Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista - No Internet Connection & other problems - Virus??????


  • This topic is locked This topic is locked
9 replies to this topic

#1 HelpVistaVirus

HelpVistaVirus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 17 July 2010 - 10:59 PM

Hi, I'm new to this forum and was wondering if anyone could assist me with some problems that I am experiencing with Windows Vista Ultimate.

The problems are as follows:
1. The computer has lost internet connection (except in Safe Mode) and I am unable to open any internet network options because the computer will freeze.
2. The computer has no firewall (except in Safe Mode), says, "Windows could not start the Windows Firewall service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
3. The computer is unable to uninstall some programs from Add/Remove Programs (doesn't work in Safe Mode either), the Windows Installer will keep saying, "Preparing to remove..." and never progress. When I try to start the service in the services menu it will say, "Windows could not start the Windows Installer service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
4. Windows Live OneCare does not load, just loads and loads... and never starts.
5. Also, Windows Defender won't start even when I try to turn it on, the menu will just freeze, and after awhile an error will appear saying, "Windows Defender encountered an error: 0x800705b4. This operation returned because the timeout period expired."

These are the steps that I have taken so far:
1. Turned on the computer it showed that there was no internet connection.
2. Reset router and restarted the computer, still had no internet connection.
3. Tried to right click on the internet connection icon at the bottom right corner of the screen and was unable to since the computer froze.
4. Opened task manager and ended explorer.exe process, taskbar disappeared.
5. Restarted explorer.exe process and taskbar came back.
6. Tried to access Network from start menu and computer locked up again.
7. Restarted computer.
8. Tried again, computer froze.
9. Restarted about 4 more times with exactly the same results.
10. Entered Safe Mode with Networking, and was able to access internet and all other menus.
11. Restarted computer and started Windows normally and tried to get to internet, but still no access.
12. Tried to access User-Account-Control-protected "Services" button from task manager services tab, but no menu appeared.
13. It turned out that any menu, button, or link, protected by User Account Control could not be accessed.
14. Turned off User Account Control from Safe Mode.
15. Could now access menus, buttons, and links, that used to be protected by User Account Control.
16. Went to "Services" button (from step 12) and discovered that the Windows Firewall service was not started, tried to start manually, but errored out saying, "Windows could not start the Windows Firewall service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
17. Also, Windows Live Onecare will not start, just loads and loads... and never starts. When I tried to start the Windows Live OneCare service manually from the services button on task manager it attempted to start but errored saying, "Windows could not start the Windows Live OneCare service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
18. Also, Windows Defender won't start even when I try to turn it on, the menu will just freeze, and after awhile an error will appear saying, "Windows Defender encountered an error: 0x800705b4. This operation returned because the timeout period expired."
19. Ran Malware Bytes Anti Malware from Safe Mode, found (Adware.TryMedia) and deleted it.
20. Still no internet access from "normal" mode on computer.
21. Tried to run Malware Bytes Anti Malware from "normal" mode on computer, but locked up after 4 seconds.
22. Ran Defogger.exe, worked fine.
23. Attempted to run dds.scr, was unable to get any logs from it. It did not open in a black screen like it is supposed to, instead it opened in Notepad and displayed lots of weird symbols and the only text said, "This program cannot be run in DOS mode."
24. Ran gmer.exe, was able to produce "ark.txt" log.

I've attached the gmer log. It seems like the computer runs OK from Safe Mode, but is extremely crippled when running normally. Have no idea whether this is a virus or not.
I also tried to upgrade the machine from Vista to Windows 7, hoping that maybe that would fix the problem... However, the setup was not able to start... Any help or direction would be appreciated.

Thanks!

Attached Files

  • Attached File  ark.txt   1.09KB   10 downloads


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:39 AM

Posted 25 July 2010 - 08:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 HelpVistaVirus

HelpVistaVirus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 July 2010 - 04:25 PM

OK, I will go ahead and try to get that new log created since I am still experiencing problems with the computer.

Thanks for the reply!

#4 HelpVistaVirus

HelpVistaVirus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 July 2010 - 05:17 PM

Alright, here are the requested logs:

OTL.txt
-----------------------
OTL logfile created on: 7/25/2010 2:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Microsoft\Downloads\Fix Virus Tools
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 16.91 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSFB129
Current User Name: Microsoft
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/25 14:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft\Downloads\Fix Virus Tools\OTL.exe
PRC - [2010/02/05 17:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 20:35:24 | 000,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 18:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/06/27 22:48:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/10 19:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe
PRC - [2008/02/25 16:18:14 | 000,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
PRC - [2007/11/03 02:00:20 | 000,214,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/11/03 02:00:16 | 000,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2007/03/14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/03/14 03:43:42 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
PRC - [2006/05/12 13:33:22 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/04/10 15:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe


========== Modules (SafeList) ==========

MOD - [2010/07/25 14:37:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Microsoft\Downloads\Fix Virus Tools\OTL.exe
MOD - [2006/11/02 02:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006/05/12 13:34:36 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/20 16:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/02/20 16:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/02/13 17:25:55 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/02/05 17:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 17:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2010/01/02 13:02:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/11/12 14:50:18 | 000,220,128 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2009/07/13 14:16:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/10/16 20:35:28 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/07/24 18:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/04/11 21:19:30 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/11/12 17:41:28 | 000,032,736 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/07/15 11:58:04 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/12/13 13:43:09 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/04 17:22:18 | 000,033,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2008/07/24 18:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/20 09:32:40 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2008/05/15 16:15:16 | 000,053,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/04/15 12:25:36 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/06 13:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/12/19 14:38:00 | 004,447,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:55:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2006/11/02 01:55:15 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2006/11/02 01:55:12 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2006/11/02 01:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/05/12 13:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 13:20:04 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/12 13:20:00 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2006/05/12 13:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 13:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 13:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 13:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/12 13:12:48 | 000,044,163 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/04/13 13:34:24 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce™
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/05/14 21:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003/05/14 21:42:28 | 000,023,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmUsbHid.sys -- (WmUsbHid) Logitech WingMan Force (USB)
DRV - [2001/08/17 21:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..\URLSearchHook: {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpor.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SporTV Toolbar) - {a298ed31-d405-40e2-880f-b7511948e582} - C:\Program Files\SporTV\tbSpor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..\Toolbar\WebBrowser: (SporTV Toolbar) - {A298ED31-D405-40E2-880F-B7511948E582} - C:\Program Files\SporTV\tbSpor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..Trusted Domains: egnyte.com ([nickblessing] https in Trusted sites)
O15 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..Trusted Domains: microsoft.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..Trusted Domains: microsoftpsdemos.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2206615330-3397044264-1646540355-1000\..Trusted Domains: mssalesdemos.com ([]http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/a/f...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://mssalesdemos.com/MS/Site02/ICAWEB_c...ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://media.sportys.com/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...045/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{616a8c00-60ae-11dc-945b-0018f3450fd6}\Shell\AutoRun\command - "" = J:\AutoRunPro.exe -- File not found
O33 - MountPoints2\{86d9ccaa-f03a-11db-a5a4-0018f3450fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{86d9ccaa-f03a-11db-a5a4-0018f3450fd6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f22b7d2-81c5-11dd-ad64-0018f3450fd6}\Shell\AutoRun\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{9f22b7d2-81c5-11dd-ad64-0018f3450fd6}\Shell\Flip Video for PC\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{a0544dfd-dd8a-11dc-b740-0018f3450fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{a0544dfd-dd8a-11dc-b740-0018f3450fd6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c4fcdb85-abfe-11dc-a41d-0018f3450fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{c4fcdb85-abfe-11dc-a41d-0018f3450fd6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f2823ff2-12ba-11de-b90e-0018f3450fd6}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{f2823ff5-12ba-11de-b90e-0018f3450fd6}\Shell - "" = AutoRun
O33 - MountPoints2\{f2823ff5-12ba-11de-b90e-0018f3450fd6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRunPro.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRunPro.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\K\Shell\Flip Video for PC\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: OneCareMP - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D428AB4-ED2F-1794-D1FB-74CC67B474C6} -
ActiveX: {33550109-F3B1-D66F-18A7-14CAF01A17D2} - Adobe Shockwave Director 10.4
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3E68C820-250F-DEC0-4642-EEEA6549BCEB} - DirectX
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60C6474F-6F52-23CA-6EB7-0ED113204F24} - Java (Sun)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX: {768414BA-AE78-C678-5930-9866D0864F8E} - Microsoft Windows Media Player 11.0
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {97CD9456-863C-4848-46E3-A6F249DF53D6} - Viewpoint Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F2275118-A455-CA48-6B1E-58A891276FFD} - Java (Sun)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSACM.msrt24 - C:\Windows\System32\msrt24.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsubleepa Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/21 11:16:04 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2010/07/16 22:05:38 | 000,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2010/07/16 22:00:30 | 007,315,936 | ---- | C] (Microsoft Corporation) -- C:\Users\Microsoft\Desktop\Security Essentials.exe
[2010/06/28 21:05:50 | 000,000,000 | --SD | C] -- C:\Users\Microsoft\Documents\My Data Sources
[4 C:\Users\Microsoft\Documents\*.tmp files -> C:\Users\Microsoft\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/25 14:42:24 | 008,650,752 | -HS- | M] () -- C:\Users\Microsoft\NTUSER.DAT
[2010/07/25 14:31:41 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 14:31:41 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/25 14:31:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/25 14:31:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/25 14:31:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/25 14:31:24 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 21:57:41 | 000,218,112 | ---- | M] () -- C:\Users\Microsoft\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 17:54:48 | 000,800,846 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/24 17:54:48 | 000,677,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/24 17:54:48 | 000,124,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/22 15:51:22 | 000,476,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/21 15:55:16 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/07/21 15:55:16 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/07/21 11:04:41 | 000,005,306 | ---- | M] () -- C:\Users\Microsoft\Desktop\Windows Compatibility Report.htm
[2010/07/20 00:30:09 | 000,001,356 | ---- | M] () -- C:\Users\Microsoft\AppData\Local\d3d9caps.dat
[2010/07/17 19:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Microsoft\defogger_reenable
[2010/07/17 18:34:28 | 000,007,828 | ---- | M] () -- C:\Users\Microsoft\ia_remove.sh
[2010/07/16 22:00:43 | 007,315,936 | ---- | M] (Microsoft Corporation) -- C:\Users\Microsoft\Desktop\Security Essentials.exe
[2010/07/15 20:02:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/08 07:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/08 00:12:22 | 000,013,939 | ---- | M] () -- C:\Users\Microsoft\Documents\Airline.docx
[2010/07/07 16:27:25 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F3CCB872-9E17-4B4C-9E81-961B0029473B}.job
[2010/07/07 15:55:46 | 000,073,426 | ---- | M] () -- C:\Users\Microsoft\Documents\Leap & Friends Top 5 Videos.pptx
[2010/07/07 15:15:52 | 000,870,128 | ---- | M] () -- C:\Windows\System32\mcs.rma
[2010/07/07 15:15:52 | 000,000,004 | ---- | M] () -- C:\Windows\System32\743A4E
[2010/07/06 15:28:21 | 000,010,757 | ---- | M] () -- C:\Users\Microsoft\Documents\Dear Mrs Justiniano Academic Reference.docx
[2010/07/06 15:14:19 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010/07/05 20:06:20 | 000,008,912 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,145.sfk
[2010/07/05 20:06:20 | 000,007,240 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,153.sfk
[2010/07/05 20:06:20 | 000,006,776 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,150.sfk
[2010/07/05 20:06:20 | 000,006,304 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,147.sfk
[2010/07/05 20:06:20 | 000,006,248 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,146.sfk
[2010/07/05 20:06:20 | 000,005,408 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,149.sfk
[2010/07/05 20:06:20 | 000,004,896 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,154.sfk
[2010/07/05 20:06:20 | 000,004,416 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,151.sfk
[2010/07/05 20:06:20 | 000,003,928 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,152.sfk
[2010/07/05 20:06:20 | 000,003,456 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,155.sfk
[2010/07/05 20:06:20 | 000,002,632 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,148.sfk
[2010/07/05 20:06:20 | 000,002,272 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,156.sfk
[2010/07/05 19:19:24 | 000,282,618 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,156.wav
[2010/07/05 19:19:00 | 000,433,794 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,155.wav
[2010/07/05 19:18:12 | 000,618,930 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,154.wav
[2010/07/05 19:17:08 | 000,918,322 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,153.wav
[2010/07/05 19:16:24 | 000,495,090 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,152.wav
[2010/07/05 19:15:48 | 000,557,202 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,151.wav
[2010/07/05 19:14:32 | 000,859,486 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,150.wav
