Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser, Excel and Anti-Virus problems


  • Please log in to reply
19 replies to this topic

#1 Al Jacques

Al Jacques

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 04 February 2011 - 05:58 AM

I have three problems that have appeared in this order:
1. Browsers are getting redirected plus occasional pop-ups
2. AVG won't install
3. Excel seems frozen

Details:

1. I use multiple browsers - IE 8, Chrome, Firefox and Flock. IE 8 and Chrome both suffer from two issues. Whenever a Google results page is shown, or a link is clicked, a google address with a redirection is used and the page says it cannot be found (google oops page) and a second page about google analytics is loaded then redirected to a random advertisement. If I hit the back arrow three times I end up on the page I expected. In Firefox and Flock redirects are blocked (a message appears at the top of the screen with an option to allow). And I do get pop-ups occasionally from the advertisements. I have tried multiple anti-spyware programs with no results (each came-up with registry entries to delete, but the problem has not gone away).

2. I use Earthlink as my ISP through Time-Warner. They offer 'free' anti-virus packages to their users. Last year it was Kaspersky which seemed to work ok. This year they changed to Commodo which hung and they did not know how to provide help. So I tried to install AVG, which I have used in the past. I was able to successfully install it on my wife's desktop with no problems, but when I try to install in on my identical desktop or on my laptop the program tells me I do not have a valid internet connection (even though I just downloaded the install over the internet) and asks for proxy settings, which I am not using. I tried installing Trend Micro and ran into the same problem. Right now I am using a trial of Avast.

3. I use Office 2007 and have been doing so for the past two years. Suddenly I cannot change cells when the program loads - whether I simply load the program or I open an xls or xlsx file from windows explorer, I cannot change cell locations nor can I get a drop-down menu to appear. I tried doing a repair with no change. I can open the files with either excel 2003 or open office calc.

I do a lot of traveling and use LogMeIn to get to my desktop from remote locations. Inside, I use VNC to get to my various machines; I have four running Windows XP (3 desktops 1 laptop) a web server running windows 2000, another running windows 2003 and one running fedora. I only have all these issues on one desktop, but the AVG refusal on one desktop and the laptop.

Here is the results of a HiJackThis scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:11 AM, on 2/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lizardsoft\CustomBar\custombar.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Documents and Settings\AGJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Symmetricom\SymmTime\GeTTime.exe
C:\Program Files\Dell Inc\USB 2.0 Wireless LAN Card Utility\PRISMCFG.exe
C:\Documents and Settings\AGJ\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Development\jPassGen\bin\Release\jPassGen.exe
C:\Program Files\Microsoft Office\OFFICE12\outlook.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aljacques.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 207.69.188.100 irns1.earthlink.net
O1 - Hosts: 207.69.188.101 irns2.earthlink.net
O1 - Hosts: 207.69.188.102 irns3.earthlink.net
O1 - Hosts: 207.69.188.103 irns4.earthlink.net
O1 - Hosts: 63.223.76.173 ns1.dnsexit.com
O1 - Hosts: 64.182.102.188 dns1
O1 - Hosts: 64.182.102.188 ns2.dnsexit.com
O1 - Hosts: 85.255.112.154 dns2
O1 - Hosts: 85.255.115.234 dns3
O1 - Hosts: 207.69.188.171 dns4
O1 - Hosts: 207.69.188.172 dns5
O1 - Hosts: 207.69.188.186 dns6
O1 - Hosts: 207.69.188.187 dns7
O1 - Hosts: 156.154.70.22 dns8
O1 - Hosts: 156.154.71.22 dns9
O1 - Hosts: 24.136.254.1 gateway
O1 - Hosts: 24.136.255.120 modem
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [jPassGen] C:\Development\jPassGen\bin\Release\jPassGen
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Monitor.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [LSCustomBar] C:\Program Files\Lizardsoft\CustomBar\custombar.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\AGJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = Dropbox\bin\Dropbox.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: SymmTime.lnk = C:\Program Files\Symmetricom\SymmTime\GeTTime.exe
O4 - Global Startup: The Journal 5.lnk = C:\Program Files\DavidRM Software\The Journal 5\Journal5.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O15 - Trusted Zone: http://www.linkedin.com
O15 - Trusted Zone: http://www.seattlepi.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153346926436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153439257796
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} (LinksysViewer Control) - http://192.168.1.115/img/LinksysViewer.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://216.228.175.126:8000/activex/AxisCamControl.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F054DD7-870A-4440-A0A3-41974EED8BA6}: NameServer = 64.182.102.188,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{96C34C24-F4D5-4752-BABD-871167A34870}: NameServer = 64.182.102.188,85.255.112.154
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Unknown owner - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 14152 bytes

Please let me know if you can help.

Thank you-

-Al Jacques

Attached Files


Edited by hamluis, 04 February 2011 - 09:00 AM.
Moved from XP forum to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 07 February 2011 - 06:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 09 February 2011 - 06:36 AM

Thank you for your help on this. The only changes I have tried since my original post is to uninstall Excel, reboot and then reinstall it and reboot. This did not cure the problems. I still cannot move the cursor or change cell address in Excel. I can load the excel files on another computer and use them with no problems or I can open the files using another program.

