:33 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100720.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 19:28:32 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100720.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/09 09:28:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/08 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/19 00:46:00 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 19:54:14 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100719.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/24 17:12:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 21:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/09/08 09:06:25 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/20 07:04:07 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/28 15:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2005/03/16 06:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/10 03:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/03/08 15:36:52 | 000,988,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/04 05:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/02 05:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/12/15 09:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 09:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 09:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/17 04:17:58 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/17 04:17:14 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/02 17:07:28 | 001,240,938 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/06/02 16:50:16 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 09:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

Report •

#3
July 20, 2010 at 14:45:46


[2010/07/15 19:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/07/10 16:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/10 16:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 15:58:04 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/07/09 15:58:03 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/07/09 15:58:03 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/07/09 15:58:02 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/07/09 15:58:01 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/07/09 15:58:01 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/07/09 15:58:00 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/07/09 15:58:00 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/07/09 15:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/07/09 10:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\simpleology
[2010/07/09 09:29:00 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/09 09:29:00 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/09 09:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/07/09 09:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/07/09 09:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/07/09 09:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\My Documents\Symantec
[2010/07/09 09:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/07/08 21:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Application Data\ElevatedDiagnostics
[2010/07/08 20:55:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/07 12:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\Antares.Autotune.VST.v5.09-AiR
[2010/07/07 11:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/06/26 09:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/06/26 09:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Application Data\Office Genuine Advantage
[2010/06/25 21:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/06/25 21:19:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/06/25 21:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/06/25 21:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/06/20 10:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\Images
[2010/06/18 09:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/18 09:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\Adobe CS5
[2010/06/18 09:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/06/17 20:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/16 22:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/05/24 13:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\PowerPoint Project
[2010/05/24 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/24 09:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/24 09:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/24 09:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Local Settings\Application Data\Microsoft Help
[2010/05/24 09:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/11 08:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/05/03 15:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Local Settings\Application Data\Xara
[2010/05/03 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Xara
[2010/05/03 15:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Xara
[2010/05/03 15:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\RapidBIT
[2010/05/03 15:24:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{4C666A82-BD7D-4FC2-9B50-106D4D6CBD26}
[2010/04/29 20:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/27 12:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Catherine\Desktop\Beats
[2010/04/26 16:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/07/20 15:28:20 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Catherine\NTUSER.DAT
[2010/07/20 15:20:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/20 15:17:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 15:17:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 15:16:46 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/20 14:06:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Catherine\ntuser.ini
[2010/07/20 13:09:22 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\Covergraphic.indd
[2010/07/20 13:05:44 | 001,201,020 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\Covergraphic.pdf
[2010/07/20 11:26:08 | 000,006,639 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\ISBN9780971303133.pdf