[2010/07/05 19:13:44 | 000,684,098 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,149.wav
[2010/07/05 19:13:33 | 000,329,234 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,148.wav
[2010/07/05 19:12:39 | 000,798,834 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,147.wav
[2010/07/05 19:12:27 | 000,792,010 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,146.wav
[2010/07/05 19:10:21 | 001,132,838 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,145.wav
[2010/07/05 17:41:10 | 000,005,976 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,144.sfk
[2010/07/05 17:41:10 | 000,004,776 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,141.sfk
[2010/07/05 17:41:10 | 000,003,376 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,143.sfk
[2010/07/05 17:41:10 | 000,003,208 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,142.sfk
[2010/07/05 17:41:10 | 000,003,136 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,140.sfk
[2010/07/05 17:40:17 | 000,756,898 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,144.wav
[2010/07/05 17:38:00 | 000,424,078 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,143.wav
[2010/07/05 17:36:45 | 000,402,790 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,142.wav
[2010/07/05 17:35:32 | 000,603,050 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,141.wav
[2010/07/05 17:32:58 | 000,393,686 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,140.wav
[2010/07/05 17:08:17 | 000,011,784 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,139.sfk
[2010/07/05 17:08:17 | 000,001,416 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,138.sfk
[2010/07/05 17:03:24 | 001,499,834 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,139.wav
[2010/07/05 17:02:14 | 000,173,326 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,138.wav
[2010/07/02 21:31:26 | 000,008,160 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,136.sfk
[2010/07/02 21:31:26 | 000,007,440 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,134.sfk
[2010/07/02 21:31:26 | 000,004,792 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,137.sfk
[2010/07/02 21:31:26 | 000,004,208 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,135.sfk
[2010/07/02 20:56:18 | 000,605,594 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,137.wav
[2010/07/02 20:55:15 | 001,035,894 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,136.wav
[2010/07/02 20:54:39 | 000,530,770 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,135.wav
[2010/07/02 20:53:40 | 000,944,242 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,134.wav
[2010/07/02 20:32:34 | 000,000,856 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,133.sfk
[2010/07/02 20:31:21 | 000,101,418 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,133.wav
[2010/07/01 20:59:56 | 000,017,104 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,132.sfk
[2010/07/01 20:58:20 | 002,180,874 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,132.wav
[2010/07/01 19:48:20 | 000,010,344 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,131.sfk
[2010/07/01 19:48:20 | 000,007,616 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,128.sfk
[2010/07/01 19:48:20 | 000,006,592 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,130.sfk
[2010/07/01 19:48:20 | 000,002,864 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,129.sfk
[2010/07/01 19:46:41 | 001,315,634 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,131.wav
[2010/07/01 19:46:07 | 000,835,202 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,130.wav
[2010/07/01 19:45:36 | 000,358,142 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,129.wav
[2010/07/01 19:42:48 | 000,966,466 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,128.wav
[2010/07/01 17:18:15 | 000,001,824 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,126.sfk
[2010/07/01 17:18:15 | 000,001,328 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,127.sfk
[2010/07/01 17:17:48 | 000,161,510 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,127.wav
[2010/07/01 17:17:26 | 000,225,682 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,126.wav
[2010/06/30 17:13:02 | 000,008,448 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,117.sfk
[2010/06/30 17:13:02 | 000,008,280 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,123.sfk
[2010/06/30 17:13:02 | 000,007,688 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,125.sfk
[2010/06/30 17:13:02 | 000,006,032 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,121.sfk
[2010/06/30 17:13:02 | 000,005,256 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,124.sfk
[2010/06/30 17:13:02 | 000,005,080 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,119.sfk
[2010/06/30 17:13:02 | 000,004,856 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,115.sfk
[2010/06/30 17:13:02 | 000,004,736 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,118.sfk
[2010/06/30 17:13:02 | 000,004,096 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,120.sfk
[2010/06/30 17:13:02 | 000,003,328 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,122.sfk
[2010/06/30 17:13:02 | 000,002,928 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,116.sfk
[2010/06/30 17:07:43 | 000,975,994 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,125.wav
[2010/06/30 17:07:26 | 000,664,378 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,124.wav
[2010/06/30 17:07:07 | 001,051,254 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,123.wav
[2010/06/30 17:06:35 | 000,417,738 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,122.wav
[2010/06/30 17:06:28 | 000,764,198 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,121.wav
[2010/06/30 17:06:05 | 000,516,546 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,120.wav
[2010/06/30 17:05:46 | 000,642,330 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,119.wav
[2010/06/30 17:05:24 | 000,598,178 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,118.wav
[2010/06/30 17:04:45 | 001,072,938 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,117.wav
[2010/06/30 17:03:53 | 000,366,878 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,116.wav
[2010/06/30 17:03:46 | 000,613,602 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,115.wav
[2010/06/30 16:07:08 | 000,028,602 | ---- | M] () -- C:\Users\Microsoft\Documents\Caleb Politician 6-17-10.docx
[2010/06/30 14:15:19 | 000,062,168 | ---- | M] () -- C:\Users\Microsoft\Documents\Mario's Wild Weather World Logo 1.pptx
[2010/06/29 20:01:35 | 000,011,024 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,114.sfk
[2010/06/29 19:09:37 | 001,403,042 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,114.wav
[2010/06/29 17:59:54 | 000,003,736 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,113.sfk
[2010/06/29 17:59:54 | 000,003,664 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,112.sfk
[2010/06/29 17:31:12 | 000,469,942 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,113.wav
[2010/06/29 17:28:38 | 000,461,254 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,112.wav
[2010/06/29 15:43:01 | 000,012,040 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 128.sfk
[2010/06/29 15:43:01 | 000,011,688 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 127.sfk
[2010/06/29 14:54:45 | 001,532,994 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 128.wav
[2010/06/29 14:52:37 | 001,487,802 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 127.wav
[2010/06/29 14:52:05 | 000,012,296 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 126.sfk
[2010/06/29 14:51:50 | 001,565,430 | ---- | M] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 126.wav
[2010/06/28 21:30:20 | 000,018,554 | ---- | M] () -- C:\Users\Microsoft\Documents\Financial Log Income Statement Revised.xlsx
[2010/06/28 17:49:38 | 000,002,616 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,111.sfk
[2010/06/28 17:48:05 | 000,327,086 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,111.wav
[2010/06/27 18:13:31 | 000,005,464 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,110.sfk
[2010/06/27 18:13:31 | 000,004,720 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,109.sfk
[2010/06/27 18:13:31 | 000,004,544 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,108.sfk
[2010/06/27 18:13:31 | 000,003,000 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,107.sfk
[2010/06/27 18:13:31 | 000,002,376 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,106.sfk
[2010/06/27 17:40:53 | 000,691,218 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,110.wav
[2010/06/27 17:40:37 | 000,596,386 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,109.wav
[2010/06/27 17:40:29 | 000,573,798 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,108.wav
[2010/06/27 17:39:07 | 000,375,998 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,107.wav
[2010/06/27 17:36:46 | 000,296,362 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,106.wav
[2010/06/27 16:06:46 | 000,007,680 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,097.sfk
[2010/06/27 16:06:46 | 000,006,432 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,102.sfk
[2010/06/27 16:06:46 | 000,005,856 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,096.sfk
[2010/06/27 16:06:46 | 000,004,744 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,099.sfk
[2010/06/27 16:06:46 | 000,004,368 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,104.sfk
[2010/06/27 16:06:46 | 000,004,320 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,101.sfk
[2010/06/27 16:06:46 | 000,003,984 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,100.sfk
[2010/06/27 16:06:46 | 000,003,560 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,098.sfk
[2010/06/27 16:06:46 | 000,002,424 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,105.sfk
[2010/06/27 16:06:46 | 000,001,848 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,103.sfk
[2010/06/27 15:37:57 | 000,302,658 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,105.wav
[2010/06/27 15:35:38 | 000,551,022 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,104.wav
[2010/06/27 15:35:14 | 000,228,022 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,103.wav
[2010/06/27 15:35:07 | 000,815,546 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,102.wav
[2010/06/27 15:34:24 | 000,544,834 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,101.wav
[2010/06/27 15:33:50 | 000,502,086 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,100.wav
[2010/06/27 15:33:18 | 000,598,802 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,099.wav
[2010/06/27 15:32:58 | 000,447,934 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,098.wav
[2010/06/27 15:31:11 | 000,974,786 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,097.wav
[2010/06/27 15:27:40 | 000,741,226 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,096.wav