Here is the OTL.txt file:

logfile created on: 2/8/2011 9:22:47 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.64 Gb Total Space | 10.08 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT32
Drive M: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive N: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive O: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive P: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT

Computer Name: AL9150 | User Name: AGJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/08 21:21:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
PRC - [2011/01/29 01:57:06 | 000,995,896 | ---- | M] (Google Inc.) -- C:\Documents and Settings\AGJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/01/25 15:08:10 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/05 14:29:00 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/12/14 10:54:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/01 00:11:58 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/08/14 14:31:58 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/07/28 15:20:43 | 000,115,200 | ---- | M] (Another tool from jManage.com) -- C:\Development\jPassGen\bin\Release\jPassGen.exe
PRC - [2010/05/10 12:48:30 | 013,273,600 | ---- | M] (DavidRM Software) -- C:\Program Files\DavidRM Software\The Journal 5\Journal5.exe
PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\AGJ\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/12/07 07:32:00 | 001,347,584 | ---- | M] () -- C:\Program Files\Symmetricom\SymmTime\GeTTime.exe
PRC - [2009/08/16 15:06:30 | 003,451,392 | ---- | M] (Helios Software Solutions) -- C:\Program Files\TextPad 5\TextPad.exe
PRC - [2009/03/05 15:28:08 | 000,585,728 | ---- | M] (TightVNC Group) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2008/07/27 14:11:56 | 000,045,568 | ---- | M] (USBest) -- C:\WINDOWS\system32\UTSCSI.EXE
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 14:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/10/08 17:01:14 | 001,765,376 | ---- | M] (Linksys, a division of Cisco Systems, Inc.) -- C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
PRC - [2007/10/02 09:45:30 | 000,311,296 | ---- | M] (Linksys, a division of Cisco Inc.) -- C:\Program Files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
PRC - [2007/07/30 20:23:42 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/12 12:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Inc\USB 2.0 Wireless LAN Card Utility\PRISMCFG.exe
PRC - [2006/10/12 09:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 09:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/07/01 14:34:46 | 000,487,424 | ---- | M] () -- C:\Program Files\Lizardsoft\CustomBar\CustomBar.exe


========== Modules (SafeList) ==========

MOD - [2011/02/08 21:21:56 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/10/16 12:04:22 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/08/26 00:12:28 | 001,124,968 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvwimg.dll
MOD - [2010/08/26 00:12:24 | 002,459,240 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RUBotSrv)
SRV - File not found [Disabled | Stopped] -- -- (LiveUpdate)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/03/05 15:28:08 | 000,585,728 | ---- | M] (TightVNC Group) [Auto | Running] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - [2008/07/29 12:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/07/27 14:11:56 | 000,045,568 | ---- | M] (USBest) [Auto | Running] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2008/06/30 15:48:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/12 09:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/06/17 06:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®
SRV - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/11/28 18:12:53 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/10/16 13:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/06/09 14:08:04 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010/02/22 12:10:59 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/12/24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/10/17 14:17:53 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 14:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/28 14:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/26 12:22:00 | 000,357,344 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (DELL_A02)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/06/05 19:08:54 | 000,268,736 | ---- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2006/01/13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2005/12/01 09:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\drhard.sys -- (drhard)
DRV - [2005/11/24 18:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/11/16 20:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor)
DRV - [2005/03/31 16:04:52 | 000,180,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/01/05 17:29:30 | 000,432,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2004/08/04 15:59:14 | 000,034,560 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbdpFP.sys -- (UsbdpFP)
DRV - [2004/08/04 15:58:08 | 000,032,640 | ---- | M] (DigitalPersona, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dpK0Bx01.sys -- (dpK0Bx01)
DRV - [2002/12/13 03:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:58:12 | 000,022,912 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\umaxpcls.sys -- (UMAXPCLS)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aljacques.com/
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://vbcity.com/forums/t/119904.aspx
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://draft.blogger.com/rearrange?blogID=6062087&pli=1|http://benfiretag.blogspot.com/|https://www.google.com/adsense/g-conf-yes?pli=1&auth=DQAAAJIAAABIMX1GgwhRi7G-EsD3oY2TnEvLS0dxUrRO4rjvNSMJGgHhKLwhRCtd0jqNYTWyPRLvhu3hZjISWAWvsbvMPJADvu_vR03-CJACW1AQxhgyoyM2MZhlB1onlcqhZza2YOGzg91P491JFz5GNCrmCR6fWIHX4xdpcN3Xf36erNWhbG8XW_3qoNwyuyQCaVLfktbjsEG96dvFxBCOTYLJH6ie|http://www.facebook.com/profile.php?id=709692614|http://twitter.com/#|http://dreamland7540.yuku.com/forums/28/master/1/|http://paper.li/Brad_Howington/poets|http://felicitas-metamorphosis.blogspot.com/2011/01/journey.html|http://bradleyhowington.com/blog/2011/01/25/happy-tuesday/|http://www.google.com/friendconnect/admin/site/overview?id=11018535878870437973"
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.3.1
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.1
FF - prefs.js..flock.keyword.provider: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/11 08:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/09/08 11:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/12/23 12:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2010/09/08 11:02:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/12/23 12:32:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 10:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/23 12:32:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 13:59:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/12/23 12:32:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/12/23 12:32:33 | 000,000,000 | ---D | M]

