earwicker
-
Posts
30 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by earwicker
-
-
Hello,
Vipre rescue left several logs and a Quarantine folder.
Getting there on the boot. It's much better, but there is no restore, task mgr, and the 2 DVD drives aren't working.
Requested OTL files below.Thanks.
OTL
-------------------------------------------------------------------------------------------
OTL logfile created on: 1/21/2013 8:14:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dell_Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.01% Memory free
5.09 Gb Paging File | 2.96 Gb Available in Paging File | 58.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 93.60 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 233.59 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 7.35 Gb Free Space | 98.41% Space Free | Partition Type: FAT32
Computer Name: PC1 | User Name: Dell_Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/21 08:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell_Admin\Desktop\OTL.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/07 17:16:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 07:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/09 00:30:44 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9fe6a89ed637863398d1f655170b8b96\System.ServiceProcess.ni.dll
MOD - [2013/01/09 00:30:13 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\32b515633fcbcc6dad09b9dd09f2fc2f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 00:30:09 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 00:30:08 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/01/09 00:12:21 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/09 00:12:12 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/09 00:11:57 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/01/09 00:11:44 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll
MOD - [2013/01/09 00:11:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/09 00:11:07 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/09 00:10:50 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/09 00:10:36 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
========== Services (SafeList) ==========
SRV - [2013/01/08 14:35:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/07 17:16:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/08/05 11:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2011/07/25 07:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/07/22 08:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18D12EA3-920E-4D12-8C0E-1848127C33B2}\MpKsl44eb09fc.sys -- (MpKsl44eb09fc)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/01/11 17:42:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/25 12:14:24 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/01 11:44:26 | 000,404,256 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys -- (SRS_AE_Service)
DRV - [2011/07/25 07:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/22 08:43:08 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/03/17 11:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 19:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\URLSearchHook: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZon0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AD645849-996C-4A65-ADD5-3FCF1B6C404C}&mid=e01e8f10daef47d18adcd15857c5690c-80eb4ff0d34d56d8c6bf2367cf2394e9f4a2e0ad〈=en&ds=AVG&pr=pr&d=2012-04-27 07:17:45&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\SearchScopes\{E4323D95-1EAB-431B-B16D-8B9632002E0C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10111&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A5M&apn_dtid=^YYYYYY^YY^US&apn_uid=dd6159ad-894d-496f-b4a8-9456b3d3c8ec&apn_sauid=C5B843F6-1AFD-42C5-942D-F925553F4047&
IE - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 10:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/24 09:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/24 09:00:48 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Dell_Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
Hosts file not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\24.0.1312.52\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Suite Toolbar) - {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Suite Toolbar) - {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files\ZoneAlarm_Security_Suite\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\Dell_Admin\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1659004503-448539723-1177238915-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340306100093 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4604D1CD-71B9-4E22-A317-821E12869DB0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\24.0.1312.52\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/21 23:22:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c5bd3bc2-e967-11e0-a2a8-0011112180ff}\Shell - "" = AutoRun
O33 - MountPoints2\{c5bd3bc2-e967-11e0-a2a8-0011112180ff}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c5bd3bc2-e967-11e0-a2a8-0011112180ff}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/21 08:13:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dell_Admin\Desktop\OTL.exe
[2013/01/20 20:28:32 | 000,101,112 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2013/01/20 20:28:32 | 000,042,864 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/01/20 20:28:18 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2013/01/12 15:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell_Admin\My Documents\_2012 TAX
[2013/01/11 17:42:27 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2013/01/11 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2013/01/11 17:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
[2013/01/05 11:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell_Admin\My Documents\&_LOCAL Business
[2012/12/27 09:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dell_Admin\My Documents\mom checking acct statements
[2012/12/24 09:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/12/24 09:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/24 08:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/12/24 08:58:57 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/24 08:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/21 08:09:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dell_Admin\Desktop\OTL.exe
[2013/01/21 07:47:10 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 07:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/21 06:47:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 05:41:49 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2013/01/20 20:27:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2013/01/20 20:27:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/20 20:24:53 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2013/01/20 20:24:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/18 16:15:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2013/01/14 18:06:01 | 000,001,233 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/01/14 16:37:56 | 000,002,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ASellerTool PC Downloader.lnk
