Hi mpascal,
Thank you for helping me. I really am not certain if I have a problem! I am still not getting hijacked or redirected nor am I noticing any performance problems. I'm not having any difficulty updating AVG, SAS, windows etc. Please note that anything unable to auto-update lately is probably due to the disconnect from the net intentionally.
I should have mentioned in my original post that there probably are some "funny" looking firefox entries. I had a lot of trouble trying to port my old defaults to a new system. In frustration I simply copied the old profile entries in to several places until I got my old settings (bookmarks etc.) working on the new system. I then failed to clean up... The actual profile begins with 6u7... not 59e... Once we are done here I will clean things up.
Below please find all requested data. Once again, I greatly appreciate your help, thanks!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4346
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/25/2010 4:15:04 PM
mbam-log-2010-07-25 (16-15-04).txt
Scan type: Quick scan
Objects scanned: 143583
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-25 18:02:45
Windows 5.1.2600 Service Pack 3
Running: oxpnvs3i.exe; Driver: C:\DOCUME~1\Jessamyn\LOCALS~1\Temp\uxldipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB6A0A8D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB6A076E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB6A14490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB6A0AE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB6A0AF80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB6A07C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB6A14D10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB6A14AC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB6A15230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB6A152B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB6A07AD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB6A15970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB6A153D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB6A0A4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB6A157C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB6A07EA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB6A14800]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB6996620]
---- Kernel code sections - GMER 1.0.15 ----
? srescan.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB947F380, 0x346307, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A0D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A0D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B6A0D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A0D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B6A17870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B6A0F410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B6A0D780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B6A0FB50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B6A0F220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B6A08320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B6A084D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B6A08040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B6A083D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 7/25/2010 6:23:18 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jessamyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 43.48 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 142.39 Gb Free Space | 95.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TALBOYS
Current User Name: Jessamyn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jessamyn\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe ()
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jessamyn\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.)
MOD - C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll (Logitech Inc.)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (RoxLiveShare10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (CEEBC40A-FDED-4C59-B354-939132350B01) -- c:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe ()
========== Driver Services (SafeList) ========== DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\58F.tmp File not found
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.songsmyth.com/IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.songsmyth.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/23 14:08:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/07/08 09:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.12\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2009/06/08 19:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.12\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2009/06/05 09:44:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/25 11:33:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 18:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/19 09:12:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/03/22 12:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessamyn\Application Data\Mozilla\Extensions
[2010/07/25 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessamyn\Application Data\Mozilla\Firefox\Profiles\6u7h0hqr.default\extensions
[2010/05/15 18:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessamyn\Application Data\Mozilla\Firefox\Profiles\6u7h0hqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/25 14:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/03/15 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windowsupd...b?1206018920343 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1244669024854 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/25 14:19:14 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a93643b-4817-11de-b66a-00218535b187}\Shell - "" = AutoRun
O33 - MountPoints2\{5a93643b-4817-11de-b66a-00218535b187}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5a93643b-4817-11de-b66a-00218535b187}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b4d96930-ecff-11de-b69c-00218535b187}\Shell\AutoRun\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{b4d96930-ecff-11de-b69c-00218535b187}\Shell\Flip Video for PC\command - "" = K:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
========== Files/Folders - Created Within 30 Days ========== [2010/07/25 14:21:32 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jessamyn\Desktop\OTL.exe
[2010/07/24 11:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/24 11:26:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/24 11:26:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/24 11:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/24 11:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/24 11:22:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/24 11:18:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/23 14:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessamyn\Application Data\SUPERAntiSpyware.com