[2010/09/08 13:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Extensions
[2010/09/08 13:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/03/31 13:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/18 11:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions
[2010/03/30 09:29:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/06/30 06:35:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/30 08:41:52 | 000,000,000 | ---D | M] (Open Networkers Toolbar) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\{3e73878d-d437-4f29-8d1b-5203aa3ba40b}
[2009/07/10 17:16:32 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/12/08 13:49:27 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\LogMeInClient@logmein.com
[2010/10/29 06:24:27 | 000,000,000 | ---D | M] ("Morning Coffee") -- C:\Documents and Settings\AGJ\Application Data\Mozilla\Firefox\Profiles\vq8kr6vl.default\extensions\morningCoffee@shaneliesegang
[2010/04/05 06:22:46 | 000,001,227 | ---- | M] () -- C:\Documents and Settings\AGJ\Application Data\Flock\Browser\Profiles\j0j6wb68.default\searchplugins\facebook.xml
[2011/01/18 11:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/16 17:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/09/08 16:02:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 17:09:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/13 21:13:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\DOCUMENTS AND SETTINGS\AGJ\APPLICATION DATA\FLOCK\BROWSER\PROFILES\J0J6WB68.DEFAULT\EXTENSIONS\FIREFOX@GHOSTERY.COM
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/03 02:15:22 | 008,765,440 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npexview.dll