[2013/01/14 15:36:42 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2013/01/14 09:20:25 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Dell_Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/13 16:15:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2013/01/12 12:06:19 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Dell_Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 09:09:44 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/01/11 09:09:30 | 000,444,366 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/01/09 00:23:52 | 000,516,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 00:23:52 | 000,091,378 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/02 10:07:36 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/12/24 08:58:57 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/18 16:15:40 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2013/01/11 09:09:44 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/01/11 09:09:23 | 000,444,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/01/02 10:07:36 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/12/24 09:01:53 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2012/12/24 09:01:52 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-1177238915-1003.job
[2012/09/21 16:32:04 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2012/04/27 06:45:55 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\Dell_Admin\Local Settings\Application Data\dt.dat
[2012/04/11 19:01:03 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2012/02/14 19:54:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 15:14:55 | 002,231,452 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1659004503-448539723-1177238915-1003-0.dat
[2012/02/05 15:14:55 | 000,299,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/05 12:10:05 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/17 21:27:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/10/10 11:49:50 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/10/06 16:49:16 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys
[2011/10/03 13:51:58 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Dell_Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 07:00:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dell_Admin\Application Data\$_hpcst$.hpc
[2011/09/26 20:34:42 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2011/09/26 18:19:10 | 000,001,233 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/09/26 16:45:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dell_Admin\Local Settings\Application Data\PUTTY.RND
[2011/09/26 15:47:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2011/09/26 15:47:08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/09/26 15:47:03 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/09/26 15:47:03 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/09/26 15:47:03 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/09/26 15:47:03 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/09/21 23:35:04 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/09/21 23:34:44 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/09/21 23:24:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/09/21 23:19:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/21 19:14:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/21 19:12:13 | 000,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2011/09/28 06:32:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/06/21 13:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/05/09 10:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2011/10/10 13:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/09/21 23:38:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/18 14:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/04/28 09:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/18 14:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2011/10/08 06:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/12/18 14:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
========== Purity Check ==========
< End of report >
----------------------------------------------------------------------------------------------
EXTRAS FILE
-----------------------------------------------------------------------------------------------
OTL Extras logfile created on: 1/21/2013 8:14:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Dell_Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.01% Memory free
5.09 Gb Paging File | 2.96 Gb Available in Paging File | 58.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 93.60 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 233.59 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 7.35 Gb Free Space | 98.41% Space Free | Partition Type: FAT32
Computer Name: PC1 | User Name: Dell_Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1659004503-448539723-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Dell_Admin\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe" = C:\Documents and Settings\Dell_Admin\Local Settings\Temp\IXP000.TMP\SMPCSetup.exe:*:Enabled:SMPCSetup
"C:\Documents and Settings\Dell_Admin\Local Settings\Temp\IXP000.TMP\smwinvnc.exe" = C:\Documents and Settings\Dell_Admin\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5667B2-5D13-46C2-85B5-9D46A6096F61}" = Secure Download Manager
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D2A7576F-6C1E-43E5-83D8-E810D3ACDBD7}" = ASellerTool Data PC Downloader
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DC43DBDF-D824-35D4-332C-746A396AC95A}" = Amazon Music Importer
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon Music Importer
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.SingleImage" = Microsoft Office Professional 2010
"PROR" = Microsoft Office Professional 2007
"RealPlayer 16.0" = RealPlayer
"sp6" = Logitech SetPoint 6.32
"StartNow Toolbar" = StartNow Toolbar
"Switch" = Switch Sound File Converter
"TurboTax 2011" = TurboTax 2011
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.2
"winusb0100" = Microsoft WinUsb 1.0
"Wireshark" = Wireshark 1.8.3 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zune" = Zune
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1659004503-448539723-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/19/2013 1:01:18 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/19/2013 1:01:19 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
Error - 1/20/2013 9:35:14 PM | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.4.2499.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/20/2013 9:40:18 PM | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.4.2499.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/21/2013 1:02:13 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description =
Error - 1/21/2013 1:02:21 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/21/2013 1:02:23 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
Error - 1/21/2013 1:03:33 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description =
Error - 1/21/2013 1:03:37 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/21/2013 1:03:38 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
[ Application Events ]
Error - 1/19/2013 1:01:18 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/19/2013 1:01:19 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
Error - 1/20/2013 9:35:14 PM | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.4.2499.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/20/2013 9:40:18 PM | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application mpc-hc.exe, version 1.4.2499.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 1/21/2013 1:02:13 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description =
Error - 1/21/2013 1:02:21 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/21/2013 1:02:23 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2729450,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
Error - 1/21/2013 1:03:33 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 10005
Description =
Error - 1/21/2013 1:03:37 AM | Computer Name = PC1 | Source = MsiInstaller | ID = 1023
Description =
Error - 1/21/2013 1:03:38 AM | Computer Name = PC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2330.
