Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Total Security" - at least that's how it started


  • This topic is locked This topic is locked
13 replies to this topic

#1 JudyLee

JudyLee

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 21 September 2009 - 12:45 AM

Let me start by saying Thank you all for being here.

This "HP Pavillion Entertainment PC" laptop came to me as a gift back in the spring.
It was completely reformatted by a dear friend's geek-mother and reset to factory specs.
Except for a small bit of physical damage, it is absolutely perfect.

Last month my 13 year old son clicked somewhere he should not have clicked
(I asked - he said it was a link in an email - and no he would not tell me what it was -
ok - we can all guess - but he is a good kid and feels really bad about the results).

How did I realize that he had done something?

I logged on after work the next day and my entire desktop was replaced by a bright blue and pink screen with the words "TOTAL SECURITY" across the top... being prompted to download their Total Security System to protect my computer. Well I know better than that! I finally managed to get my desktop back by using ctr-alt-del and ending its process. I tried AVG - it said the file had been corrupted and would not load - I should get Total Security instead. I tried SpyBot - it said the file had been corrupted and would not load - I should get Total Security instead. I tried to get to a restore point, but it said the restore point had been corrupted - I should get Total Security to fix it.

With over 3 hours of help over Ventrilo from a truly dedicated geek friend, we finally found a program running named "16887344.exe"
He directed me to the ways and means of removing this program - finding its traces in the registry and removing them- and finally
regaining the ability to use AVG and SpyBot... which I ran and found nothing remarkable as I recall. We patted ourselves on the back for a job well done, and held our collective breath that nothing else would show up.

A different truly-talented geek friend suggested that I update ComboFix and run it till it didn't find anything to fix, and then send him the log - which I did - and he said it looked fine - just a few not-too-bad items to remove but it wouldn't really matter if they were not removed. He assumed the bad stuff had been found and dealt with.

Well I feel like I've used up all my geek-friend tokens for this month ... But something is still not right - the Windows Explorer part of my system works terribly slowly. When I mouse over the START button, it can take up to a minute before the cursor changes to acknowledge that it is there. When I'm trying to change from one window to another, it can take a minute or more to accomplish the change. Even alt-tab works very slowly for changing windows. Logging on and off can take several minutes as well.

Also every time I log on now I get a blue screen stating inconsistencies on this disk. The computer has only a C: drive and a D: drive. I was told that the D: drive should be where the backup restore ability is stored. When I try to open that, it says it is inaccessible or corrupted.

I would be happy to just reformat and start over, but I was not given the restore disks with the computer. My normal usage for this computer is gaming (my two teenage sons and I are World of Warcraft players), with usually a firefox browser open too keep track of fan sites, and aim and msn running to keep in touch with friends coming and going.

I have a little bit of knowledge about these things ... and I know - A little bit of knowledge is a very dangerous thing!
But I can pay attention and follow directions, so I'd be very grateful for any suggestions you can give me.

Many thanks,
JudyLee
My Signature Response:

BC AdBot (Login to Remove)

 


#2 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 21 September 2009 - 01:00 AM

I thought I should add something ...

Today I decided to try "Start in Recovery Console"
It directed me to check the computer for viruses and said to "Run: CHKDSK /F"
but I don't have an F drive.
It also said... "Tech Info: Stop: 0X0000007B (0XF7A89534, 0X0000034, 0X00000000, 0x00000000)

Also I tried to run Spybot tonight, and it froze on "514970/545801: Win32.TDSS.dt"

Thanks again.

Edited by JudyLee, 21 September 2009 - 01:02 AM.

My Signature Response:

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:43 AM

Posted 21 September 2009 - 08:31 PM

Win32.TDSS.dt

= a pretty nasty rootkit



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Direct Download (Recommended)
  • Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Riight-click on rootrepeal.exe and rename it to tatertot.scr
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 21 September 2009 - 11:50 PM

Okee Dokee - Wow - rootkit hmm?
I'll try to not freak at the sound of the word and trust you to work your magic ;-)
First of all - because I had some messages that indicated both C and D drives might have issues, I chose to scan both drives with RootRepeal.
Second - there were two reports - the first was the report that RootRepeal generated as it ran, and then there was an error log when it stopped (I'll post that one second here).
Again - many many thanks for all you do.
Hugs, JudyLee

First Report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/21 23:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xAA9D7000 Size: 876544 File Visible: No Signed: -
Status: -

Name: tatertot.scr.sys
Image Path: C:\WINDOWS\system32\drivers\tatertot.scr.sys
Address: 0xA84A3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: D:\AUTOEXEC.BAT
Status: Invisible to the Windows API!

Path: D:\Recycled
Status: Invisible to the Windows API!

Path: D:\BOOT.INI
Status: Invisible to the Windows API!