[2010/06/26 19:18:22 | 000,006,576 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,095.sfk
[2010/06/26 18:57:46 | 000,833,906 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,095.wav
[2010/06/25 20:17:05 | 000,009,008 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,094.sfk
[2010/06/25 20:17:05 | 000,007,408 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,092.sfk
[2010/06/25 20:17:05 | 000,006,704 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,090.sfk
[2010/06/25 20:17:05 | 000,003,128 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,091.sfk
[2010/06/25 20:17:05 | 000,002,256 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,093.sfk
[2010/06/25 18:32:51 | 001,145,242 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,094.wav
[2010/06/25 18:32:27 | 000,280,414 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,093.wav
[2010/06/25 18:32:09 | 000,939,838 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,092.wav
[2010/06/25 18:31:48 | 000,392,094 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,091.wav
[2010/06/25 18:31:28 | 000,849,678 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,090.wav
[2010/06/25 18:23:00 | 000,008,928 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,088.sfk
[2010/06/25 18:23:00 | 000,006,560 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,087.sfk
[2010/06/25 18:23:00 | 000,005,168 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,089.sfk
[2010/06/25 18:22:51 | 000,653,210 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,089.wav
[2010/06/25 18:22:30 | 001,134,498 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,088.wav
[2010/06/25 18:21:56 | 000,831,750 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,087.wav
[2010/06/25 18:12:52 | 000,004,376 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,085.sfk
[2010/06/25 18:12:52 | 000,004,288 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,084.sfk
[2010/06/25 18:12:52 | 000,003,760 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,083.sfk
[2010/06/25 18:12:52 | 000,003,408 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,082.sfk
[2010/06/25 18:12:52 | 000,002,216 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,086.sfk
[2010/06/25 18:11:35 | 000,275,114 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,086.wav
[2010/06/25 18:11:24 | 000,551,874 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,085.wav
[2010/06/25 18:11:16 | 000,540,962 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,084.wav
[2010/06/25 18:10:58 | 000,473,410 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,083.wav
[2010/06/25 18:10:42 | 000,428,606 | ---- | M] () -- C:\Users\Microsoft\Documents\Voice Recording 2,082.wav
[4 C:\Users\Microsoft\Documents\*.tmp files -> C:\Users\Microsoft\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/25 14:31:24 | 2145,968,128 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 11:04:41 | 000,005,306 | ---- | C] () -- C:\Users\Microsoft\Desktop\Windows Compatibility Report.htm
[2010/07/17 19:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Microsoft\defogger_reenable
[2010/07/17 18:34:28 | 000,007,828 | ---- | C] () -- C:\Users\Microsoft\ia_remove.sh
[2010/07/17 17:11:24 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/07/17 17:11:24 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/07/08 00:12:21 | 000,013,939 | ---- | C] () -- C:\Users\Microsoft\Documents\Airline.docx
[2010/07/06 15:28:20 | 000,010,757 | ---- | C] () -- C:\Users\Microsoft\Documents\Dear Mrs Justiniano Academic Reference.docx
[2010/07/05 19:19:24 | 000,002,272 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,156.sfk
[2010/07/05 19:19:00 | 000,282,618 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,156.wav
[2010/07/05 19:19:00 | 000,003,456 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,155.sfk
[2010/07/05 19:18:12 | 000,433,794 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,155.wav
[2010/07/05 19:18:12 | 000,004,896 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,154.sfk
[2010/07/05 19:17:08 | 000,618,930 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,154.wav
[2010/07/05 19:17:08 | 000,007,240 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,153.sfk
[2010/07/05 19:16:24 | 000,918,322 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,153.wav
[2010/07/05 19:16:24 | 000,003,928 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,152.sfk
[2010/07/05 19:15:48 | 000,495,090 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,152.wav
[2010/07/05 19:15:48 | 000,004,416 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,151.sfk
[2010/07/05 19:14:32 | 000,557,202 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,151.wav
[2010/07/05 19:14:32 | 000,006,776 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,150.sfk
[2010/07/05 19:13:44 | 000,859,486 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,150.wav
[2010/07/05 19:13:44 | 000,005,408 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,149.sfk
[2010/07/05 19:13:33 | 000,684,098 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,149.wav
[2010/07/05 19:13:33 | 000,002,632 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,148.sfk
[2010/07/05 19:12:39 | 000,329,234 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,148.wav
[2010/07/05 19:12:39 | 000,006,304 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,147.sfk
[2010/07/05 19:12:27 | 000,798,834 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,147.wav
[2010/07/05 19:12:27 | 000,006,248 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,146.sfk
[2010/07/05 19:11:38 | 000,792,010 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,146.wav
[2010/07/05 19:10:21 | 000,008,912 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,145.sfk
[2010/07/05 19:10:10 | 001,132,838 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,145.wav
[2010/07/05 17:40:17 | 000,005,976 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,144.sfk
[2010/07/05 17:40:08 | 000,756,898 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,144.wav
[2010/07/05 17:38:00 | 000,003,376 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,143.sfk
[2010/07/05 17:37:55 | 000,424,078 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,143.wav
[2010/07/05 17:36:46 | 000,003,208 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,142.sfk
[2010/07/05 17:36:39 | 000,402,790 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,142.wav
[2010/07/05 17:35:32 | 000,004,776 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,141.sfk
[2010/07/05 17:35:12 | 000,603,050 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,141.wav
[2010/07/05 17:32:58 | 000,003,136 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,140.sfk
[2010/07/05 17:32:52 | 000,393,686 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,140.wav
[2010/07/05 17:03:24 | 000,011,784 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,139.sfk
[2010/07/05 17:03:12 | 001,499,834 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,139.wav
[2010/07/05 17:02:14 | 000,001,416 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,138.sfk
[2010/07/05 17:02:08 | 000,173,326 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,138.wav
[2010/07/02 20:56:18 | 000,004,792 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,137.sfk
[2010/07/02 20:56:11 | 000,605,594 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,137.wav
[2010/07/02 20:55:15 | 000,008,160 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,136.sfk
[2010/07/02 20:54:39 | 001,035,894 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,136.wav
[2010/07/02 20:54:39 | 000,004,208 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,135.sfk
[2010/07/02 20:54:33 | 000,530,770 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,135.wav
[2010/07/02 20:53:40 | 000,007,440 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,134.sfk
[2010/07/02 20:53:28 | 000,944,242 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,134.wav
[2010/07/02 20:31:21 | 000,000,856 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,133.sfk
[2010/07/02 20:31:16 | 000,101,418 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,133.wav
[2010/07/01 20:58:21 | 000,017,104 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,132.sfk
[2010/07/01 20:58:04 | 002,180,874 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,132.wav
[2010/07/01 19:46:41 | 000,010,344 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,131.sfk
[2010/07/01 19:46:07 | 001,315,634 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,131.wav
[2010/07/01 19:46:07 | 000,006,592 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,130.sfk
[2010/07/01 19:45:37 | 000,002,864 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,129.sfk
[2010/07/01 19:45:36 | 000,835,202 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,130.wav
[2010/07/01 19:45:20 | 000,358,142 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,129.wav
[2010/07/01 19:42:48 | 000,007,616 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,128.sfk
[2010/07/01 19:42:38 | 000,966,466 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,128.wav
[2010/07/01 17:17:48 | 000,001,328 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,127.sfk
[2010/07/01 17:17:26 | 000,161,510 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,127.wav
[2010/07/01 17:17:26 | 000,001,824 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,126.sfk
[2010/07/01 17:17:19 | 000,225,682 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,126.wav
[2010/06/30 17:07:43 | 000,007,688 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,125.sfk
[2010/06/30 17:07:26 | 000,975,994 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,125.wav
[2010/06/30 17:07:26 | 000,005,256 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,124.sfk
[2010/06/30 17:07:07 | 000,664,378 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,124.wav
[2010/06/30 17:07:07 | 000,008,280 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,123.sfk
[2010/06/30 17:06:35 | 001,051,254 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,123.wav
[2010/06/30 17:06:35 | 000,003,328 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,122.sfk
[2010/06/30 17:06:28 | 000,417,738 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,122.wav
[2010/06/30 17:06:28 | 000,006,032 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,121.sfk
[2010/06/30 17:06:05 | 000,764,198 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,121.wav
[2010/06/30 17:06:05 | 000,004,096 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,120.sfk
[2010/06/30 17:05:46 | 000,516,546 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,120.wav
[2010/06/30 17:05:46 | 000,005,080 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,119.sfk
[2010/06/30 17:05:24 | 000,642,330 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,119.wav
[2010/06/30 17:05:24 | 000,004,736 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,118.sfk