O1 HOSTS File: ([2011/01/28 11:30:54 | 000,000,995 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.1 router
O1 - Hosts: 192.168.1.7 xbox
O1 - Hosts: 192.168.1.22 jmanage2200
O1 - Hosts: 192.168.1.22 server
O1 - Hosts: 192.168.1.22 webserver
O1 - Hosts: 192.168.1.32 jmanage3200
O1 - Hosts: 192.168.1.52 jmanage5200
O1 - Hosts: 192.168.1.66 mac-mini
O1 - Hosts: 192.168.1.70 chris
O1 - Hosts: 192.168.1.71 StephenEthernet
O1 - Hosts: 192.168.1.72 Stephen
O1 - Hosts: 192.168.1.73 jordan
O1 - Hosts: 192.168.1.75 ps3
O1 - Hosts: 192.168.1.77 c-ipod
O1 - Hosts: 192.168.1.79 psp
O1 - Hosts: 192.168.1.80 maj
O1 - Hosts: 192.168.1.80 maj9150
O1 - Hosts: 192.168.1.80 margaret
O1 - Hosts: 192.168.1.92 laptop
O1 - Hosts: 192.168.1.95 droid
O1 - Hosts: 192.168.1.98 me
O1 - Hosts: 192.168.1.115 jcamera
O1 - Hosts: 192.168.15.1 vonage
O1 - Hosts: 207.69.188.100 irns1.earthlink.net
O1 - Hosts: 18 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IE DOM Explorer) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Developer Toolbar) - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - File not found
O3 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [jPassGen] C:\Development\jPassGen\bin\Release\jPassGen.exe (Another tool from jManage.com)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Monitor.exe] C:\Program Files\Wireless-G Internet Home Monitoring Camera\Monitor.exe (Linksys, a division of Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005..\Run: [LSCustomBar] C:\Program Files\Lizardsoft\CustomBar\CustomBar.exe ()
O4 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\AGJ\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\AGJ\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\AGJ\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SymmTime.lnk = C:\Program Files\Symmetricom\SymmTime\GeTTime.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\The Journal 5.lnk = C:\Program Files\DavidRM Software\The Journal 5\Journal5.exe (DavidRM Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Inc\USB 2.0 Wireless LAN Card Utility\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-806864349-1435408688-3561169190-1027\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\..Trusted Domains: linkedin.com ([www] http in Local intranet)
O15 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\..Trusted Domains: seattlepi.com ([www] http in Local intranet)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install/00/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153346926436 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153439257796 (MUWebControl Class)
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} http://192.168.1.115/img/LinksysViewer.cab (LinksysViewer Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://216.228.175.126:8000/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab (Autodesk DWF Viewer Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\jpip {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\sidlet {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wivawira.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\mufewulu.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\AGJ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\AGJ\Application Data\nView_Wallpaper\PerMonitorWallpaper0.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 07:35:13 | 000,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/26 18:06:39 | 000,000,026 | ---- | M] () - C:\AUTOEXEC.OLD -- [ NTFS ]
O32 - AutoRun File - [2007/04/25 10:11:50 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-806864349-1435408688-3561169190-1005\...exe [@ = exefile] -- Reg Error: Value error. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0F433B5E-2F22-47D1-9861-2FF167CF891D} - Microsoft Visual Studio .NET 2003 Service Pack 1 (KB918007)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {66DA9ADD-B1C4-4891-84D6-706E216B411B} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
ActiveX: {6803DF8A-43CE-4E52-B455-0B9B09D6E2D1} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971023)
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
ActiveX: {964C8238-245C-4475-BB6E-D19D2C1220F2} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB973673)
ActiveX: {A354FCD5-EE7F-9F1B-4219-7FEB29456068} - Viewpoint Media Player
ActiveX: {A796E2C1-B5CF-F161-D3E7-396054BDDF66} - Microsoft Windows Media Player
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB971090)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} - Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EAB25E17-B9E1-4B09-5273-978573C9E601} - Microsoft Windows Media Player 6.4
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 08:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/03 20:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/02/03 20:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ASAP Utilities
[2011/02/03 20:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGJ\Application Data\ASAP Utilities
[2011/02/03 20:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ASAP Utilities
[2011/01/29 08:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGJ\Start Menu\Programs\HiJackThis
[2011/01/27 11:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/01/21 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGJ\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/01/21 20:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/01/15 15:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/15 15:59:41 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/15 15:59:41 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/15 15:59:41 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/15 15:59:41 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/15 15:59:41 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/15 15:59:41 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/15 15:59:41 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/15 15:59:22 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/15 15:59:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/15 15:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/15 15:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/15 14:42:09 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/01/15 14:42:06 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/01/15 14:42:06 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/01/15 13:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Oracle VM VirtualBox
[2011/01/15 13:10:35 | 000,158,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2011/01/15 13:10:23 | 000,042,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2011/01/15 12:06:20 | 000,000,000 | ---D | C] -- C:\temp
[2011/01/14 12:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AGJ\Application Data\nView_Wallpaper
[2011/01/10 13:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trend Micro
[2011/01/10 13:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2011/01/10 13:52:32 | 046,374,936 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2011/01/10 13:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/01/10 13:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/10 13:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/09/28 19:39:35 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2006/09/28 19:39:35 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2006/09/28 19:39:34 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/08 21:24:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-806864349-1435408688-3561169190-1005UA.job