Path: D:\cmdcons
Status: Invisible to the Windows API!

Path: D:\CMLDR
Status: Invisible to the Windows API!

Path: D:\CONFIG.SYS
Status: Invisible to the Windows API!

Path: D:\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\Folder.htt
Status: Invisible to the Windows API!

Path: D:\GRAPH
Status: Invisible to the Windows API!

Path: D:\GRAPH16
Status: Invisible to the Windows API!

Path: D:\IO.SYS
Status: Invisible to the Windows API!

Path: D:\MiniNT
Status: Invisible to the Windows API!

Path: D:\MSDOS.SYS
Status: Invisible to the Windows API!

Path: D:\NTDETECT.COM
Status: Invisible to the Windows API!

Path: D:\NTFS
Status: Invisible to the Windows API!

Path: D:\NTLDR
Status: Invisible to the Windows API!

Path: D:\HPCD.SYS
Status: Invisible to the Windows API!

Path: D:\protect.ed
Status: Invisible to the Windows API!

Path: D:\SAVEFILE.DIR
Status: Invisible to the Windows API!

Path: D:\Warning.bmp
Status: Invisible to the Windows API!

Path: D:\I386
Status: Invisible to the Windows API!

Path: D:\WIN51
Status: Invisible to the Windows API!

Path: D:\WIN51IA
Status: Invisible to the Windows API!

Path: D:\WIN51IA.SP1
Status: Invisible to the Windows API!

Path: D:\WINBOM.INI
Status: Invisible to the Windows API!

Path: D:\XGA
Status: Invisible to the Windows API!

Path: D:\BLOCK.RIN
Status: Invisible to the Windows API!

Path: D:\MASTER.LOG
Status: Invisible to the Windows API!

Path: D:\USER
Status: Invisible to the Windows API!

Path: D:\RECOVERY
Status: Invisible to the Windows API!

Path: D:\PRELOAD
Status: Invisible to the Windows API!

Path: D:\RCBoot.sys
Status: Invisible to the Windows API!

Path: D:\System Volume Information
Status: Invisible to the Windows API!

Path: D:\$AVG8.VAULT$
Status: Invisible to the Windows API!

Path: D:\Recycled\INFO2
Status: Invisible to the Windows API!

Path: D:\Recycled\DESKTOP.INI
Status: Invisible to the Windows API!

Path: D:\cmdcons\1394bus.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\acpi.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\acpiec.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\adpu160m.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\adpu320.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\afcnt.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\aic78u2.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\aic78xx.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\aliide.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\amdide.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\arc.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\atapi.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\autochk.exe
Status: Invisible to the Windows API!

Path: D:\cmdcons\autofmt.exe
Status: Invisible to the Windows API!

Path: D:\cmdcons\biosinfo.inf
Status: Invisible to the Windows API!

Path: D:\cmdcons\BOOTSECT.DAO
Status: Invisible to the Windows API!

Path: D:\cmdcons\BOOTSECT.DAT
Status: Invisible to the Windows API!

Path: D:\cmdcons\bootvid.dl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cbidf2k.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cd20xrnt.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cdfs.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cdrom.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\classpnp.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cmdide.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cpqarray.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cpqarry2.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cpqcissm.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\cpqfcalm.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\c_1252.nl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\c_437.nl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dac2w2k.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dac960nt.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dellcerc.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\cmdcons\disk.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\disk101
Status: Invisible to the Windows API!

Path: D:\cmdcons\disk102
Status: Invisible to the Windows API!

Path: D:\cmdcons\disk103
Status: Invisible to the Windows API!

Path: D:\cmdcons\disk104
Status: Invisible to the Windows API!

Path: D:\cmdcons\dmboot.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dmio.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dmload.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\dpti2o.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\drvmain.sdb
Status: Invisible to the Windows API!

Path: D:\cmdcons\fastfat.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\fdc.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\flpydisk.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\ftdisk.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hal.dl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\halaacpi.dl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\halacpi.dl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\halapic.dl_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hidclass.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hidparse.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hidusb.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hpcisss.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hpn.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\hpt3xx.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\i2omgmt.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\i2omp.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\i8042prt.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\iirsp.sy_
Status: Invisible to the Windows API!

Path: D:\cmdcons\intelide.sy_
Status: Invisible to the Windows API!

Path: D:\MiniNT\biosinfo.inf
Status: Invisible to the Windows API!

Path: D:\MiniNT\bootfix.bin
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts
Status: Invisible to the Windows API!

Path: D:\MiniNT\inf
Status: Invisible to the Windows API!

Path: D:\MiniNT\ntdetect.com
Status: Invisible to the Windows API!

Path: D:\MiniNT\setupldr.bin
Status: Invisible to the Windows API!