[2010/07/23 14:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/23 14:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/15 11:08:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 12:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/07/09 10:24:56 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010/07/09 08:53:55 | 000,000,000 | ---D | C] -- C:\AVGGmer2
[2010/07/09 08:52:32 | 000,000,000 | ---D | C] -- C:\AVGGmer
[2010/07/08 09:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessamyn\Application Data\AVG9
[2010/07/08 09:17:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/08 09:16:53 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/08 09:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/07 13:01:57 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/07 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/07/07 10:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessamyn\Application Data\Malwarebytes
[2010/07/07 10:46:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/07 10:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/07 10:46:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/07 10:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/07/25 18:16:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/25 18:16:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/25 18:16:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 18:16:42 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/25 14:21:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessamyn\Desktop\OTL.exe
[2010/07/25 14:20:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\oxpnvs3i.exe
[2010/07/25 14:16:35 | 000,348,371 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/25 09:10:21 | 062,475,682 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/24 21:05:53 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jessamyn\NTUSER.DAT
[2010/07/24 21:05:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jessamyn\ntuser.ini
[2010/07/24 12:06:52 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2010/07/24 11:49:49 | 000,444,676 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/24 11:49:49 | 000,072,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/24 11:49:48 | 000,526,394 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/24 11:47:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/24 11:46:40 | 000,477,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/24 11:44:57 | 000,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/24 11:22:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/23 14:51:26 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 15:30:38 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\July 20 Board Meeting ED report.doc
[2010/07/20 15:30:18 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\Pending.doc
[2010/07/20 15:29:48 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\WNCHA-GBM-100615.doc
[2010/07/20 15:29:31 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\WNCHA-GBM-agda-100720.doc
[2010/07/20 15:28:53 | 000,023,725 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\BruceUseThisOne.jpeg
[2010/07/20 15:25:14 | 000,022,848 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\Jessamyn august newsletter.odt
[2010/07/15 11:37:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jessamyn\defogger_reenable
[2010/07/15 10:42:43 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\dds.scr
[2010/07/13 17:41:16 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\Defogger.exe
[2010/07/13 14:27:57 | 000,039,586 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\ALERT.jpg
[2010/07/13 14:25:44 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint Shop Pro 7.lnk
[2010/07/13 12:01:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/07/09 10:24:56 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2010/07/09 10:24:56 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010/07/09 10:24:56 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010/07/08 09:17:05 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/08 09:17:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/08 09:17:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/08 09:16:56 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/07/08 09:16:54 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/08 09:16:53 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/08 09:16:53 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/07 10:46:55 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/04 19:35:58 | 000,010,711 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\Assessment chapter headings.docx
[2010/07/04 19:34:42 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Jessamyn\Desktop\Ch 6 Assessment.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/07/25 14:20:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\oxpnvs3i.exe
[2010/07/23 14:51:26 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/20 15:30:38 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\July 20 Board Meeting ED report.doc
[2010/07/20 15:30:18 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\Pending.doc
[2010/07/20 15:29:48 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\WNCHA-GBM-100615.doc
[2010/07/20 15:29:30 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\WNCHA-GBM-agda-100720.doc
[2010/07/20 15:28:53 | 000,023,725 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\BruceUseThisOne.jpeg
[2010/07/20 15:25:13 | 000,022,848 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\Jessamyn august newsletter.odt
[2010/07/15 11:37:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jessamyn\defogger_reenable
[2010/07/15 10:42:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\dds.scr
[2010/07/13 17:41:16 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\Defogger.exe
[2010/07/13 15:56:09 | 3488,862,208 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/13 14:27:57 | 000,039,586 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\ALERT.jpg
[2010/07/13 12:01:18 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/07/09 10:24:56 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2010/07/09 10:24:56 | 000,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2010/07/09 10:24:56 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010/07/08 09:16:56 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/07/07 10:46:55 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/30 10:26:23 | 000,010,711 | ---- | C] () -- C:\Documents and Settings\Jessamyn\Desktop\Assessment chapter headings.docx
[2010/05/18 12:13:41 | 000,000,238 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2009/10/13 15:49:11 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll
[2009/10/13 15:49:10 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/31 07:38:50 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009/04/18 09:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/03/28 08:58:33 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6l.DLL
[2009/03/21 21:16:19 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/03/21 21:09:03 | 000,000,239 | ---- | C] () -- C:\WINDOWS\HomeSite.ini
[2008/10/22 20:26:30 | 000,000,502 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/10/22 10:11:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/17 10:17:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[1980/01/01 00:00:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[1980/01/01 00:00:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[1980/01/01 00:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[1980/01/01 00:00:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[1980/01/01 00:00:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >[2009/12/25 14:19:14 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/17 15:02:35 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/10/22 10:11:21 | 000,002,404 | ---- | M] () -- C:\CDDrives.txt
[2006/09/28 08:29:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/25 18:16:42 | 3488,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/28 08:29:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/28 08:29:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/24 11:22:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/25 18:16:42 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/10/22 10:06:25 | 000,058,654 | ---- | M] () -- C:\SIGNED.TXT
[2008/10/22 10:06:25 | 000,088,332 | ---- | M] () -- C:\SIGVERIF.TXT
[2008/10/22 10:06:25 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT
[2008/10/22 10:06:25 | 000,029,602 | ---- | M] () -- C:\UNSCANNED.TXT
[2008/10/22 10:05:48 | 000,000,200 | ---- | M] () -- C:\UNSIGNED.TXT
< %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com >[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini >[2006/09/28 08:29:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2004/06/15 01:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6l.DLL
[2004/06/15 01:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6l.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav >[2006/09/28 08:21:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/28 08:21:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/28 08:21:06 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-25 14:04:36
< End of report >
OTL Extras logfile created on: 7/25/2010 6:23:18 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jessamyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 43.48 Gb Free Space | 58.34% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 142.39 Gb Free Space | 95.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TALBOYS
Current User Name: Jessamyn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\mozilla.org\Mozilla\mozilla.exe (Mozilla Foundation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1" (Mozilla Foundation)
https [open] -- C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE -url "%1" (Mozilla Foundation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator XE
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67CA389E-E759-4181-99FA-CD8B63853FB1}" = Roxio Creator XE
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG9Uninstall" = AVG 9.0
"CANONBJ_Deinstall_CNMCP6l.DLL" = Canon PIXMA iP8500
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Jasc Additional Picture Frames Installer" = Jasc Additional Picture Frames Installer
"Jasc Additional Picture Tubes Installer" = Jasc Additional Picture Tubes Installer
"Jasc Additional Preset Shapes Installer" = Jasc Additional Preset Shapes Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla (1.7.12)" = Mozilla (1.7.12)
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoRecord" = Canon PhotoRecord
"Punch! Professional Home Design" = Punch! Professional Home Design
"RealFlightG5Pro" = RealFlight G5 R/C Simulator
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"WeBuilder 2008_is1" = WeBuilder 2008 v9.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/10/2009 12:03:53 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/11/2009 12:04:30 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/12/2009 12:04:10 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/13/2009 12:04:31 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/14/2009 12:04:35 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c158a.
Error - 5/15/2009 12:04:39 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/16/2009 12:04:09 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c158a.
Error - 5/17/2009 12:03:13 AM | Computer Name = TALBOYS | Source = Application Error | ID = 1000
Description = Faulting application avgcsrvx.exe, version 8.0.0.223, faulting module
avgcorex.dll, version 8.0.0.237, fault address 0x001c15c4.
Error - 5/18/2009 3:29:26 PM | Computer Name = TALBOYS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 5/25/2009 9:52:03 PM | Computer Name = TALBOYS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 7/13/2010 2:51:02 PM | Computer Name = TALBOYS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant
Error - 7/13/2010 2:51:36 PM | Computer Name = TALBOYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 7/13/2010 2:55:10 PM | Computer Name = TALBOYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 7/13/2010 3:48:48 PM | Computer Name = TALBOYS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 7/13/2010 5:44:03 PM | Computer Name = TALBOYS | Source = Print | ID = 6161
Description = The document BleepingComputer.com [Power... owned by Jessamyn failed
to print on printer Canon PIXMA iP8500. Data type: NT EMF 1.008. Size of the spool
file in bytes: 17076732. Number of bytes printed: 205380. Total number of pages
in the document: 20. Number of pages printed: 1. Client machine: \\TALBOYS. Win32
error code returned by the print processor: 122 (0x7a).
Error - 7/13/2010 5:50:06 PM | Computer Name = TALBOYS | Source = Print | ID = 6161
Description = The document gmer115.txt - Notepad owned by Jessamyn failed to print
on printer Canon PIXMA iP8500. Data type: NT EMF 1.008. Size of the spool file
in bytes: 10280. Number of bytes printed: 5828. Total number of pages in the document:
2. Number of pages printed: 0. Client machine: \\TALBOYS. Win32 error code returned
by the print processor: 122 (0x7a).
Error - 7/18/2010 11:45:30 AM | Computer Name = TALBOYS | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 7/20/2010 3:58:09 PM | Computer Name = TALBOYS | Source = Service Control Manager | ID = 7034
Description = The Roxio File Backup Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 7/23/2010 10:45:18 AM | Computer Name = TALBOYS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 7/23/2010 10:45:18 AM | Computer Name = TALBOYS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
< End of report >