[2010/07/20 09:28:30 | 000,011,695 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\DEEP LEANING.docx
[2010/07/20 09:20:18 | 012,708,015 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\deepleaning logo 3.ai
[2010/07/20 09:16:58 | 012,774,475 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\cap 3.psd
[2010/07/18 20:47:06 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Catherine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/17 04:42:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 19:51:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/14 17:12:54 | 000,685,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/09 20:29:08 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/09 16:33:44 | 022,285,171 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\The Parilla Goes Down.mp4
[2010/07/09 09:28:59 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/09 09:28:59 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/09 09:28:59 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/09 09:28:59 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/09 09:06:21 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\Norton Installation Files.lnk
[2010/07/08 12:15:38 | 001,883,014 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\delete 3.wav
[2010/07/08 10:36:18 | 021,844,516 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\animoto_video.mp4
[2010/07/07 20:45:14 | 001,181,022 | ---- | M] () -- C:\WINDOWS\System32\TmpA14684015
[2010/07/07 11:31:41 | 000,000,559 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/07/04 18:13:09 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/30 10:41:44 | 006,115,993 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\coyote politics - basement cartoons (long cut).mp3
[2010/06/25 12:00:01 | 000,505,518 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 12:00:01 | 000,444,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 12:00:01 | 000,072,102 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/20 11:50:30 | 000,099,087 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\DOE Made EZ Cover.jpg
[2010/06/20 10:41:28 | 000,183,975 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\Bead Game 2.jpg
[2010/06/19 09:05:52 | 003,750,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/18 14:52:54 | 002,562,079 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\DSCN0455.JPG
[2010/06/18 10:05:48 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RENOVATIO-Catherine.job
[2010/06/18 10:04:30 | 000,136,264 | ---- | M] () -- C:\Documents and Settings\Catherine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/18 09:49:05 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/16 22:34:25 | 000,001,535 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\DivX Movies.lnk
[2010/06/16 22:34:12 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/10 20:36:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/04 19:54:58 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\outlook.pst
[2010/05/26 00:11:15 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/14 13:44:16 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/05 22:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/05 22:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/05 22:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/05 10:27:41 | 054,936,347 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\FREE_1_Watercolor_Brushes.zip
[2010/05/03 19:20:45 | 000,006,820 | ---- | M] () -- C:\Documents and Settings\Catherine\My Documents\Hospital.X3D
[2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/28 23:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/28 23:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/28 16:18:34 | 007,211,696 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\deepleaning logo 2.ai
[2010/04/26 16:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 02:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/04/24 09:23:44 | 000,013,013 | ---- | M] () -- C:\Documents and Settings\Catherine\Desktop\m08960mpn4z.jpg
[2010/04/24 05:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/04/21 20:29:50 | 000,007,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/04/21 20:29:50 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/04/21 20:29:50 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/04/21 20:29:50 | 000,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/07/20 13:05:31 | 001,201,020 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\Covergraphic.pdf
[2010/07/20 12:27:42 | 000,006,639 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\ISBN9780971303133.pdf
[2010/07/20 12:10:50 | 012,774,475 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\cap 3.psd
[2010/07/20 12:10:28 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\Covergraphic.indd
[2010/07/20 11:40:27 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Catherine\FixWelch.log
[2010/07/20 09:30:04 | 000,011,695 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\DEEP LEANING.docx
[2010/07/09 20:27:12 | 000,685,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/07/09 16:46:48 | 022,285,171 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\The Parilla Goes Down.mp4
[2010/07/09 15:58:03 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/07/09 15:58:03 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/07/09 15:58:03 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/07/09 15:58:03 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/07/09 15:58:02 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/07/09 15:58:02 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/07/09 15:58:02 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/07/09 15:58:02 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/07/09 15:58:01 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/07/09 15:58:01 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/07/09 15:58:01 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/07/09 15:58:01 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/07/09 15:58:00 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/07/09 15:58:00 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/07/09 15:58:00 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/07/09 15:58:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/07/09 15:56:51 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/07/09 09:29:00 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/07/09 09:29:00 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/07/09 09:28:44 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/07/09 09:06:21 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\Norton Installation Files.lnk