Path: D:\MiniNT\setupldr.exe
Status: Invisible to the Windows API!

Path: D:\MiniNT\spcmdcon.sys
Status: Invisible to the Windows API!

Path: D:\MiniNT\startrom.com
Status: Invisible to the Windows API!

Path: D:\MiniNT\system32
Status: Invisible to the Windows API!

Path: D:\MiniNT\txtsetup.sif
Status: Invisible to the Windows API!

Path: D:\MiniNT\winbom.ini
Status: Invisible to the Windows API!

Path: D:\MiniNT\WinSxS
Status: Invisible to the Windows API!

Path: D:\MiniNT\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\MiniNT\Warning.bmp
Status: Invisible to the Windows API!

Path: D:\MiniNT\SETUPAPI.LOG
Status: Invisible to the Windows API!

Path: D:\MiniNT\Folder.htt
Status: Invisible to the Windows API!

Path: D:\MiniNT\Protect.ed
Status: Invisible to the Windows API!

Path: D:\I386\APPS
Status: Invisible to the Windows API!

Path: D:\I386\DRV
Status: Invisible to the Windows API!

Path: D:\I386\BOOT.IMG
Status: Invisible to the Windows API!

Path: D:\I386\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\I386\Warning.bmp
Status: Invisible to the Windows API!

Path: D:\I386\Folder.htt
Status: Invisible to the Windows API!

Path: D:\I386\Protect.ed
Status: Invisible to the Windows API!

Path: D:\I386\SPR
Status: Invisible to the Windows API!

Path: D:\RECOVERY\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\RECOVERY\Warning.bmp
Status: Invisible to the Windows API!

Path: D:\RECOVERY\Protect.ed
Status: Invisible to the Windows API!

Path: D:\RECOVERY\Folder.htt
Status: Invisible to the Windows API!

Path: D:\PRELOAD\ALL.ITR
Status: Invisible to the Windows API!

Path: D:\PRELOAD\WINDOWS.ITR
Status: Invisible to the Windows API!

Path: D:\PRELOAD\WINDOWS.DAT
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE.DAT
Status: Invisible to the Windows API!

Path: D:\PRELOAD\ALL.CRC
Status: Invisible to the Windows API!

Path: D:\PRELOAD\WINDOWS.CRC
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_01.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_02.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_03.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_04.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_05.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_06.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_07.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_08.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_09.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_10.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_11.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_12.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_13.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_14.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE_15.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\BASE1.INP
Status: Invisible to the Windows API!

Path: D:\PRELOAD\WINDOWS.W32
Status: Invisible to the Windows API!

Path: D:\PRELOAD\ALL.W32
Status: Invisible to the Windows API!

Path: D:\PRELOAD\Folder.htt
Status: Invisible to the Windows API!

Path: D:\PRELOAD\Protect.ed
Status: Invisible to the Windows API!

Path: D:\PRELOAD\Desktop.ini
Status: Invisible to the Windows API!

Path: D:\PRELOAD\Warning.bmp
Status: Invisible to the Windows API!

Path: D:\PRELOAD\SPLIT.LOG
Status: Invisible to the Windows API!

Path: D:\PRELOAD\DVD
Status: Invisible to the Windows API!

Path: D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}
Status: Invisible to the Windows API!

Path: D:\$AVG8.VAULT$\VVFOLDER.IDX
Status: Invisible to the Windows API!

Path: D:\$AVG8.VAULT$\V_00000033.fil
Status: Invisible to the Windows API!