[2010/06/30 17:04:45 | 000,598,178 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,118.wav
[2010/06/30 17:04:45 | 000,008,448 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,117.sfk
[2010/06/30 17:03:53 | 001,072,938 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,117.wav
[2010/06/30 17:03:53 | 000,002,928 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,116.sfk
[2010/06/30 17:03:46 | 000,366,878 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,116.wav
[2010/06/30 17:03:46 | 000,004,856 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,115.sfk
[2010/06/30 17:03:35 | 000,613,602 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,115.wav
[2010/06/30 12:48:30 | 000,062,168 | ---- | C] () -- C:\Users\Microsoft\Documents\Mario's Wild Weather World Logo 1.pptx
[2010/06/29 19:09:37 | 000,011,024 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,114.sfk
[2010/06/29 19:09:21 | 001,403,042 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,114.wav
[2010/06/29 17:31:12 | 000,003,736 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,113.sfk
[2010/06/29 17:31:06 | 000,469,942 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,113.wav
[2010/06/29 17:28:38 | 000,003,664 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,112.sfk
[2010/06/29 17:28:32 | 000,461,254 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,112.wav
[2010/06/29 14:54:45 | 000,012,040 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 128.sfk
[2010/06/29 14:52:37 | 001,532,994 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 128.wav
[2010/06/29 14:52:37 | 000,011,688 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 127.sfk
[2010/06/29 14:52:22 | 001,487,802 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 127.wav
[2010/06/29 14:51:50 | 000,012,296 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 126.sfk
[2010/06/29 14:51:25 | 001,565,430 | ---- | C] () -- C:\Users\Microsoft\Documents\Sound Effects Recording 126.wav
[2010/06/28 17:48:05 | 000,002,616 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,111.sfk
[2010/06/28 17:48:00 | 000,327,086 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,111.wav
[2010/06/27 17:40:53 | 000,005,464 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,110.sfk
[2010/06/27 17:40:37 | 000,691,218 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,110.wav
[2010/06/27 17:40:37 | 000,004,720 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,109.sfk
[2010/06/27 17:40:29 | 000,596,386 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,109.wav
[2010/06/27 17:40:29 | 000,004,544 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,108.sfk
[2010/06/27 17:40:20 | 000,573,798 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,108.wav
[2010/06/27 17:39:07 | 000,003,000 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,107.sfk
[2010/06/27 17:39:02 | 000,375,998 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,107.wav
[2010/06/27 17:36:46 | 000,002,376 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,106.sfk
[2010/06/27 17:36:40 | 000,296,362 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,106.wav
[2010/06/27 15:37:57 | 000,002,424 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,105.sfk
[2010/06/27 15:37:51 | 000,302,658 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,105.wav
[2010/06/27 15:35:38 | 000,004,368 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,104.sfk
[2010/06/27 15:35:15 | 000,551,022 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,104.wav
[2010/06/27 15:35:15 | 000,001,848 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,103.sfk
[2010/06/27 15:35:07 | 000,228,022 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,103.wav
[2010/06/27 15:35:07 | 000,006,432 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,102.sfk
[2010/06/27 15:34:24 | 000,815,546 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,102.wav
[2010/06/27 15:34:24 | 000,004,320 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,101.sfk
[2010/06/27 15:33:50 | 000,544,834 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,101.wav
[2010/06/27 15:33:50 | 000,003,984 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,100.sfk
[2010/06/27 15:33:18 | 000,502,086 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,100.wav
[2010/06/27 15:33:18 | 000,004,744 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,099.sfk
[2010/06/27 15:32:59 | 000,598,802 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,099.wav
[2010/06/27 15:32:59 | 000,003,560 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,098.sfk
[2010/06/27 15:32:43 | 000,447,934 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,098.wav
[2010/06/27 15:31:11 | 000,007,680 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,097.sfk
[2010/06/27 15:30:34 | 000,974,786 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,097.wav
[2010/06/27 15:27:40 | 000,005,856 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,096.sfk
[2010/06/27 15:27:30 | 000,741,226 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,096.wav
[2010/06/26 18:57:46 | 000,006,576 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,095.sfk
[2010/06/26 18:57:28 | 000,833,906 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,095.wav
[2010/06/25 18:32:52 | 000,009,008 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,094.sfk
[2010/06/25 18:32:27 | 001,145,242 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,094.wav
[2010/06/25 18:32:27 | 000,002,256 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,093.sfk
[2010/06/25 18:32:09 | 000,280,414 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,093.wav
[2010/06/25 18:32:09 | 000,007,408 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,092.sfk
[2010/06/25 18:31:48 | 000,939,838 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,092.wav
[2010/06/25 18:31:48 | 000,003,128 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,091.sfk
[2010/06/25 18:31:29 | 000,392,094 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,091.wav
[2010/06/25 18:31:29 | 000,006,704 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,090.sfk
[2010/06/25 18:31:14 | 000,849,678 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,090.wav
[2010/06/25 18:22:51 | 000,005,168 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,089.sfk
[2010/06/25 18:22:30 | 000,653,210 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,089.wav
[2010/06/25 18:22:30 | 000,008,928 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,088.sfk
[2010/06/25 18:21:56 | 001,134,498 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,088.wav
[2010/06/25 18:21:56 | 000,006,560 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,087.sfk
[2010/06/25 18:21:45 | 000,831,750 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,087.wav
[2010/06/25 18:11:35 | 000,002,216 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,086.sfk
[2010/06/25 18:11:24 | 000,275,114 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,086.wav
[2010/06/25 18:11:24 | 000,004,376 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,085.sfk
[2010/06/25 18:11:16 | 000,551,874 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,085.wav
[2010/06/25 18:11:16 | 000,004,288 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,084.sfk
[2010/06/25 18:10:58 | 000,540,962 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,084.wav
[2010/06/25 18:10:58 | 000,003,760 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,083.sfk
[2010/06/25 18:10:42 | 000,473,410 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,083.wav
[2010/06/25 18:10:42 | 000,003,408 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,082.sfk
[2010/06/25 18:10:00 | 000,428,606 | ---- | C] () -- C:\Users\Microsoft\Documents\Voice Recording 2,082.wav
[2010/04/01 16:57:20 | 000,000,711 | ---- | C] () -- C:\Windows\disney.ini
[2010/01/02 13:01:45 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/01/02 13:01:45 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/01/01 16:04:09 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2009/10/16 07:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/08/03 18:25:11 | 000,000,037 | ---- | C] () -- C:\Windows\QTW.INI
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/24 15:45:40 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2008/11/13 07:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008/09/02 17:16:47 | 000,000,276 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/07/13 17:33:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll
[2008/07/13 17:33:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\DetectDxQT.dll
[2008/07/13 15:56:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/07/13 15:56:06 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/02/21 11:05:28 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SLOggSpeexDS.dll
[2008/02/21 11:05:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\OggSpeex.dll
[2007/12/04 06:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007/11/03 06:09:46 | 000,148,480 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2007/07/25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/07/09 19:26:07 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/06/25 17:06:53 | 000,003,941 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007/06/07 06:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2007/04/15 12:24:47 | 000,000,255 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/03/04 12:19:42 | 000,013,396 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2007/01/24 13:07:52 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2006/11/02 05:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/21 15:50:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwXDS.dll
[2006/05/12 13:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2006/02/26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005/03/08 07:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll
[1997/06/13 17:56:08 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 00:24:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/02/13 00:24:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 00:24:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 00:24:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 00:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_bd7fd3de\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 02:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/07/11 11:26:38 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9F5DDD64
@Alternate Data Stream - 64 bytes -> C:\Users\Microsoft\Documents\Nature_KCET_25_02_2007_11_23_13.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Microsoft\Documents\clip0001.avi:TOC.WMV
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:5A823589
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9E985157
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF
< End of report >
---------------------------------------------------