[2011/02/08 20:59:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/08 12:29:14 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\AGJ\My Documents\Quintiles Interview.doc
[2011/02/08 10:59:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/08 09:24:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-806864349-1435408688-3561169190-1005Core.job
[2011/02/08 02:00:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\cleanup.job
[2011/02/08 01:44:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/02/07 13:44:08 | 000,000,024 | ---- | M] () -- C:\WINDOWS\ZoneLib-DisplayNames.ini
[2011/02/07 13:43:49 | 000,009,663 | ---- | M] () -- C:\WINDOWS\SymmTime.ini
[2011/02/07 13:43:19 | 000,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/07 13:21:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 13:21:06 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/06 12:00:13 | 000,057,537 | ---- | M] () -- C:\Documents and Settings\AGJ\.recently-used.xbel
[2011/02/05 08:16:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/05 07:29:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/05 01:57:44 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\AGJ\Desktop\Google Chrome.lnk
[2011/02/05 01:57:44 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\AGJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/03 21:08:05 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\AGJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/02/03 20:42:29 | 001,756,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/02/01 21:16:40 | 000,035,764 | ---- | M] () -- C:\bar.emf
[2011/01/29 08:28:00 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\AGJ\Desktop\HiJackThis.lnk
[2011/01/28 19:53:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/28 11:30:54 | 000,000,995 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/27 11:33:43 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/21 20:56:57 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/01/20 18:04:12 | 000,026,748 | ---- | M] () -- C:\Documents and Settings\AGJ\Desktop\http _ebook-publisher.texasintegratedservices.com.htm
[2011/01/15 21:10:20 | 000,241,452 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/15 21:10:20 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/15 21:10:17 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/01/15 21:09:43 | 000,241,448 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/15 15:59:42 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/15 15:59:41 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/15 15:30:18 | 000,109,482 | ---- | M] () -- C:\Documents and Settings\AGJ\Desktop\licensecrawler.zip
[2011/01/15 14:41:15 | 000,652,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/15 14:41:14 | 000,140,298 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/15 13:10:36 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2011/01/13 10:48:27 | 000,433,664 | ---- | M] () -- C:\Documents and Settings\AGJ\My Documents\Home Builders Association.doc
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/10 13:53:36 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/01/10 13:53:36 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011/01/10 13:53:36 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011/01/10 13:53:27 | 046,374,936 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\Trend_Micro.exe
[2011/01/10 13:49:56 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/01/10 13:10:28 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/07 15:14:43 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\AGJ\My Documents\Quintiles Interview.doc
[2011/02/06 12:00:13 | 000,057,537 | ---- | C] () -- C:\Documents and Settings\AGJ\.recently-used.xbel
[2011/02/05 08:16:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/27 11:33:43 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/01/21 20:56:57 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk
[2011/01/21 20:56:57 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2011/01/20 18:04:11 | 000,026,748 | ---- | C] () -- C:\Documents and Settings\AGJ\Desktop\http _ebook-publisher.texasintegratedservices.com.htm
[2011/01/15 15:59:42 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/15 15:30:16 | 000,109,482 | ---- | C] () -- C:\Documents and Settings\AGJ\Desktop\licensecrawler.zip
[2011/01/15 15:10:31 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\AGJ\TmInstall.log
[2011/01/15 14:45:02 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/15 13:10:36 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oracle VM VirtualBox.lnk
[2011/01/13 10:25:29 | 000,433,664 | ---- | C] () -- C:\Documents and Settings\AGJ\My Documents\Home Builders Association.doc
[2011/01/10 13:49:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/12/14 16:07:48 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/07/25 21:09:03 | 000,560,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/07 13:23:54 | 000,022,449 | ---- | C] () -- C:\Documents and Settings\AGJ\Application Data\Comma Separated Values (Windows).ADR
[2010/04/15 06:54:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/04/04 11:22:50 | 000,038,455 | ---- | C] () -- C:\Documents and Settings\AGJ\Application Data\Comma Separated Values (DOS).ADR
[2010/03/04 10:32:50 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\AGJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 07:23:02 | 000,002,579 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/26 19:40:11 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/05 11:31:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/11/18 09:24:09 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/07 07:31:45 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/07/16 05:41:45 | 000,195,172 | ---- | C] () -- C:\Documents and Settings\AGJ\Application Data\BarCreator.zip
[2008/06/10 13:34:44 | 000,000,700 | ---- | C] () -- C:\WINDOWS\pugnax.ini
[2008/05/04 19:13:12 | 000,000,429 | ---- | C] () -- C:\WINDOWS\avpr.ini
[2008/05/04 18:34:51 | 000,001,358 | ---- | C] () -- C:\WINDOWS\Bookpdf12.ini
[2008/05/01 20:40:57 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/04/09 15:12:17 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2008/04/08 08:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\autorun.INI
[2008/03/22 07:54:08 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/03/22 07:54:08 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\D2FD6EE6F9.sys
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/02/18 13:15:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Screen.INI
[2008/02/04 17:46:09 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\regwtfp.sys
[2008/02/04 17:45:42 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\PDFPageCount.dll
[2007/09/21 18:48:21 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/07/24 12:47:05 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/24 12:47:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/07/19 12:50:21 | 000,009,663 | ---- | C] () -- C:\WINDOWS\SymmTime.ini
[2007/07/19 12:50:21 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ZoneLib-DisplayNames.ini
[2007/05/12 16:40:07 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2007/04/29 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/03/23 13:22:49 | 000,385,024 | ---- | C] () -- C:\WINDOWS\libswish-e.dll
[2007/03/23 13:22:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\msql.dll