Path: D:\$AVG8.VAULT$\V_00000034.fil
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514fix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514fixe.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514fixg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514fixr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514fixt.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514oem.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514oeme.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514oemg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514oemr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514oemt.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514sys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514syse.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514sysg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514sysr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\8514syst.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85855.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85f1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85f1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85f874.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85s1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85s1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\85s874.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ahronbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\andlso.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSA.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAU.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAUB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAUI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAUZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ANGSAZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app850.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app852.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app855.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app857.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app866.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app932.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app936.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app949.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\app950.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\arial.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\arialbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\arialbi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ariali.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ariblk.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\artrbdo.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\artro.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\batang.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWA.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAU.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAUB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAUI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAUZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\BROWAZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\c8514fix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\c8514oem.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\c8514sys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40737.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40850.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40852.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40857.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40866.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40869.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga40woa.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80737.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80850.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80852.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80857.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80866.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80869.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cga80woa.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\comic.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\comicbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIA.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAU.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAUB.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAUI.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAUZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\CORDIAZ.TTF
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\coue1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\coue1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\couf1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\couf1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cour.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courbi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\coure.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\couree.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\coureg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courer.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\couret.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courf.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courfe.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courfg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courfr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\courft.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\couri.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cvgafix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\cvgasys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\david.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\davidbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\davidtr.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\dos737.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\dosapp.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40737.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40850.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40852.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40857.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40866.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40869.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega40woa.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80737.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80850.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80852.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80857.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80866.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80869.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ega80woa.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\estre.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\framd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\framdit.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\frank.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\Gautami.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\georgia.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\georgiab.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\georgiai.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\georgiaz.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\gulim.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\h8514fix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\h8514oem.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\h8514sys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\hvgafix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\hvgasys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\impact.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\j8514fix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\j8514oem.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\j8514sys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\jsmalle.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\jsmallf.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\jvgafix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\jvgasys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\latha.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\lucon.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\lvnm.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\lvnmbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\l_10646.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mangal.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\marlett.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\micross.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mingliu.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\modern.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mriam.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mriamc.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mriamfx.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mriamtr.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\msdlg874.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\msgothic.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\msmincho.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\mvboli.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\nrkis.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\pala.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\palab.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\palabi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\palai.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\Raavi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\rod.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\rodtr.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\roman.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\s8514fix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\s8514oem.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\s8514sys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\script.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sere1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sere1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serf1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serf1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serife.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serifee.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serifeg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serifer.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serifet.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\seriff.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\seriffe.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\seriffg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\seriffr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\serifft.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\Shruti.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\simhei.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\simpbdo.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\simpfxo.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\simpo.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\simsun.ttc
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smae1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smae1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smaf1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smaf1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smalle.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallee.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smalleg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smaller.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallet.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallf.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallfe.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallfg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallfr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\smallft.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssee1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssee1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssee874.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssef1255.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssef1256.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\ssef874.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserife.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserifee.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserifeg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserifer.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserifet.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sseriff.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sseriffe.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sseriffg.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sseriffr.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sserifft.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\svgafix.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\svgasys.fon
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\sylfaen.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\symbol.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\tahoma.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\tahomabd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\times.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\timesbd.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\timesbi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\timesi.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\tradbdo.ttf
Status: Invisible to the Windows API!

Path: D:\MiniNT\Fonts\trado.ttf
Status: InviSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf75e087e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf75e0bfe