Extras.txt:
---------------------------------------------------
OTL Extras logfile created on: 7/25/2010 2:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Microsoft\Downloads\Fix Virus Tools
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 16.91 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSFB129
Current User Name: Microsoft
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A7F19B-02B6-4854-AF84-B384641D7DCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{09BE3491-EAAB-4925-83E0-18E96BF35D28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{186FD606-9E77-48FB-B998-736A1AE4F883}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33CBE982-4F98-4284-AF04-1C32BF68F743}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{33F76FBB-9B4B-43CE-B647-6F7E871D7C74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{365D57C1-94A8-4219-A9B8-8639BCA1203B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{452049EE-0FC1-4045-81E2-CDA830072D6E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{6458096A-B357-4F90-BA57-7183BE9B8D08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BC32CC8-04DE-4E0F-9084-3A32863A60DB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{73CC0A9F-7497-4AD9-88A9-E160A39AEF8F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74101938-13E5-452F-883F-1CAAF92B5930}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{A13C6087-F5B9-408B-8B2C-98E8CAB615CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B754DB6F-177B-434D-8864-6D82D94668FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C7A85BB5-A4E9-49E1-84B9-4C177A690246}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D78ACE73-0002-4F6B-94C8-3E5E26E3C9F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDB9923E-DE41-4812-B43B-BB99298C6B3B}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02602210-CF2A-4A2E-8AEA-1808F78EA937}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{2C69C269-5F29-46BE-A465-02BEF5D19F41}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{2F6C84EE-0643-45A3-9D63-6B9A713D1196}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31BA0FD2-E3F7-463E-B307-5B3CB012CDCE}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{35740A8C-1F42-4588-BF6E-A93F2B3EE6BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3864F218-F3B9-4FE6-8419-63F1577354BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{39B11BF5-DC28-4BF6-96AA-9CBD46ECAE89}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B201879-3EA5-4728-AC28-1F3640906A7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54EFE7D2-3152-4705-A07E-3FA2120BC7A3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6A4BC3EE-C2BF-44DD-A035-AB35F3DDA1E5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{731886B6-28DB-43B8-A5D8-BF5F619005F2}" = protocol=6 | dir=out | app=system |
"{75BF35D2-3020-4CDD-A4C7-2867A0E672B5}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{767C485B-8315-47C7-B12A-9FEFA5DCA7C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D3A6F58-DBF3-460D-B027-95790AFB3C2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{805D8D0C-6AB4-4468-8A45-01B9B76B61E7}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{8527963E-84D8-49AE-80AB-54FF4357891E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86447EFC-C640-4A15-AAC1-78764962BF17}" = protocol=6 | dir=in | app=c:\windows\temp\~ose56c.tmp\rlvknlg.exe |
"{8654566B-3212-4205-A242-5A91401B2720}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{8B793C2E-E8DF-44FC-B968-0A72F9DA2FA5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8D7474EA-F3A8-4E5F-B755-48B5D8F91AB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{996D45DF-870D-42A1-96DB-8A858A39BE26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0B774A5-A29E-4AF8-A4A8-33A24728860E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A37A394C-00FC-412A-98E5-F14943A6F785}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFAAB8F-D76A-4EFF-BDFA-715B9498A58E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BD711A15-01F1-47A7-B411-DB124A21EB98}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C25F9629-5F0A-4602-9BD5-29B979C66515}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3309B13-ED94-491A-B48F-53E7DAE6D610}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3A451C3-9618-4059-8D23-A59691AE8788}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D781619D-8254-4262-9160-D411C0C3770D}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{DC71EB85-93ED-4A9D-8FB4-3D607320121A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DFDE4AC7-B3C4-477E-8BA5-E4F185979B56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F270CA0F-0F8B-4249-A109-D2F57272A2D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F99ED466-98A0-4AE8-B71B-8386DA391649}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FC6DAD00-2C9F-484E-96DF-D915C6B813D1}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"TCP Query User{08428D7F-00BF-44D9-A1C3-37F06F4B044C}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{1F580E1E-CE3E-49C6-967A-8AF6AE88AA2E}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{4CFAC178-C0FC-463B-BD24-34787434259B}C:\program files\global star software\airport tycoon 3\at3.exe" = protocol=6 | dir=in | app=c:\program files\global star software\airport tycoon 3\at3.exe |
"TCP Query User{55CDC1CD-A525-47B9-BD7B-1C48AF4405D1}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{62C5DC2D-FFC6-4D71-A8B2-D09E0381E0D9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{733A4AA4-800B-47FE-AD2A-B2936786BD43}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9DB588DF-CD02-4032-B85F-0368B5ACC816}C:\program files\microsoft games\monster truck madness\monster.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\monster truck madness\monster.exe |
"TCP Query User{9F14749C-6109-4312-88FF-47DA5262C6EB}C:\program files\global star software\jetfighter v\game.exe" = protocol=6 | dir=in | app=c:\program files\global star software\jetfighter v\game.exe |
"TCP Query User{B7B99FE3-5B73-48B3-91D3-63C631C4A906}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"TCP Query User{B98B5621-E16A-45D6-BA14-F0D8E09BAD56}C:\program files\globalstar software\airport tycoon 2\airport tycoon ii.exe" = protocol=6 | dir=in | app=c:\program files\globalstar software\airport tycoon 2\airport tycoon ii.exe |
"TCP Query User{E89456C8-FB9F-49E7-A101-BFF62D01BDE9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1A276F1C-0E25-4211-A6BF-9BDAB384BF5F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{1A2EE5E7-6064-4303-8BA0-33345BEB9FCA}C:\program files\globalstar software\airport tycoon 2\airport tycoon ii.exe" = protocol=17 | dir=in | app=c:\program files\globalstar software\airport tycoon 2\airport tycoon ii.exe |
"UDP Query User{2C45AF6F-2A00-4B92-8414-382A005EAFEB}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{5F4EAE80-D554-4C7A-B76A-AD3EF308BDB8}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{69B18A86-10FF-44DF-94C1-F819AD423632}C:\program files\global star software\airport tycoon 3\at3.exe" = protocol=17 | dir=in | app=c:\program files\global star software\airport tycoon 3\at3.exe |
"UDP Query User{A67BCB23-9595-4B3D-82A1-8B840C4C2E66}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"UDP Query User{B7D3F8B8-3A3A-4531-9C26-1EA70004DBED}C:\program files\global star software\jetfighter v\game.exe" = protocol=17 | dir=in | app=c:\program files\global star software\jetfighter v\game.exe |
"UDP Query User{C0BA3BF2-FA90-424A-A371-CDFD972D96BF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{CDABEA6D-1B6C-4DEA-AB51-7ABD50682BE8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DA6272E2-8703-4788-BBEE-74527DB002A5}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{EE54C98A-388F-47AF-BEED-018CFED1B5F9}C:\program files\microsoft games\monster truck madness\monster.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\monster truck madness\monster.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09CCE851-DBFE-4F23-AB38-4BE16DDDF426}" = The Cube Doctor Demo
"{0D2A2752-D71B-4451-A286-85A4CDEA3A85}" = Gold Medal Math
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D2BD4AC-F066-4634-B63C-C8631FEF5C9C}" = Dance Praise Contemporary Hits Pop/Alternative/Rock
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{36CAA957-D5F0-4A76-830D-9C09A2662F6F}" = SLC Reading Assistant v4.1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{371EBC04-8CED-4AEB-96F6-8184EAF340BC}" = Network Magic
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{42A9C870-5845-4878-9AA5-9E33E403DF88}" = REA's TESTware for the CLEP General Subject Exams
"{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}" = Jetfighter V Homeland Protector
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.30
"{5783F2D7-7009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2009 - English
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}" = Sorenson Squeeze 5.0
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6F53F4C6-16FA-479A-B911-465B0BE987AA}" = REA's TESTware for the PSAT
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7AD231DD-F26A-4E4E-BD47-E52AB22C0894}" = Dance Praise 2 -the ReMix
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{7EEA397D-3E3D-4C60-8585-DC897C8D36E0}" = RealFlight G4 Demo
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{84359478-0A6D-11DE-A363-BA3056D89593}" = Rosetta Stone Version 3
"{86FE411B-172B-404B-9679-3B9E73E47607}" = Microsoft Flight Simulator X SDK SP1A
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DA027E7-869A-DE15-0225-10AA6077E16D}" = Mario Kart Widget
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesignerR_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesignerR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesignerR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesignerR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesignerR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesignerR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0017-0000-0000-0000000FF1CE}_SharePointDesignerR_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9877BCD9-6698-4951-AE19-D5F398D83D5A}" = Dassault Systemes Software Prerequisites x86
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1390A07-A917-4E05-8CB4-70FF109E03A5}" = Toon Boom Studio 4.0 Trial
"{A202BDBA-753F-41B9-B649-CFB0B45FC03E}" = Star Wars Galactic Battlegrounds
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B7DE81A4-71D5-4F22-9D72-84AC8A266F43}" = Sony Vegas Movie Studio 6.0
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.30
"{D12489D8-FEFA-4398-818A-C3F9C51D8932}" = TeachTown
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55250B8-D012-47A3-97E2-99FFBD0D3AD3}" = Just Flight - FS Insider C152
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78DAA24-38F8-4D35-B732-B18ABA0424DF}" = Microsoft Office Live Image Uploader
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB85CC54-5E9A-4D33-B319-593B82291ABC}" = Macrium Reflect - Free Edition
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FBE9048D-F0A0-4746-A559-381B554611DC}" = Virtual Earth - 3DVIA (Beta)
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FC4A9700-50F9-4EDF-8C30-32F887AFC1F5}" = Microsoft Expression Blend 2 December Preview
"{FD523531-7EA3-4F11-948C-C5F4B734FDB2}" = FSX Bonus Multiplayer Racing Missions
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFA2B2B6-3BDE-4728-B404-A16E0F853F6A}" = Microsoft Office Live Meeting 2005
"2004_Boeing_PxN" = 2004_Boeing_PxN Screen Saver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"afx" = AFX
"afxdemo" = AFX Demo
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Algodoo_is1" = Algodoo v1.7.1
"aopa_177" = AOPA 177 Cardinal for FSX
"Applian FLV Player2.0.23" = Applian FLV Player
"AudioCS" = Creative Audio Control Panel
"AutoCAD LT 2009 - English" = AutoCAD LT 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Caesar 3" = Caesar 3
"CamStudio" = CamStudio
"Candy Land - Dora the Explorer Edition" = Candy Land - Dora the Explorer Edition
"CaptureWiz" = CaptureWizPro 4.10
"Cars - Radiator Springs Adventures" = Cars - Radiator Springs Adventures
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"com.mariokart.MarioKartWidget.2D2C34B6007093AC4AD53AA62F0C6C15D6F8E999.1" = Mario Kart Widget
"CRASH" = Hot Wheels Crash
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DancePraise_is1" = Dance Praise
"Daniusoft Media Converter Pro_is1" = Daniusoft Media Converter Pro(Build 2.4.1.0)
"DHTML Menu Add-in for Expression Web_is1" = DHTML Menu Add-in for Expression Web
"DHTML Menu Extension for GoLive_is1" = DHTML Menu Extension for GoLive
"Digital Media Converter_is1" = Digital Media Converter 2.75
"ENTERPRISE" = Microsoft Office Enterprise 2007
"exPressit S.E. 2.1" = exPressit S.E. 2.1
"ffdshow_is1" = ffdshow [rev 1763] [2007-01-08]
"Finale NotePad 2008" = Finale NotePad 2008
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"FSX Flight Weather Report1.0" = FSX Flight Weather Report
"GlovePIE_is1" = GlovePIE
"Google Updater" = Google Updater
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HyperCam 2" = HyperCam 2
"InstallShield_{36CAA957-D5F0-4A76-830D-9C09A2662F6F}" = SLC Reading Assistant v4.1
"InstallShield_{43E05D0C-E145-4FF4-A749-EAF822DBDCA4}" = Jetfighter V Homeland Protector
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KLN 89B Simulator" = KLN 89B Simulator
"LegoChessDeInstKey" = LEGO Chess
"LEGOLANDDeInstKey" = LEGOLAND
"Letter Machine" = Edmark Letter Machine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mii Manager_is1" = Mii Manager
"MonkeyJam_is1" = MonkeyJam 3_050529
"Monster Truck Madness 2.0" = Microsoft Monster Truck Madness 2
"MP3MyMP3_is1" = MP3MyMP3 3.0
"Mpeg2Decoder_is1" = Mpeg2Decoder 1.3
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"My Disney Kitchen" = My Disney Kitchen
"New LEGO Digital Designer" = LEGO Digital Designer
"Nick Jr. Bingo" = Nick Jr. Bingo
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"pc12_FSX" = Flight One Software Pilatus PC-12 fsx
"PCFriendly" = PCFriendly
"PhotoFiltre Studio" = PhotoFiltre Studio
"Piano Wizard_is1" = Piano Wizard
"QuickBanner_is1" = QuickBanner 1.0
"QuickTime32" = QuickTime for Windows (32-bit)
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SharePointDesignerR" = Microsoft Office SharePoint Designer 2007
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"SporTV Toolbar" = SporTV Toolbar
"Stagecast Creator 2" = Stagecast Creator 2
"SWFText" = SWFText
"UltSounds" = Windows Sound Schemes
"VIDEOzilla_is1" = VIDEOzilla v2.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WebDesigner" = Microsoft Expression Web
"WiiCade_is1" = WiiCade
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinSS" = Windows Live OneCare