[2010/07/08 10:34:55 | 021,844,516 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\animoto_video.mp4
[2010/07/07 23:31:40 | 001,883,014 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\delete 3.wav
[2010/07/07 20:45:14 | 001,181,022 | ---- | C] () -- C:\WINDOWS\System32\TmpA14684015
[2010/07/07 11:31:41 | 000,000,559 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Print CD.lnk
[2010/07/07 08:58:54 | 029,215,530 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\pATTERNS.pdf
[2010/07/07 08:58:44 | 004,649,247 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\pATTERN 2.pdf
[2010/07/07 08:58:39 | 005,369,962 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\new picture.pdf
[2010/07/07 08:58:32 | 009,584,101 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\new flowerws.pdf
[2010/07/07 08:58:11 | 029,382,603 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\bottlw.pdf
[2010/07/07 08:57:08 | 088,951,115 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\albumcovers.pdf
[2010/07/07 08:56:15 | 080,742,154 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\plane 2.bmp
[2010/07/07 08:55:59 | 022,116,054 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\painting.bmp
[2010/07/07 08:55:44 | 021,214,646 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\weare.psd
[2010/07/07 08:55:27 | 026,513,373 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\bee person.psd
[2010/07/07 08:55:18 | 012,904,809 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\weare.pdf
[2010/07/07 08:55:14 | 001,591,332 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\pictures 4.pdf
[2010/07/07 08:55:06 | 005,006,611 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\pictures 3.pdf
[2010/07/04 18:13:09 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/30 10:39:46 | 006,115,993 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\coyote politics - basement cartoons (long cut).mp3
[2010/06/20 11:50:29 | 000,099,087 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\DOE Made EZ Cover.jpg
[2010/06/20 10:41:27 | 000,183,975 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\Bead Game 2.jpg
[2010/06/18 14:50:26 | 001,178,535 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\DSCN0456.JPG
[2010/06/18 14:50:24 | 002,562,079 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\DSCN0455.JPG
[2010/06/18 10:05:47 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-RENOVATIO-Catherine.job
[2010/06/17 20:51:39 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/16 22:34:25 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\DivX Movies.lnk
[2010/06/16 22:34:12 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/06/04 19:54:58 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\outlook.pst
[2010/05/11 08:54:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/05 10:24:59 | 054,936,347 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\FREE_1_Watercolor_Brushes.zip
[2010/05/03 19:20:45 | 000,006,820 | ---- | C] () -- C:\Documents and Settings\Catherine\My Documents\Hospital.X3D
[2010/04/29 10:23:28 | 012,708,015 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\deepleaning logo 3.ai
[2010/04/24 09:23:43 | 000,013,013 | ---- | C] () -- C:\Documents and Settings\Catherine\Desktop\m08960mpn4z.jpg
[2010/03/24 17:12:30 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/05 11:39:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2010/01/26 01:38:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/26 01:38:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/26 01:38:17 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/26 01:38:17 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/26 01:38:13 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/26 01:38:13 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/14 21:13:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/17 12:27:42 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/09/14 13:42:34 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/09/14 13:42:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2009/09/14 13:42:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/03 15:10:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/03 15:01:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/01/03 14:55:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV500P.ini
[2007/10/28 10:31:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpdj130.ini
[2007/09/25 14:06:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/09/13 08:47:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2007/08/16 16:36:16 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2005/09/05 02:17:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/09 04:59:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/09 04:59:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/09 04:59:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/09 04:59:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/09 04:59:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/09 04:59:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/09 04:48:01 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 02:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 07:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 07:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/02 17:28:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[color=#E56717]========== LOP Check ==========[/color]