==EOF==

Tatertot Error Log

00:08:06: Could not enumerate files in dir \'\\?\D:\*\' with the Windows API! Error code - 0x00000570
00:08:40: Could not enumerate files in dir \'\\?\D:\Recycled\*\' with the Windows API! Error code - 0x00000570
00:09:00: Could not enumerate files in dir \'\\?\D:\cmdcons\*\' with the Windows API! Error code - 0x00000570
00:09:34: Could not enumerate files in dir \'\\?\D:\MiniNT\*\' with the Windows API! Error code - 0x00000570
00:09:51: Could not enumerate files in dir \'\\?\D:\I386\*\' with the Windows API! Error code - 0x00000570
00:10:08: Could not enumerate files in dir \'\\?\D:\RECOVERY\*\' with the Windows API! Error code - 0x00000570
00:10:42: Could not enumerate files in dir \'\\?\D:\PRELOAD\*\' with the Windows API! Error code - 0x00000570
00:10:59: Could not enumerate files in dir \'\\?\D:\System Volume Information\*\' with the Windows API! Error code - 0x00000570
00:11:33: Could not enumerate files in dir \'\\?\D:\$AVG8.VAULT$\*\' with the Windows API! Error code - 0x00000570
00:11:50: Could not enumerate files in dir \'\\?\D:\MiniNT\Fonts\*\' with the Windows API! Error code - 0x00000570
00:12:07: Could not enumerate files in dir \'\\?\D:\MiniNT\inf\*\' with the Windows API! Error code - 0x00000570
00:12:41: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\*\' with the Windows API! Error code - 0x00000570
00:12:58: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\*\' with the Windows API! Error code - 0x00000570
00:13:32: Could not enumerate files in dir \'\\?\D:\I386\APPS\*\' with the Windows API! Error code - 0x00000570
00:13:49: Could not enumerate files in dir \'\\?\D:\I386\DRV\*\' with the Windows API! Error code - 0x00000570
00:14:06: Could not enumerate files in dir \'\\?\D:\I386\SPR\*\' with the Windows API! Error code - 0x00000570
00:14:40: Could not enumerate files in dir \'\\?\D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\*\' with the Windows API! Error code - 0x00000570
00:14:57: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\config\*\' with the Windows API! Error code - 0x00000570
00:15:31: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\DBLENV\*\' with the Windows API! Error code - 0x00000570
00:15:48: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\drivers\*\' with the Windows API! Error code - 0x00000570
00:16:05: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\Res256\*\' with the Windows API! Error code - 0x00000570
00:16:39: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\LOG\*\' with the Windows API! Error code - 0x00000570
00:16:56: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\manifests\*\' with the Windows API! Error code - 0x00000570
00:17:30: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\*\' with the Windows API! Error code - 0x00000570
00:17:47: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.tools.visualcplusplus.runtime-libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\*\' with the Windows API! Error code - 0x00000570
00:18:04: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.1830_x-ww_1b6f474a\*\' with the Windows API! Error code - 0x00000570
00:18:39: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.1830_x-ww_7ae38ccf\*\' with the Windows API! Error code - 0x00000570
00:18:56: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.cplusplusruntime_6595b64144ccf1df_7.0.3790.1830_x-ww_84e4cbaf\*\' with the Windows API! Error code - 0x00000570
00:19:30: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.3790.1830_x-ww_24c40c58\*\' with the Windows API! Error code - 0x00000570
00:19:47: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.isolationautomation.proxystub_6595b64144ccf1df_1.0.3790.1830_x-ww_148995c5\*\' with the Windows API! Error code - 0x00000570
00:20:04: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.3790.1830_x-ww_952c75b7\*\' with the Windows API! Error code - 0x00000570
00:20:40: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.networking.dxmrtp_6595b64144ccf1df_5.2.2.1830_x-ww_c1f0cd1a\*\' with the Windows API! Error code - 0x00000570
00:20:57: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.networking.rtcdll_6595b64144ccf1df_5.2.2.1830_x-ww_5229f208\*\' with the Windows API! Error code - 0x00000570
00:21:31: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.networking.rtcres_6595b64144ccf1df_5.2.2.1830_en_920eb233\*\' with the Windows API! Error code - 0x00000570
00:21:48: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\x86_microsoft.windows.winhttp_6595b64144ccf1df_5.1.3790.1830_x-ww_74150efb\*\' with the Windows API! Error code - 0x00000570
00:22:05: Could not enumerate files in dir \'\\?\D:\I386\APPS\DTA\*\' with the Windows API! Error code - 0x00000570
00:22:39: Could not enumerate files in dir \'\\?\D:\I386\DRV\DTA\*\' with the Windows API! Error code - 0x00000570
00:22:56: Could not enumerate files in dir \'\\?\D:\I386\SPR\DTA\*\' with the Windows API! Error code - 0x00000570
00:23:30: Could not enumerate files in dir \'\\?\D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP105\*\' with the Windows API! Error code - 0x00000570
00:23:47: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\DBLENV\RES256\*\' with the Windows API! Error code - 0x00000570
00:24:04: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\DBLENV\SYSTEM32\*\' with the Windows API! Error code - 0x00000570
00:24:38: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\drivers\etc\*\' with the Windows API! Error code - 0x00000570
00:24:55: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.1.0.microsoft.windows.gdiplus_6595b64144ccf1df_x-ww_4e8510ac\*\' with the Windows API! Error code - 0x00000570
00:25:12: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.1.0.microsoft.windows.isolationautomation.proxystub_6595b64144ccf1df_x-ww_b9986d7f\*\' with the Windows API! Error code - 0x00000570
00:25:46: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.1.0.microsoft.windows.isolationautomation_6595b64144ccf1df_x-ww_a7e6fa8d\*\' with the Windows API! Error code - 0x00000570
00:26:03: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.5.1.microsoft.windows.winhttp_6595b64144ccf1df_x-ww_7d68ae49\*\' with the Windows API! Error code - 0x00000570
00:26:41: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.5.2.microsoft.windows.networking.dxmrtp_6595b64144ccf1df_x-ww_362e60dd\*\' with the Windows API! Error code - 0x00000570
00:26:58: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.5.2.microsoft.windows.networking.rtcdll_6595b64144ccf1df_x-ww_c7b7206f\*\' with the Windows API! Error code - 0x00000570
00:27:32: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.5.2.microsoft.windows.systemcompatible_6595b64144ccf1df_x-ww_92c6fb91\*\' with the Windows API! Error code - 0x00000570
00:27:49: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.5.82.microsoft.windows.common-controls_6595b64144ccf1df_x-ww_65777d82\*\' with the Windows API! Error code - 0x00000570
00:28:06: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.6.0.microsoft.windows.common-controls_6595b64144ccf1df_x-ww_5ddad775\*\' with the Windows API! Error code - 0x00000570
00:28:40: Could not enumerate files in dir \'\\?\D:\MiniNT\WinSxS\setuppolicies\x86_policy.7.0.microsoft.windows.cplusplusruntime_6595b64144ccf1df_x-ww_a317e4b3\*\' with the Windows API! Error code - 0x00000570
00:28:57: Could not enumerate files in dir \'\\?\D:\MiniNT\system32\DBLENV\SYSTEM32\RES256\*\' with the Windows API! Error code - 0x00000570
My Signature Response:

#5 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 22 September 2009 - 06:14 PM

Oh Cheer!!!
You are on my thread right now!!
Yay!!
My Signature Response:

#6 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:43 AM

Posted 22 September 2009 - 06:15 PM

Save that log and lets try one more



1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 22 September 2009 - 06:19 PM

I am on it!
Btw the 2nd link is broken.
~sad face~
My Signature Response:

#8 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 22 September 2009 - 06:21 PM

This is it ... short and .... well ... short!
~~~~

Running from: C:\Documents and Settings\Judy\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Judy\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!
My Signature Response:

#9 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:43 AM

Posted 23 September 2009 - 03:48 PM

I sent you a PM
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 23 September 2009 - 07:23 PM

Thank you - here's the log ...

Volume in drive C has no label.
Volume Serial Number is E4CA-476B

Directory of C:\WINDOWS\$NtUninstallKB968389$

03/16/2006 12:00 AM 407,040 netlogon.dll
1 File(s) 407,040 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

03/16/2006 12:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

02/06/2009 02:46 PM 408,064 netlogon.dll

Directory of C:\WINDOWS\system32

03/16/2006 12:00 AM 55,808 eventlog.dll
3 File(s) 644,096 bytes

Directory of C:\WINDOWS\system32\dllcache

02/06/2009 02:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\system32\dllcache\cache

03/16/2006 12:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache\cache

02/06/2009 02:46 PM 408,064 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache\cache

03/16/2006 12:00 AM 55,808 eventlog.dll
3 File(s) 644,096 bytes

Total Files Listed:
11 File(s) 2,747,904 bytes
0 Dir(s) 38,143,823,872 bytes free
My Signature Response:

#11 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:43 AM

Posted 24 September 2009 - 05:34 PM

OK, no more messing around


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 24 September 2009 - 06:18 PM

"OK, no more messing around"

Sir, YES Sir!

~grin~

OTL logfile created on: 9/24/2009 7:07:55 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 406.96 Mb Available Physical Memory | 40.13% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.46 Gb Total Space | 35.51 Gb Free Space | 44.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC785018295244
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/07/05 02:09:03 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/07/25 16:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/09/03 18:49:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/16 00:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/05/04 01:58:26 | 00,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/06/17 01:22:46 | 00,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/02/06 05:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/07/05 02:09:08 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/03 18:49:37 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/05 14:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/06/29 21:42:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/09/03 18:49:41 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/03 18:49:40 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/03/16 00:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/09/23 02:31:21 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/10 13:49:24 | 00,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/09/24 18:57:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/06/12 16:27:28 | 00,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr [On_Demand | Stopped])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/07/25 16:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/09/03 18:49:34 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/12/15 23:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/06 00:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/24 15:13:36 | 00,242,424 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [Disabled | Stopped])
SRV - [2006/03/16 00:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/05/02 18:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Stopped])
SRV - [2005/04/04 03:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/04/02 05:51:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2009/07/05 02:09:03 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/05/18 19:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/07/25 16:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [On_Demand | Stopped])
SRV - [2005/08/06 00:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Stopped])
SRV - [2004/08/10 15:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2009/06/22 07:49:04 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe -- (MSMQ [Auto | Stopped])
SRV - [2009/06/22 07:49:23 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe -- (MSMQTriggers [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/06/06 16:39:56 | 00,061,952 | ---- | M] (Ricoh) -- C:\WINDOWS\System32\Drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD [On_Demand | Running])
DRV - [2001/08/18 00:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/04 10:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/18 00:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/18 00:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2009/09/03 18:49:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/09/03 18:49:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/23 09:30:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/05/12 16:05:02 | 00,057,320 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/18 00:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/18 00:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/04/11 06:35:18 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/09/19 17:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabfiltr.sys -- (eabfiltr [System | Running])
DRV - [2005/09/19 17:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/09/19 17:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2006/06/02 11:02:36 | 00,572,928 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\System32\drivers\CHDAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/04/20 12:02:40 | 00,208,000 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/04/20 12:03:20 | 00,995,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/03/22 16:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005/10/13 05:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/05/17 02:08:26 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/02/15 07:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2009/06/22 07:48:44 | 00,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mqac.sys -- (MQAC [On_Demand | Running])
DRV - [2001/08/18 00:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/03/16 00:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/06/20 20:05:58 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/18 00:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/18 00:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/18 00:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/11/16 16:28:32 | 00,028,928 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [On_Demand | Running])
DRV - [2005/12/22 13:02:22 | 00,051,840 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [On_Demand | Running])
DRV - [2005/11/01 14:08:00 | 00,308,992 | ---- | M] (REDC) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp [On_Demand | Running])
DRV - [2008/05/08 08:28:49 | 00,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RMCast.sys -- (RMCAST [On_Demand | Running])
DRV - [2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006/03/16 00:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/04 10:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/18 01:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/18 01:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/18 01:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/18 01:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/18 01:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2006/06/17 00:40:56 | 00,193,120 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/18 00:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2006/04/21 13:06:24 | 01,429,632 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running])