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2206615330-3397044264-1646540355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"GoToMeeting" = GoToMeeting 4.0.0.320
"New LEGO Digital Designer" = LEGO Digital Designer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2009 11:46:48 AM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 5b4 Start Time: 01c9ff1959eaaeb0 Termination Time: 219

Error - 7/13/2009 1:34:04 PM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program POWERPNT.EXE version 12.0.6500.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1600 Start Time: 01ca03dff3e9f794 Termination Time: 6

Error - 7/15/2009 4:14:35 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x4907deda, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x078232d0, process id 0x774, application start time
0x01ca0583cc5c766b.

Error - 7/16/2009 2:00:31 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x4907deda, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0a3232d0, process id 0x2fc, application start time
0x01ca058c3595f677.

Error - 7/18/2009 2:13:49 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module mcmpgdmx.ax, version 7.3.0.27713, time stamp 0x47f2aa0f,
exception code 0xc0000005, fault offset 0x000c566a, process id 0x15b4, application
start time 0x01ca07417dccd894.

Error - 7/19/2009 1:35:31 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0xdf0, application
start time 0x01ca0832b70f5feb.

Error - 7/21/2009 1:28:33 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application BTTray.exe, version 4.0.1.3500, time stamp 0x4464f111,
faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034, exception
code 0xe06d7363, fault offset 0x0001b09e, process id 0x7bc, application start time
0x01ca0a2892c5784f.

Error - 7/25/2009 1:51:52 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x24002aa0, process id 0x2770, application start time 0x01ca0cd2e0dc68a1.

Error - 7/31/2009 12:04:52 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application BTTray.exe, version 4.0.1.3500, time stamp 0x4464f111,
faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034, exception
code 0xe06d7363, fault offset 0x0001b09e, process id 0xf0, application start time
0x01ca11f89338d0f1.

Error - 8/3/2009 1:05:07 AM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program CaptureWizard.exe version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1588 Start Time: 01ca13f7c5b12f7b Termination Time: 2696

[ Media Center Events ]
Error - 10/24/2008 7:12:13 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/24/2008 16:12:13. You may need to reschedule your recordings.

Error - 10/26/2008 5:54:40 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/26/2008 14:54:40. You may need to reschedule your recordings.

Error - 11/19/2008 3:23:12 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/19/2008 11:23:12. You may need to reschedule your recordings.

Error - 11/19/2008 3:23:17 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/19/2008 11:23:17. You may need to reschedule your recordings.

Error - 11/26/2008 10:46:37 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/26/2008 18:46:37. You may need to reschedule your recordings.

Error - 11/26/2008 10:46:39 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/26/2008 18:46:39. You may need to reschedule your recordings.

Error - 12/1/2008 4:18:51 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/01/2008 12:18:51. You may need to reschedule your recordings.

Error - 12/1/2008 4:18:52 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/01/2008 12:18:52. You may need to reschedule your recordings.

Error - 12/17/2008 8:10:00 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/17/2008 16:10:00. You may need to reschedule your recordings.

Error - 12/17/2008 8:10:01 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/17/2008 16:10:01. You may need to reschedule your recordings.

[ OSession Events ]
Error - 5/27/2009 2:17:51 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1586
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 5/27/2009 2:23:36 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 337
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/30/2009 2:42:17 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1228
seconds with 420 seconds of active time. This session ended with a crash.

Error - 5/30/2009 2:42:44 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/30/2009 11:14:44 PM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7254
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:12:52 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:13:05 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:13:16 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:27:51 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

[ Windows OneCare Events ]
Error - 4/8/2009 10:51:34 PM | Computer Name = MSFB129 | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Microsoft Office Live Meeting 2007 Document Writer MachineName = MSFB129 ShareName
= DriverName = Microsoft Office Live Meeting 2007 Document Writer Driver Driver
FileName = lmdigraph8.dll Driver Version = 3 Driver File Creation date = 0 Driver Port
= Microsoft Office Live Meeting 2007 Document Writer Port: Eligibility For Sharing
= 1 Shared By OneCare = 0 Pre-OneCare Status = 1 Local Printer = 0 Sharing Status =
1 Error Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {56751D86-DFD4-496D-967B-A4E4A466D4D2}

Error - 4/14/2009 3:48:19 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 5/14/2009 3:55:54 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 6/26/2009 4:01:15 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 7/15/2009 3:16:40 PM | Computer Name = MSFB129 | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Send To OneNote 2007 MachineName = MSFB129 ShareName = DriverName = Send To Microsoft
OneNote Driver Driver FileName = msonpdrv.dll Driver Version = 3 Driver File Creation
date = 0 Driver Port = Send To Microsoft OneNote Port: Eligibility For Sharing =
1 Shared By OneCare = 0 Pre-OneCare Status = 1 Local Printer = 0 Sharing Status = 1 Error
Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {56751D86-DFD4-496D-967B-A4E4A466D4D2}

Error - 7/28/2009 1:46:40 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/5/2009 1:45:44 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/6/2009 3:59:07 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/17/2009 3:09:29 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/19/2009 2:47:57 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.


< End of report >
--------------------------------------------

Some additional information, when I start the computer everything appears normal except that the internet connection icon near the clock has a red "X" on it. Also, after about 2-3 mins. a window will come up saying, "The Windows Live OneCare service is not working or has been stopped. To correct this problem, try restarting your computer. If the problem continues, click below to get help." Then there is a hyperlink that says "Get help". If I click on "Get help," the computer will try to go to microsoft.com, but obviously, since the internet doesn't work it will fail to get there.

The problems that I am experiencing are:
1. The computer does not have internet connection
2. When I check Control Panel to see if Windows Firewall is on, it shows that firewall is off.
3. When I try to uninstall certain programs, the Windows Installer will say, "Preparing to remove..." but will never progress.
So I am unable to uninstall these programs through Add/Remove Programs
4. If I try to manually start Windows Live OneCare, it will just load and load and never start.
5. If I try to start Windows Defender instead of OneCare, the menu will freeze, and an error will appear saying, "Windows Defender
encountered an error: 0x800705b4. This operation returned because the timeout period expired."

These are the troubleshooting steps that I have taken. If anything is unclear or confusing let me know and I will try to clarify.
1. Turned on the computer it showed that there was no internet connection.
2. Reset router and restarted the computer, still had no internet connection.
3. Tried to right click on the internet connection icon at the bottom right corner of the screen and was unable to since the computer froze.
4. Opened task manager and ended explorer.exe process, taskbar disappeared.
5. Restarted explorer.exe process and taskbar came back.
6. Tried to access Network from start menu and computer locked up again.
7. Restarted computer.
8. Tried again, computer froze.
9. Restarted about 4 more times with exactly the same results.
10. Entered Safe Mode with Networking, and was able to access internet and all other menus.
11. Restarted computer and started Windows normally and tried to get to internet, but still no access.
12. Tried to access User-Account-Control-protected "Services" button from task manager services tab, but no menu appeared.
13. It turned out that any menu, button, or link, protected by User Account Control could not be accessed.
14. Turned off User Account Control from Safe Mode.
15. Could now access menus, buttons, and links, that used to be protected by User Account Control.
16. Went to "Services" button (from step 12) and discovered that the Windows Firewall service was not started, tried to start manually, but errored out saying, "Windows could not start the Windows Firewall service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
17. Also, Windows Live Onecare will not start, just loads and loads... and never starts. When I tried to start the Windows Live OneCare service manually from the services button on task manager it attempted to start but errored saying, "Windows could not start the Windows Live OneCare service on the Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion."
18. Also, Windows Defender won't start even when I try to turn it on, the menu will just freeze, and after awhile an error will appear saying, "Windows Defender encountered an error: 0x800705b4. This operation returned because the timeout period expired."
19. Ran Malware Bytes Anti Malware from Safe Mode, found (Adware.TryMedia) and deleted it.
20. Still no internet access from "normal" mode on computer.
21. Tried to run Malware Bytes Anti Malware from "normal" mode on computer, but locked up after 4 seconds.
22. Ran Defogger.exe, worked fine.
23. Attempted to run dds.scr, was unable to get any logs from it. It did not open in a black screen like it is supposed to, instead it opened in Notepad and displayed lots of weird symbols and the only text said, "This program cannot be run in DOS mode."
24. Ran gmer.exe, was able to produce "ark.txt" log.
25. Ran OTL.exe, was able to generate both "OTL.txt" and "Extras.txt"

So far, I have been unable to run dds.scr, but both gmer and OTL worked fine. Let me know if anything is unclear or confusing and I will try to clarify.

Thanks for the help!



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:39 AM

Posted 26 July 2010 - 02:51 AM

Hi,

thanks for the detailed description. I have one more question though, do you remember what you did before you lost internet access? Did you install/uninstall a program?