[2007/03/23 13:22:48 | 001,470,464 | ---- | C] () -- C:\WINDOWS\libmysql.dll
[2007/03/23 13:22:48 | 000,166,912 | ---- | C] () -- C:\WINDOWS\libmcrypt.dll
[2007/03/23 13:22:48 | 000,165,643 | ---- | C] () -- C:\WINDOWS\libmhash.dll
[2007/03/23 13:22:48 | 000,048,744 | ---- | C] () -- C:\WINDOWS\System32\php.ini
[2007/02/28 17:45:56 | 000,000,123 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2007/02/27 10:46:06 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/26 09:41:03 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ai.ini
[2007/01/02 21:03:57 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/12/29 22:08:34 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006/12/01 09:24:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2006/11/28 22:56:57 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\umssetwinsyspios5.dll
[2006/11/28 11:56:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/11/28 09:17:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\ReSize.INI
[2006/11/22 15:30:58 | 000,000,167 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/11/22 15:30:58 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006/11/22 15:30:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006/11/22 15:30:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006/11/22 15:30:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006/11/22 15:30:51 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006/11/22 15:30:50 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2040.INI
[2006/10/26 20:20:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/10/26 20:20:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/10/26 19:12:01 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2006/10/26 18:10:32 | 000,000,810 | ---- | C] () -- C:\WINDOWS\OPLIMIT.INI
[2006/10/26 18:10:12 | 000,000,638 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/26 18:04:59 | 000,000,163 | ---- | C] () -- C:\WINDOWS\UMAXDRV.INI
[2006/10/26 18:04:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI
[2006/10/26 18:04:53 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2006/10/26 18:04:21 | 000,056,832 | ---- | C] () -- C:\WINDOWS\UCM_16.DLL
[2006/10/26 18:04:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\UCM_32.DLL
[2006/10/26 18:04:20 | 000,462,336 | ---- | C] () -- C:\WINDOWS\VS32.DLL
[2006/10/26 18:04:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2006/10/26 18:04:20 | 000,131,264 | ---- | C] () -- C:\WINDOWS\KCME0.DLL
[2006/10/26 18:04:20 | 000,098,236 | ---- | C] () -- C:\WINDOWS\KCME1.DLL
[2006/10/26 18:04:20 | 000,097,914 | ---- | C] () -- C:\WINDOWS\32KCME0.DLL
[2006/10/26 18:04:20 | 000,096,256 | ---- | C] () -- C:\WINDOWS\KPAPI.DLL
[2006/10/26 18:04:20 | 000,093,184 | ---- | C] () -- C:\WINDOWS\KPAPI32.DLL
[2006/10/26 18:04:20 | 000,070,548 | ---- | C] () -- C:\WINDOWS\KPMON.DLL
[2006/10/26 18:04:20 | 000,050,176 | ---- | C] () -- C:\WINDOWS\KPCP.DLL
[2006/10/26 18:04:20 | 000,017,920 | ---- | C] () -- C:\WINDOWS\KCMS_SYS.DLL
[2006/10/26 18:04:19 | 000,185,376 | ---- | C] () -- C:\WINDOWS\UDEPP32.DLL
[2006/10/26 18:04:19 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMAXDRV.SYS
[2006/10/26 18:04:18 | 000,023,552 | ---- | C] () -- C:\WINDOWS\VSCLI32.DLL
[2006/10/26 17:56:56 | 000,000,156 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/10/25 10:33:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2006/10/25 10:28:37 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2006/10/25 10:28:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/10/07 16:37:51 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2006/09/28 19:39:35 | 000,432,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys
[2006/09/28 19:39:35 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2006/09/06 09:06:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/02 20:41:55 | 000,000,084 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/09/02 20:41:05 | 000,000,063 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2006/09/02 20:39:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2006/09/02 20:39:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2006/09/02 16:50:00 | 000,013,994 | ---- | C] () -- C:\WINDOWS\QWIRKS.INI
[2006/08/30 08:23:31 | 000,000,076 | ---- | C] () -- C:\WINDOWS\HEDIT.INI
[2006/08/02 14:28:36 | 000,872,507 | ---- | C] () -- C:\WINDOWS\System32\mesa.dll
[2006/08/02 14:28:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ljackuw.dll
[2006/08/02 14:28:20 | 000,729,088 | ---- | C] () -- C:\WINDOWS\System32\X11.dll
[2006/08/02 14:28:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\netcdf.dll
[2006/08/02 14:28:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_jp2_.dll
[2006/08/02 14:28:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_dcm_.dll
[2006/08/02 14:28:20 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_wmf_.dll
[2006/08/02 14:28:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_logo_.dll
[2006/08/02 14:28:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\OTComp.dll
[2006/08/02 14:28:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_svg_.dll
[2006/08/02 14:28:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_png_.dll
[2006/08/02 14:28:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Xext.dll
[2006/08/02 14:28:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SS30PP.dll
[2006/08/02 14:28:20 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_msl_.dll
[2006/08/02 14:28:20 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pdf_.dll
[2006/08/02 14:28:20 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\CORE_RL_xlib_.dll
[2006/08/02 14:28:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_ps_.dll
[2006/08/02 14:28:20 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_miff_.dll
[2006/08/02 14:28:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pict_.dll
[2006/08/02 14:28:20 | 000,020,554 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xtrn_.dll
[2006/08/02 14:28:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_tiff_.dll
[2006/08/02 14:28:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_ps2_.dll
[2006/08/02 14:28:20 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_meta_.dll
[2006/08/02 14:28:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pnm_.dll
[2006/08/02 14:28:20 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_bmp_.dll
[2006/08/02 14:28:20 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mpc_.dll
[2006/08/02 14:28:20 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_jpeg_.dll
[2006/08/02 14:28:20 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_psd_.dll
[2006/08/02 14:28:20 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_gif_.dll
[2006/08/02 14:28:20 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_viff_.dll
[2006/08/02 14:28:20 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_ps3_.dll
[2006/08/02 14:28:20 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_fpx_.dll
[2006/08/02 14:28:20 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pcd_.dll
[2006/08/02 14:28:20 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xpm_.dll
[2006/08/02 14:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_preview_.dll
[2006/08/02 14:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pdb_.dll
[2006/08/02 14:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pcx_.dll
[2006/08/02 14:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_fits_.dll
[2006/08/02 14:28:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_wpg_.dll