[2007/07/18 10:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/09/16 13:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/24 17:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/03/24 17:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/02/05 11:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/06/18 09:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2005/05/09 05:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2005/10/07 01:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2005/10/12 07:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2005/10/12 07:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
[2010/06/18 09:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/03/15 12:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/01 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/03 15:24:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4C666A82-BD7D-4FC2-9B50-106D4D6CBD26}
[2009/09/14 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/05 12:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Amazon
[2010/07/11 09:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Audacity
[2007/07/16 08:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Autodesk
[2010/07/19 23:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Azureus
[2010/03/24 19:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\DAEMON Tools Lite
[2010/03/24 17:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\DAEMON Tools Pro
[2010/02/28 21:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\data
[2005/09/07 09:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Downloaded Installations
[2010/07/08 21:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\ElevatedDiagnostics
[2009/01/03 15:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\EPSON
[2007/09/13 08:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\InterTrust
[2005/11/08 01:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\InterVideo
[2006/05/21 04:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Leadertech
[2005/10/12 07:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Palo Alto Software
[2008/04/14 10:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Snapfish
[2010/07/20 13:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Tific
[2006/02/09 03:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Walgreens
[2009/04/07 11:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\webex

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Report •

Related Solutions

#4
July 20, 2010 at 14:47:05
OTL Extras logfile created on: 7/20/2010 3:32:27 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Catherine\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 18.82 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive D: | 6.47 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RENOVATIO
Current User Name: Catherine
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup -- File not found
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25653817-9502-41A5-A24D-FED750611E98}" = EPSON Perfection V500 Photo Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A11206C-4377-49E8-911E-B11548658FF3}" = Revit Architecture 2008
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50D27F65-FF32-48CA-A9D6-FB823BC84BB6}" = Autodesk Revit Building 9.1
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{55141BD4-2115-4B14-8047-D809194E30BA}" = MozyHome Remote Backup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{6450335D-D87C-4003-812F-7E879866A74E}" = Business Plan Pro 2006
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth by hp
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP System maintenance for HP Designjet 30 130 series
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E5F343DE-F5ED-4582-BAE2-C8ED548DFA46}" = Google SketchUp Viewer
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{EEF5510A-F93F-452A-B275-8AEE34D4093E}" = Prerequirements
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCD06104-04F6-45AA-886B-0FB75C7EED3D}" = LogMeIn
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"CDisplayEx_is1" = CDisplayEx 1.4
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C" = Conexant Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-97 Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FL Studio_is1" = FL Studio v7.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mixxx" = Mixxx 1.7.0
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"N360" = Norton Security Suite
"NortonPCCheckup" = Norton PC Checkup
"Ohmboyz VST2" = OhmForce Ohmboyz VST2
"Password Agent 2" = Password Agent 2.5.1
"Predator_is1" = Rob Papen Predator V1.01b release
"Prerequirements" = Prerequirements
"ReBirth ModPacker" = ReBirth ModPacker
"ReBirth RB-338 2.0" = ReBirth RB-338 2.0
"Rob Papen Albino 3" = Rob Papen Albino 3
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toshiba AutoTask" = Toshiba AutoTask
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VST Bridge_is1" = VST Bridge 1.1
"WeFi" = WeFi 3.6.4.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XVid;-)" = XVid;-)

Report •

#5
July 20, 2010 at 14:52:53
Hum... my connection is timing out when I try and submit the last piece of Extras.txt. I'll give it a few minutes. Comcast might be angry or something.

I also selected 14 days, but when I clicked Quick Scan it reset to 90 days. I don't know why.


Report •

#6
July 20, 2010 at 15:12:44
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 7/19/2010 12:42:02 PM | Computer Name = RENOVATIO | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e8710.

Report •

#7
July 20, 2010 at 15:16:53
Yeah, its not letting me load up the rest of the report. The rest says that Windows update is not being allowed because the connection was terminated abnormally and this happens a couple times:

Error - 7/20/2010 5:19:36 PM | Computer Name = RENOVATIO | Source = Service Control Manager | ID = 7000
Description = The Remote Connections Service service failed to start due to the
following error: %%2


Report •

#8
July 20, 2010 at 15:59:47
You are also missing the middle part of the first logfile.

-----
IT Desktop & Network Consultant - MOS Master Certified, MCP Certified, CCNA Certificate Pending, A+ Certified.

::geek::


Report •

#9
July 20, 2010 at 17:10:05
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/07/10 09:54:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/07/09 09:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 10:27:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 18:13:08 | 000,000,000 | ---D | M]