DRV - [2006/04/20 12:02:36 | 00,727,296 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: foxsaver@www.foxsaver.com:2.2.7.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/02 05:51:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/29 11:00:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/03 19:23:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 18:33:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/23 02:31:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/23 02:31:43 | 00,000,000 | ---D | M]

[2009/03/20 23:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Extensions
[2009/03/20 23:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/23 02:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions
[2009/09/15 12:03:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/29 16:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\foxmarks@kei.com
[2009/09/03 18:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\mozilla\Firefox\Profiles\yklwuwgl.default\extensions\foxsaver@www.foxsaver.com
[2009/03/20 23:24:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/23 02:31:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/23 02:30:55 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/23 02:30:56 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/02 05:49:57 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/23 02:31:29 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/04/19 03:58:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/04/19 03:58:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/04/19 03:58:50 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/09/23 02:31:32 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/09/23 02:31:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/29 15:25:00 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/09/23 02:31:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/23 02:31:33 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/09/23 02:31:33 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/23 02:31:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/09/23 02:31:33 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [Google Update] C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-550649503-4093617429-2617151104-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[41 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/24 18:57:59 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2009/09/23 20:17:27 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\peek.bat
[2009/09/23 20:17:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\My Documents\Downloads
[2009/09/22 19:17:49 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\Win32kDiag.exe
[2009/09/21 23:40:03 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\settings.dat
[2009/09/21 23:36:37 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Judy\Desktop\tatertot.scr.exe
[2009/09/13 12:51:31 | 01,089,601 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/09/13 03:48:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/13 03:48:20 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/13 03:47:38 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/09/13 03:44:00 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/09/13 03:44:00 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/09/13 03:44:00 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/09/13 03:43:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/09/13 03:43:58 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/09/13 03:43:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/09/13 03:43:54 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/09/13 03:43:47 | 00,000,000 | ---D | C] -- C:\1828b8d98095724c3b
[2009/09/13 03:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/09/11 20:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Local Settings\Application Data\KodakGallery
[2009/09/11 20:53:45 | 00,027,648 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/11 20:53:45 | 00,003,072 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/11 20:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Application Data\Skinux
[2009/09/11 20:33:22 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/09/11 20:33:21 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/09/11 20:33:21 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/09/11 20:33:21 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/09/11 20:11:10 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/09/11 20:11:09 | 00,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/09/11 20:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/09/11 19:59:05 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2009/09/11 19:59:05 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2009/09/11 19:59:05 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2009/09/11 19:59:05 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2009/09/11 19:59:05 | 00,062,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2009/09/11 19:55:56 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/09/11 19:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/09/10 19:15:38 | 00,353,777 | ---- | C] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.JPG
[2009/09/07 12:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Judy\Desktop\Wellington
[2009/09/06 01:38:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/04 19:10:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/29 20:10:57 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/29 20:10:57 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/29 20:10:57 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/29 20:10:57 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/29 20:10:57 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/29 20:10:57 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/29 20:10:57 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/29 20:10:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/29 20:10:57 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/29 20:10:57 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/29 20:10:56 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/29 20:10:56 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/29 20:10:56 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/29 20:10:56 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/29 20:10:56 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/29 20:10:56 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/29 20:10:56 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/29 20:10:56 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/29 20:10:56 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/29 20:10:56 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/29 20:10:56 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/29 20:10:56 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/29 20:10:56 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/29 20:10:56 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/29 20:10:56 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/29 20:10:56 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/29 20:10:56 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/29 20:10:56 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/29 20:10:56 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/29 20:10:56 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/29 20:10:56 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/29 20:10:56 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/29 20:10:56 | 00,182,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/29 20:10:56 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/29 20:10:56 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/29 20:10:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/29 20:10:56 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/29 20:10:56 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/29 20:10:56 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/29 20:10:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/29 20:10:56 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/29 20:10:56 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/29 20:10:56 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/29 20:10:56 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/29 20:10:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/29 20:10:56 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/29 20:10:56 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/29 20:10:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/29 20:10:56 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/29 20:10:56 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/29 20:10:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/29 20:10:56 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/29 20:10:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/29 