Have you tried using system restore to undo the changes? Do you have your Vista CD at hand?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 HelpVistaVirus

HelpVistaVirus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 July 2010 - 12:26 PM

Well, I was gone on vacation for about a week or so... and prior to leaving the computer was fine. I had the computer powered off for the duration of my trip. When I got back and turned the computer on, that's when I started having the problems. I don't recall installing or uninstalling anything immediately before or after the trip. The only thing that I can even think of is that I finally configured the Nintendo Wii to access my wireless network, and I did have a WEP key change as a result of that (I had accidentally overwritten the original WEP key while I was trying to get the Wii configured). I had to reinput the new WEP key for my other computers. But after everything was sorted out with the WEP key, the "troubled" Vista computer was working fine. Not sure if changing the WEP key would have had any long-term adverse effects or not.
I have not tried system restore yet, (I wanted to see if there was an alternate solution before I attempted that smile.gif ). In the meantime, I will check to see if I can locate the Vista CD. Also, if it is necessary to perform a system restore, I have some fairly recent images that I created on an external hard drive that may work in restoring the computer. Let me know what any next steps would be...
Thanks!

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:39 AM

Posted 26 July 2010 - 04:17 PM

Hi,

to me the problem looks more like a software/OS problem. If you take a look at the error messages you will see that most of those messages are back in 2009 or 2008. Only the system log seems up to date.
This suggests that there is some incosistency at the OS level.

I would suggest that we try a system file check first, to see if you have any corrupted files and if so if replacing those files restores functionality. For that we would need the CD though.

If that doesn't work, I would either ask you to try your luck in the Vista forums or do a system restore / an image restore. As this seems to be no malware problem, I'm not really best qualified to help.

Just to add in the fact that dds.scr opened as a text file is not really worrying, it just means that the file association has been changed. Normally it is an executable file for screensavers. If you use textfiles with that extension, I would just ignore the fact that you can't run DDS and move on.

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2009 11:46:48 AM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16771 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 5b4 Start Time: 01c9ff1959eaaeb0 Termination Time: 219

Error - 7/13/2009 1:34:04 PM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program POWERPNT.EXE version 12.0.6500.5000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1600 Start Time: 01ca03dff3e9f794 Termination Time: 6

Error - 7/15/2009 4:14:35 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x4907deda, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x078232d0, process id 0x774, application start time
0x01ca0583cc5c766b.

Error - 7/16/2009 2:00:31 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16771, time stamp
0x4907deda, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0a3232d0, process id 0x2fc, application start time
0x01ca058c3595f677.

Error - 7/18/2009 2:13:49 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6000.6349, time stamp
0x494727bd, faulting module mcmpgdmx.ax, version 7.3.0.27713, time stamp 0x47f2aa0f,
exception code 0xc0000005, fault offset 0x000c566a, process id 0x15b4, application
start time 0x01ca07417dccd894.

Error - 7/19/2009 1:35:31 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0xdf0, application
start time 0x01ca0832b70f5feb.

Error - 7/21/2009 1:28:33 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application BTTray.exe, version 4.0.1.3500, time stamp 0x4464f111,
faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034, exception
code 0xe06d7363, fault offset 0x0001b09e, process id 0x7bc, application start time
0x01ca0a2892c5784f.

Error - 7/25/2009 1:51:52 AM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x24002aa0, process id 0x2770, application start time 0x01ca0cd2e0dc68a1.

Error - 7/31/2009 12:04:52 PM | Computer Name = MSFB129 | Source = Application Error | ID = 1000
Description = Faulting application BTTray.exe, version 4.0.1.3500, time stamp 0x4464f111,
faulting module kernel32.dll, version 6.0.6000.16820, time stamp 0x49952034, exception
code 0xe06d7363, fault offset 0x0001b09e, process id 0xf0, application start time
0x01ca11f89338d0f1.

Error - 8/3/2009 1:05:07 AM | Computer Name = MSFB129 | Source = Application Hang | ID = 1002
Description = The program CaptureWizard.exe version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1588 Start Time: 01ca13f7c5b12f7b Termination Time: 2696

[ Media Center Events ]
Error - 10/24/2008 7:12:13 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/24/2008 16:12:13. You may need to reschedule your recordings.

Error - 10/26/2008 5:54:40 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 10/26/2008 14:54:40. You may need to reschedule your recordings.

Error - 11/19/2008 3:23:12 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/19/2008 11:23:12. You may need to reschedule your recordings.

Error - 11/19/2008 3:23:17 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/19/2008 11:23:17. You may need to reschedule your recordings.

Error - 11/26/2008 10:46:37 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/26/2008 18:46:37. You may need to reschedule your recordings.

Error - 11/26/2008 10:46:39 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/26/2008 18:46:39. You may need to reschedule your recordings.

Error - 12/1/2008 4:18:51 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/01/2008 12:18:51. You may need to reschedule your recordings.

Error - 12/1/2008 4:18:52 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/01/2008 12:18:52. You may need to reschedule your recordings.

Error - 12/17/2008 8:10:00 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/17/2008 16:10:00. You may need to reschedule your recordings.

Error - 12/17/2008 8:10:01 PM | Computer Name = MSFB129 | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 12/17/2008 16:10:01. You may need to reschedule your recordings.

[ OSession Events ]
Error - 5/27/2009 2:17:51 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1586
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 5/27/2009 2:23:36 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 337
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/30/2009 2:42:17 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1228
seconds with 420 seconds of active time. This session ended with a crash.

Error - 5/30/2009 2:42:44 AM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/30/2009 11:14:44 PM | Computer Name = MSFB129 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 20, Application Name: Microsoft Expression Web, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7254
seconds with 960 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:10:55 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

Error - 7/24/2010 8:12:52 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:13:05 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:13:16 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/24/2010 8:27:51 PM | Computer Name = MSFB129 | Source = DCOM | ID = 10005
Description =

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
2, function 0. Please contact your system vendor for technical assistance.

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
3, function 0. Please contact your system vendor for technical assistance.

Error - 7/25/2010 5:30:29 PM | Computer Name = MSFB129 | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
4, function 0. Please contact your system vendor for technical assistance.

[ Windows OneCare Events ]
Error - 4/8/2009 10:51:34 PM | Computer Name = MSFB129 | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Microsoft Office Live Meeting 2007 Document Writer MachineName = MSFB129 ShareName
= DriverName = Microsoft Office Live Meeting 2007 Document Writer Driver Driver
FileName = lmdigraph8.dll Driver Version = 3 Driver File Creation date = 0 Driver Port
= Microsoft Office Live Meeting 2007 Document Writer Port: Eligibility For Sharing
= 1 Shared By OneCare = 0 Pre-OneCare Status = 1 Local Printer = 0 Sharing Status =
1 Error Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {56751D86-DFD4-496D-967B-A4E4A466D4D2}

Error - 4/14/2009 3:48:19 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 5/14/2009 3:55:54 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 6/26/2009 4:01:15 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 7/15/2009 3:16:40 PM | Computer Name = MSFB129 | Source = WinSS | ID = 8001
Description = Successfully detected a local printer failed to share it PrinterName
= Send To OneNote 2007 MachineName = MSFB129 ShareName = DriverName = Send To Microsoft
OneNote Driver Driver FileName = msonpdrv.dll Driver Version = 3 Driver File Creation
date = 0 Driver Port = Send To Microsoft OneNote Port: Eligibility For Sharing =
1 Shared By OneCare = 0 Pre-OneCare Status = 1 Local Printer = 0 Sharing Status = 1 Error
Type = 5 Error Code = 0x0 EventID = 1 TelemetryAutoGuid = {56751D86-DFD4-496D-967B-A4E4A466D4D2}

Error - 7/28/2009 1:46:40 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/5/2009 1:45:44 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/6/2009 3:59:07 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/17/2009 3:09:29 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.

Error - 8/19/2009 2:47:57 AM | Computer Name = MSFB129 | Source = WinSS | ID = 1011
Description = Could not update WMI to communicate to WSC.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 HelpVistaVirus

HelpVistaVirus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 July 2010 - 05:55 PM

Hi myrti,

Well, I'm glad it's appearing like it's not malware. I found that Vista CD so I will go ahead and try to perform a system file check. Thanks for your help! I will definitely contact you guys again if I run into any malware problems in the future. I'll let you know if the system check fixes the problem or not.

Thanks again!

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:39 AM

Posted 29 July 2010 - 02:29 AM

Heya,

did you have any luck running sfc?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:39 AM

Posted 06 August 2010 - 04:39 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users