[2009/09/19 17:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Mozilla\Extensions
[2010/07/20 10:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\wemk181v.default\extensions
[2010/04/30 08:57:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\wemk181v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/20 10:38:58 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\wemk181v.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/10 09:49:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\wemk181v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/20 10:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 21:34:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/28 21:33:52 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Microsoft Online Helper!) - {22F1D712-FCAA-42C7-B967-98C3A8FB169F} - C:\WINDOWS\System32\frjacnwrm.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R280 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/Walgreen... (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/s... (Reg Error: Key error.)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/C... (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/... (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge... (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/s... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adob... (get_atlcom Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://avat.webex.com/client/T25L/support/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Catherine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a6100f20-a166-11de-b1a5-0014a5117aac}\Shell - "" = AutoRun
O33 - MountPoints2\{a6100f20-a166-11de-b1a5-0014a5117aac}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6100f20-a166-11de-b1a5-0014a5117aac}\Shell\AutoRun\command - "" = N:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

Report •

#10
July 20, 2010 at 17:15:04
It is still not letting me post the Application Events, and System Events. I hope I provided you with enough of their contents to help.

Report •

#11
August 4, 2010 at 02:30:56
HI,
I have got same problem at my system... i have scanned my system with OTL ... i m sending the files created by OTL at my system... kindly help me out in this matter.

thank you.


Report •

#12
August 4, 2010 at 02:35:04
OTL logfile created on: 8/4/2010 7:26:18 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Softwares\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.88 Gb Free Space | 30.11% Space Free | Partition Type: NTFS
Drive D: | 17.72 Gb Total Space | 7.21 Gb Free Space | 40.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMRAN-0DF6E2CF
Current User Name: Kamran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/08/04 19:24:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Softwares\OTL\OTL.exe
PRC - [2010/07/28 20:16:51 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/28 20:16:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/26 03:43:37 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2010/07/26 03:43:37 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2009/11/25 09:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006/08/30 10:58:38 | 000,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
PRC - [2005/10/14 20:51:45 | 028,768,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2004/08/04 10:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/08/04 19:24:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Softwares\OTL\OTL.exe
MOD - [2004/08/04 10:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 09:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/01/26 12:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/26 13:45:00 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2005/10/14 20:51:45 | 028,768,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2005/10/14 20:51:12 | 000,239,320 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005/10/14 20:50:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\UIUSys.sys -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/21 13:53:16 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/12/30 10:30:56 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/12/30 10:30:48 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/12/30 10:30:48 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/11/25 09:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 09:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 09:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 09:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 09:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 09:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/16 07:45:12 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/02/16 07:45:08 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2009/02/16 07:45:08 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/02/16 07:45:08 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2009/02/16 07:45:04 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2009/02/16 07:45:02 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 22:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 20:17:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/28 20:17:02 | 000,000,000 | ---D | M]