20:10:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/29 20:10:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/29 20:10:56 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/29 20:10:56 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/29 20:10:56 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/29 20:10:56 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/29 20:10:56 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/29 20:10:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/29 16:09:55 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/29 02:43:26 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 02:02:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/27 19:42:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/22 23:45:46 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/03/22 02:51:53 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/12 03:29:34 | 00,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/12 03:25:15 | 00,000,748 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/12 03:10:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 02:57:52 | 00,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 15:18:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:46:56 | 00,005,326 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:13:22 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/06/29 07:00:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/03/16 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/03/04 03:07:34 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 14:09:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/06 14:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/01/07 18:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[41 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/24 18:57:59 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Judy\Desktop\OTL.exe
[2009/09/24 18:52:49 | 41,731,982 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/24 18:48:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005UA.job
[2009/09/24 18:47:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/24 18:46:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/24 18:46:44 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/23 21:48:01 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-550649503-4093617429-2617151104-1005Core.job
[2009/09/23 20:17:27 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\peek.bat
[2009/09/22 19:17:49 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Win32kDiag.exe
[2009/09/22 19:10:49 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/21 23:41:23 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\settings.dat
[2009/09/21 23:36:39 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Judy\Desktop\tatertot.scr.exe
[2009/09/21 02:08:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/09/18 15:49:36 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\Google Chrome.lnk
[2009/09/14 18:22:18 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/13 04:51:15 | 00,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/13 04:08:44 | 00,518,380 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/13 04:08:44 | 00,453,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/13 04:08:44 | 00,075,092 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/11 21:06:10 | 00,027,648 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/11 20:53:44 | 00,003,072 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/11 20:11:10 | 00,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/09/11 20:11:10 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/09/10 19:15:38 | 00,353,777 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.JPG
[2009/09/10 19:09:59 | 00,465,493 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-png.png
[2009/09/10 19:09:10 | 02,376,882 | ---- | M] () -- C:\Documents and Settings\Judy\Desktop\gc-pony-photoshop.psd
[2009/09/06 18:04:50 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/04 19:08:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/04 18:32:54 | 03,192,102 | R--- | M] () -- C:\Documents and Settings\Judy\Desktop\ComboFix.exe
[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/03 18:49:41 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/03 18:49:41 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/03 18:49:41 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/29 20:04:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/29 19:14:41 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\ESQULzxspectrum
[2009/08/29 14:27:20 | 00,005,326 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/08/29 13:19:04 | 01,577,100 | -H-- | M] () -- C:\Documents and Settings\Judy\Local Settings\Application Data\IconCache.db
[2009/08/29 02:47:56 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

OTL Extras logfile created on: 9/24/2009 7:08:20 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Judy\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 406.96 Mb Available Physical Memory | 40.13% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.46 Gb Total Space | 35.51 Gb Free Space | 44.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC785018295244
Current User Name: Judy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Update
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AVG8Uninstall" = AVG Free 8.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"ESPNMotion" = ESPNMotion
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Peggle Deluxe 1.01" = Peggle Deluxe 1.01
"PROSet" = Intel® PRO Network Connections Drivers
"Rhapsody" = Rhapsody
"SwiftKit" = SwiftKit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-550649503-4093617429-2617151104-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2009 9:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/4/2009 6:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/5/2009 12:32:34 AM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 6:38:39 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/12/2009 12:50:38 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/17/2009 10:50:37 AM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 12:48:06 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 10:35:29 PM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2009 4:49:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/21/2009 5:50:37 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 9/1/2009 9:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/4/2009 6:48:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/5/2009 12:32:34 AM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 6:38:39 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/12/2009 12:50:38 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/17/2009 10:50:37 AM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 12:48:06 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/20/2009 10:35:29 PM | Computer Name = PC785018295244 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2009 4:49:05 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

Error - 9/21/2009 5:50:37 PM | Computer Name = PC785018295244 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/21/2009 5:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/21/2009 5:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 9/21/2009 6:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 120 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/21/2009 6:34:28 PM | Computer Name = PC785018295244 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 9/21/2009 6:56:46 PM | Computer Name = PC785018295244 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0018DE0ECA86 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 9/21/2009 6:57:22 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 9/24/2009 6:48:30 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Server service which failed
to start because of the following error: %%1070

Error - 9/24/2009 6:50:36 PM | Computer Name = PC785018295244 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068


< End of report >
My Signature Response:

#13 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:43 AM

Posted 25 September 2009 - 06:22 PM

You did post this log in the HJT forum, right??

Now that you were successful in creating a log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 JudyLee

JudyLee
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:06:43 AM

Posted 25 September 2009 - 10:25 PM

Umm ... no I didn't.
The last instruction up there said to post it back here...
So I shall move on down the road.
I'll go start a thread on that link now.
I really appreciate your help.
All the best,
Judy
My Signature Response:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users