[2006/08/02 14:28:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_cmyk_.dll
[2006/08/02 14:28:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_avi_.dll
[2006/08/02 14:28:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_sgi_.dll
[2006/08/02 14:28:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_rgb_.dll
[2006/08/02 14:28:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_dib_.dll
[2006/08/02 14:28:20 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xcf_.dll
[2006/08/02 14:28:20 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mpeg_.dll
[2006/08/02 14:28:20 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_ept_.dll
[2006/08/02 14:28:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_palm_.dll
[2006/08/02 14:28:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_yuv_.dll
[2006/08/02 14:28:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_sun_.dll
[2006/08/02 14:28:20 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_cut_.dll
[2006/08/02 14:28:20 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xwd_.dll
[2006/08/02 14:28:20 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xbm_.dll
[2006/08/02 14:28:20 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_tga_.dll
[2006/08/02 14:28:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_rle_.dll
[2006/08/02 14:28:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mat_.dll
[2006/08/02 14:28:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_jbig_.dll
[2006/08/02 14:28:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_html_.dll
[2006/08/02 14:28:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_vicar_.dll
[2006/08/02 14:28:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_txt_.dll
[2006/08/02 14:28:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pcl_.dll
[2006/08/02 14:28:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_locale_.dll
[2006/08/02 14:28:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_icon_.dll
[2006/08/02 14:28:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_wbmp_.dll
[2006/08/02 14:28:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_gray_.dll
[2006/08/02 14:28:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_emf_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_uil_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_tim_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_rla_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pwp_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mtv_.dll
[2006/08/02 14:28:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_histogram_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_url_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_ttf_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_sct_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_otb_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mvg_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_map_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_dpx_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_caption_.dll
[2006/08/02 14:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_avs_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_vid_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_uyvy_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_sfw_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mono_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_label_.dll
[2006/08/02 14:28:20 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_clipboard_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_stegano_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_plasma_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_pix_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_gradient_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_fax_.dll
[2006/08/02 14:28:20 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_art_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_xc_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_x_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_tile_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_null_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_mpr_.dll
[2006/08/02 14:28:20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_matte_.dll
[2006/08/02 14:28:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_hdf_.dll
[2006/08/02 14:28:20 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_RL_dps_.dll
[2006/08/02 14:28:18 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CORE_RL_libxml_.dll
[2006/08/02 14:28:18 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\CORE_RL_fpx_.dll
[2006/08/02 14:28:18 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\psCamDat.dll
[2006/08/02 14:28:18 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\CDFILSYS.dll
[2006/08/02 14:28:18 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\CORE_RL_Magick++_.dll
[2006/08/02 14:28:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\deImg168.dll
[2006/08/02 14:28:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\CORE_RL_lcms_.dll
[2006/08/02 14:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Raman.dll
[2006/07/24 15:30:04 | 000,000,071 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/07/24 15:30:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2006/07/24 15:28:49 | 000,000,475 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/07/23 14:39:14 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\AGJ\Application Data\$_hpcst$.hpc
[2006/07/21 16:38:12 | 000,000,006 | ---- | C] () -- C:\WINDOWS\AllState.ini
[2006/07/20 21:18:33 | 000,024,575 | ---- | C] () -- C:\WINDOWS\System32\Setwinsyspios.dll
[2006/07/20 21:12:58 | 000,000,351 | ---- | C] () -- C:\WINDOWS\WHOffice.INI
[2006/07/20 10:29:10 | 000,000,924 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/19 18:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/07/19 18:35:44 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/07/19 18:35:44 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/07/19 18:35:40 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/07/19 17:10:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/16 15:51:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/16 15:46:09 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/16 15:20:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2006/07/16 15:20:54 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/02 17:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/23 17:05:46 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2005/07/15 13:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/06 07:39:02 | 000,417,792 | R--- | C] () -- C:\WINDOWS\System32\XmlSpyLib.dll
[1999/07/30 08:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini
[1997/10/13 08:19:06 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\PMSBFN32.DLL
[1997/09/05 04:49:54 | 000,001,184 | ---- | C] () -- C:\WINDOWS\IF40LE.INI
[1997/05/11 06:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll
[1997/03/31 23:00:00 | 001,664,272 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/03/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/03/31 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/03/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/02/27 06:06:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[1996/09/26 05:20:22 | 000,000,254 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[1995/10/16 16:55:44 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:الهريرة