[2010/06/09 02:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Mozilla\Extensions
[2010/01/09 19:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/08/04 00:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Mozilla\Firefox\Profiles\gkr69pm2.default\extensions
[2010/06/09 03:05:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kamran\Application Data\Mozilla\Firefox\Profiles\gkr69pm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 03:42:53 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Kamran\Application Data\Mozilla\Firefox\Profiles\gkr69pm2.default\searchplugins\MyStart Search.xml
[2010/08/04 00:52:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/24 00:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [gayccbqn] C:\Documents and Settings\Kamran\Local Settings\Application Data\eoamcraum\listtbotssd.exe File not found
O4 - HKLM..\Run: [VMSnap3] C:\WINDOWS\vmsnap3.exe (ZSMCSNAP)
O4 - HKCU..\Run: [gayccbqn] C:\Documents and Settings\Kamran\Local Settings\Application Data\eoamcraum\listtbotssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kamran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (c:\windows\explorer.exe) - c:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kamran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kamran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/28 02:13:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{325eed23-6348-11df-b0c3-0014a54c8ca1}\Shell - "" = AutoRun
O33 - MountPoints2\{325eed23-6348-11df-b0c3-0014a54c8ca1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{325eed23-6348-11df-b0c3-0014a54c8ca1}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{627d1f8d-7d11-11df-b0c8-001986000661}\Shell - "" = AutoRun
O33 - MountPoints2\{627d1f8d-7d11-11df-b0c8-001986000661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{627d1f8d-7d11-11df-b0c8-001986000661}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{627d1f8e-7d11-11df-b0c8-001986000661}\Shell - "" = AutoRun
O33 - MountPoints2\{627d1f8e-7d11-11df-b0c8-001986000661}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{627d1f8e-7d11-11df-b0c8-001986000661}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/08/03 23:12:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/26 18:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Local Settings\Application Data\Yahoo!
[2010/07/25 14:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\Youtube Downloader HD
[2010/07/25 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2010/07/24 17:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\ProgSense
[2010/06/21 20:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile
[2010/06/18 00:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/06/18 00:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010/06/07 01:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/07 01:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/05 22:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\COWON
[2010/06/05 22:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COWON
[2010/06/05 22:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\JetAudio
[2010/06/04 20:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Local Settings\Application Data\eoamcraum
[2010/05/29 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\GrabPro
[2010/05/29 16:30:30 | 000,000,000 | ---D | C] -- C:\downloads
[2010/05/29 16:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\Orbit
[2010/05/25 15:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\POV-Ray for Windows v3.6
[2010/05/23 19:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/05/23 18:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/23 18:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/05/14 21:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010/05/14 18:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\Uniblue
[2010/05/14 18:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\PrimoPDF
[2010/05/14 18:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Local Settings\Application Data\OpenCandy
[2010/05/14 18:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kamran\Application Data\OpenCandy
[2010/05/14 18:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/08/04 19:26:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/04 19:24:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/04 19:15:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{88267E34-F83D-4C5A-985C-690CBCE3783E}.job
[2010/08/04 18:58:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 18:57:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/04 14:55:15 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Kamran\NTUSER.DAT
[2010/08/04 14:54:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kamran\ntuser.ini
[2010/08/04 01:27:13 | 000,479,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/04 01:27:12 | 000,085,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/04 01:27:11 | 000,574,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/04 01:03:08 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/03 19:08:23 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kamran\Desktop\Kamran Expenses.xlsx
[2010/08/03 17:38:46 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\Kamran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 00:18:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 15:14:42 | 000,012,369 | ---- | M] () -- C:\Documents and Settings\Kamran\Desktop\Less Globes.xlsx
[2010/07/29 23:49:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/26 03:51:54 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/26 03:51:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/26 03:51:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/26 03:44:58 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/14 21:34:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/05/14 18:37:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/03/30 17:47:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/12/30 21:37:03 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/12/30 21:36:59 | 000,000,227 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/12/30 21:36:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2009/12/30 21:35:25 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2009/10/06 21:01:30 | 000,002,009 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2009/08/29 20:14:22 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/29 18:51:49 | 000,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/08/28 16:15:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/08/28 16:15:56 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/08/28 05:04:44 | 000,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/08/28 05:04:32 | 000,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/08/28 05:03:52 | 004,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/08/26 04:07:36 | 000,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/26 03:38:04 | 000,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/08/26 02:56:56 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/26 02:37:02 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/06/03 03:15:44 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/03 03:15:18 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/03 03:15:04 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/03 03:14:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/03 03:14:30 | 000,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/03 03:13:58 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/03 03:13:50 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/03 03:11:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/06/03 03:11:16 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/16 20:36:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2009/01/11 08:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/11 08:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/11 08:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/11 08:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/11 08:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/11 08:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/11 08:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/11 08:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/11 08:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/11 08:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/11 08:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/04 08:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/07 02:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/07 02:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/13 19:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/11 03:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/07/17 21:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010/05/03 20:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiYo
[2009/08/28 18:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/08/28 18:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/05/23 18:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/13 02:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/04/13 02:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009/08/29 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/18 00:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/08/29 19:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010/06/05 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\COWON
[2009/09/18 14:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\gnupg
[2010/05/29 16:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\GrabPro
[2010/05/03 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\HiYo
[2010/05/23 19:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Nokia
[2010/03/23 00:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Nokia Ovi Suite
[2010/05/23 17:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Nseries
[2010/05/14 18:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\OpenCandy
[2010/07/30 03:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Orbit
[2010/05/23 13:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\PC Suite
[2010/05/14 18:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\PrimoPDF
[2010/07/24 17:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\ProgSense
[2010/05/14 18:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Uniblue
[2010/07/25 15:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kamran\Application Data\Youtube Downloader HD
[2010/08/04 19:15:31 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{88267E34-F83D-4C5A-985C-690CBCE3783E}.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Report •