[ OSession Events ]
Error - 8/18/2012 12:52:53 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 158670
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 9/14/2012 11:01:57 AM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58514
seconds with 480 seconds of active time. This session ended with a crash.
Error - 9/30/2012 9:57:19 AM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 228943
seconds with 2460 seconds of active time. This session ended with a crash.
Error - 10/14/2012 1:04:07 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 370460
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 10/22/2012 8:12:20 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 276570
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 11/14/2012 5:39:05 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 184766
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 11/18/2012 7:24:29 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 302050
seconds with 1680 seconds of active time. This session ended with a crash.
Error - 11/21/2012 6:19:24 AM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 132676
seconds with 1080 seconds of active time. This session ended with a crash.
Error - 12/18/2012 9:17:20 AM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 150171
seconds with 720 seconds of active time. This session ended with a crash.
Error - 1/4/2013 6:49:34 PM | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 116465
seconds with 1320 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 1/21/2013 1:02:34 AM | Computer Name = PC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2729450).
Error - 1/21/2013 1:05:02 AM | Computer Name = PC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2742596).
Error - 1/21/2013 2:55:26 AM | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 6:38:32 AM | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
[ System Events ]
Error - 1/21/2013 1:02:34 AM | Computer Name = PC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2729450).
Error - 1/21/2013 1:05:02 AM | Computer Name = PC1 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2742596).
Error - 1/21/2013 2:55:26 AM | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:03:23 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 4:33:22 AM | Computer Name = PC1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.141.3868.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9002.0&avdelta=1.141.3868.0&asdelta=1.141.3868.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.9002.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved
Error - 1/21/2013 6:38:32 AM | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
< End of report >
-
Hello,
Sorry about the underlining in previous post; I'm working with a very old laptop and didn't notice it until too late.
I was successful in running VIPRERescue. Do I continue with the next step, "7. Now see if you can run MBAM." ?
If so, can I download MBAM to a USB drive and run it from there or do I need to download MBAM directly to the infected computer? I'm cautious about connecting to the internet with the infected computer, because I'm not sure what the virus may do next.
Also, do I need to reboot the infected computer before I proceed?
Thanks again for your help.
-
Thanks for the quick reply, MrC. Unfortunately I can't get to any of the safe modes on the menu. I tried them all and just went back to verify it. Safe Mode doesn't work, I get a blue screen with STOP: 0x0000007B.
The same result with Safe Mode with Networking and Safe Mode with Command Prompt. I discovered I could get to Safe Mode by going to "Directory Services Restore Mode (Windows Domain Controllers Only" and then choosing Yes from the dialog. Restore Mode doesn't work and command prompts are disabled. Whew, I hope I haven't confused you. Simply put, no restore mode, no command prompts. And If I connect to the internet, the virus wil pop up the big Dept. of Justice Warning page. I can access USB drives, but not my DVD/RW.drive
-
My XP Pro computer is infected with a variant of the FBI virus (mine actually says "Dept. of Justice"). It wants a MoneyPak for $300. I am able to get to Safe Mode by accessing Directory Services Restore Mode from the F8 boot menu. If anyone can help me, it would be greatly appreciated. Thanks in advance.
Another FBI Virus Help Request
in Resolved Malware Removal Logs
Posted
Mr.C,
Here is the requested file: 01212013_195706.log.
I did not have to reboot.
--------------------------------------------------------------------------------------------------------------------------
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MpKsl44eb09fc stopped successfully!
Service MpKsl44eb09fc deleted successfully!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{18D12EA3-920E-4D12-8C0E-1848127C33B2}\MpKsl44eb09fc.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service AVGIDSShim stopped successfully!
Service AVGIDSShim deleted successfully!
File system32\DRIVERS\avgidsshimx.sys not found.
Service AVGIDSHX stopped successfully!
Service AVGIDSHX deleted successfully!
File system32\DRIVERS\avgidshx.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartNowToolbarHelper deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 01212013_195706
-------------------------------------------------------------- END OF FILE----------------------------------------------------------------------------
Regards,
earwicker