#13
August 4, 2010 at 02:36:49
OTL Extras logfile created on: 8/4/2010 7:26:18 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Softwares\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 468.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.88 Gb Free Space | 30.11% Space Free | Partition Type: NTFS
Drive D: | 17.72 Gb Total Space | 7.21 Gb Free Space | 40.68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMRAN-0DF6E2CF
Current User Name: Kamran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Kamran\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Kamran\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server -- File not found
"C:\Documents and Settings\Kamran\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Kamran\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup -- File not found
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- File not found
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Magentic\bin\MgImp.exe" = C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Magentic\bin\Magentic.exe" = C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Magentic\bin\MgApp.exe" = C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Kamran\Local Settings\Temp\ImInstaller\incredimail_installer.exe" = C:\Documents and Settings\Kamran\Local Settings\Temp\ImInstaller\incredimail_installer.exe:*:Enabled:IncrediMail Installer -- (IncrediMail Ltd.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00E1E235-AB45-4695-A156-073118949ED4}" = HiYo
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15C418EB-7675-42BE-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 19
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52503B4E-149A-4731-A6FF-495067EABFDC}" = TI_Inst
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GnuPG" = GNU Privacy Guard
"HiYo" = HiYo
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{52503B4E-149A-4731-A6FF-495067EABFDC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.77 Full
"Lexmark 1200 Series" = Lexmark 1200 Series
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"PhotoMail" = PhotoMail Maker
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.1.2

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


Report •

#14
August 4, 2010 at 02:39:39
[ Antivirus Events ]
Error - 1/6/2010 4:19:30 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\PREFS.JS
failed, 00000005.

Error - 1/6/2010 4:19:30 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\SESSIONSTORE.JS
failed, 00000005.

Error - 2/21/2010 5:26:41 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\EXTENSIONS\{3E0E7D2A-070F-4A47-B019-91FE5385BA79}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 2/21/2010 5:26:41 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\PREFS.JS
failed, 00000005.

Error - 2/21/2010 3:31:05 PM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\EXTENSIONS\{3E0E7D2A-070F-4A47-B019-91FE5385BA79}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 2/21/2010 3:31:07 PM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PALVEI9E.DEFAULT\PREFS.JS
failed, 00000005.

Error - 4/24/2010 11:27:55 PM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\Setup\fxsocm.dll failed, 00000005.

Error - 6/22/2010 8:28:52 PM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\DESKTOP\COPY OF ORIGNAL SCAN.JPG failed, 00000005.


Error - 7/1/2010 2:46:18 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\COWON\JETAUDIO\JETAUDIO.SDB failed,
00000005.

Error - 7/26/2010 1:37:32 AM | Computer Name = KAMRAN-0DF6E2CF | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\KAMRAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GKR69PM2.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.


Report •

#15
August 4, 2010 at 02:40:35
[ OSession Events ]
Error - 6/5/2010 11:38:13 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 635
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/4/2010 12:32:21 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/4/2010 12:32:21 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 8/4/2010 12:32:21 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/4/2010 12:32:21 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 8/4/2010 12:42:08 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/4/2010 12:42:08 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/4/2010 12:42:10 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 8/4/2010 4:57:23 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%2

Error - 8/4/2010 4:57:34 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 8/4/2010 4:57:34 AM | Computer Name = KAMRAN-0DF6E2CF | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

Report •

Ask Question