< End of report >


Here is the Extras.txt file:

OTL Extras logfile created on: 2/8/2011 9:22:47 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.64 Gb Total Space | 10.08 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT32
Drive M: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive N: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive O: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT
Drive P: | 465.65 Gb Total Space | 97.73 Gb Free Space | 20.99% Space Free | Partition Type: FAT

Computer Name: AL9150 | User Name: AGJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.txt [@ = TextPad.txt] -- C:\Program Files\TextPad 5\TextPad.exe (Helios Software Solutions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [DiskInfoByPplus] -- C:\WINDOWS\system32\Shellext\ppshlext.exe "%1" /dinfo ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"5800:TCP" = 5800:TCP:*:Disabled:VNC-http
"416:TCP" = 416:TCP:*:Enabled:416
"1282:TCP" = 1282:TCP:*:Enabled:VNC
"2021:TCP" = 2021:TCP:*:Enabled:Renaissance Application Service Client
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2799:UDP" = 2799:UDP:*:Disabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Disabled:Altova License Metering Port (TCP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"5900:TCP" = 5900:TCP:*:Enabled:VNC
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\toolbox\PortListenerXP\Port Listener XP.exe" = C:\toolbox\PortListenerXP\Port Listener XP.exe:*:Enabled:Port Listener XP
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\FerretSoft\WebFerret\WebFerret.exe" = C:\Program Files\FerretSoft\WebFerret\WebFerret.exe:*:Enabled:WebFerret 5.0
"C:\Documents and Settings\AGJ\Local Settings\Temp\OraInstall2006-10-18_03-04-29PM\jre\bin\javaw.exe" = C:\Documents and Settings\AGJ\Local Settings\Temp\OraInstall2006-10-18_03-04-29PM\jre\bin\javaw.exe:*:Enabled:javaw
"C:\Program Files\Renaissance\Shared\RASClient.exe" = C:\Program Files\Renaissance\Shared\RASClient.exe:*:Enabled:RASClient.exe
"C:\Program Files\Altova\XMLSpy2006\XMLSpy.exe" = C:\Program Files\Altova\XMLSpy2006\XMLSpy.exe:*:Disabled:XMLSpy®
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Disabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Disabled:Flashget -- (FlashGet.com)
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Disabled:Second Life -- (Linden Lab)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Altova\XMLSpy2005\XMLSpy.exe" = C:\Program Files\Altova\XMLSpy2005\XMLSpy.exe:*:Enabled:XMLSpy -- (Altova)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" = C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe:*:Enabled:DesktopWeather
"C:\Program Files\WordWeb\wweb32.exe" = C:\Program Files\WordWeb\wweb32.exe:*:Enabled:wweb32 -- (Antony Lewis)
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService
"C:\Development\jPassGen\bin\Release\jPassGen.exe" = C:\Development\jPassGen\bin\Release\jPassGen.exe:*:Enabled:jPassGen -- (Another tool from jManage.com)
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe:*:Enabled:Acrotray -- (Adobe Systems Inc.)
"C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe" = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe:*:Enabled:GoogleCalendarSync -- (Google)
"C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:AAWTray
"C:\Program Files\EarthLink\EarthLink Protection Control Center\avp.exe" = C:\Program Files\EarthLink\EarthLink Protection Control Center\avp.exe:*:Enabled:EarthLink Protection Control Center
"C:\toolbox\Sniffers\PortListenerXP\Port Listener XP.exe" = C:\toolbox\Sniffers\PortListenerXP\Port Listener XP.exe:*:Enabled:Port Listener XP -- (MooreR Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08FF29BE-1E8E-40A5-9C71-F164D06E35E0}" = CoCreate OneSpace Modeling Personal Edition
"{09186FF8-FC4B-43BF-A21A-4BED141500C3}" = DocProject
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}" = Microsoft SQL Server 2005
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{15A0D40A-162D-4B3A-8DA7-09C1C1C58177}" = TouchCopy
"{15C9AAEF-20D4-4416-A1BE-7D75FB5F2FE9}" = Internet Explorer Developer Toolbar
"{1707FF35-300D-4C78-A94A-2E3D515F6DB3}" = Ingram Media Manager
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23959E96-A80F-4172-A655-210E9BB7BFBE}" = MSDN Library for Visual Studio 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25A13826-8E4A-4FBF-AD2B-776447FE9646}" = WMI Tools
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 22
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F9CECED-9BF4-4586-926F-70EED0635805}" = RC4DemoProject
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{31EFBE76-392C-4EE4-A3C0-32A232A5FEC3}" = jPassGen
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{357820A5-9AED-4C7C-A6C6-046BDDEC8E81}" = Wireless-G Internet Home Monitoring Camera
"{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}" = Microsoft SQL Server 2005 Notification Services
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}" = MSN Toolbar
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2B85A2-96A5-5537-E4BD-499866D84997}" = Market Samurai
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{44AB7EA7-93C1-4F93-A3E5-41B4693AFBBA}" = WebWorks Publisher Standard Edition 8.0
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49848F01-F9F6-4855-9C99-32D9FF8C7065}" = CS101SamplesAll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DB3821-FED2-47D3-B046-A8A75B1DE460}" = Microsoft FxCop 1.32
"{531E9873-8654-4A12-8660-8F5896BC47A8}" = Brother HL-2040
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{53FD4AF2-59DC-48E0-B345-CF8491D34460}" = ActiveXperts Network Monitor 7.2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{55528454-3A0D-41DB-BD6B-979D365F0D70}" = Dramatica Pro Story Wizard
"{5569C99B-129C-426E-920A-FD1F0DC01FDC}" = Dawn
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58C19BBD-4D08-6835-A608-27A2B568A7F6}" = TweetDeck
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{681F447D-49EC-4D5D-AE0A-145A8AA4E239}" = Nalu
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6FDD4688-E063-401D-B6BE-7234E20B9173}" = Microsoft SQL Server 2005 Books Online (English) (September 2007)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E43392-20D8-4C07-96FB-447483EAE192}" = Eudora
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CF6E959-07C5-4F5B-AAEC-7406DFFDC20E}" = Adobe FrameMaker v7.2
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{809E9D11-335A-4186-8767-CB8C6F3D7810}" = DropBox
"{81B73249-906F-4C50-86A6-FAA837625815}" = WildEdit
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{8415F660-5FDC-4601-97DD-43A783600F4B}" = SQLXML4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}" = Microsoft SQL Server 2005 Analysis Services
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91430409-65F7-11D5-A708-F3B1BEC28731}" = Microsoft Data Analyzer 3.5
"{918F5120-9982-4872-BB51-97D3BB560897}" = OpenOffice.org 3.0 Beta
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C590067-8A6A-4db6-B052-069283790B04}" = SeoQuake
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CD8FC8E-A1CA-4634-96BC-CD6B2D4797CC}" = LizardTech ExpressView Browser Plug-in
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B102FB2C-4AE1-4DB8-A405-FE5B24086531}" = WinINSTALL LE 2003
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC8B19D1-91D2-4D5B-B331-F885F432745E}" = Final Draft 6
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D13E9EC4-BBB2-49BA-9E4C-10270F542411}" = RoboHelp Office X5.0.2 Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2ED9361-BA49-4BDC-9A1D-0EA9CAA0881D}" = Oracle VM VirtualBox 4.0.0
"{D33821BB-7E4D-4F8B-BC7E-BDC7451DB627}" = Dusk With Help
"{D39B7EF3-36AC-42F1-B7A2-05348CEF7CD4}" = Sandcastle Help File Builder
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DA20D1D5-34A7-4CC6-A7B7-74C69864A357}" = Sandcastle
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF1A10D4-0B57-4800-8E7A-BFA5AB3C2D4B}" = Altova XMLSpy 2005 Enterprise Edition
"{DF49D66D-D2D3-46DA-878B-F0BFC7795276}" = Flip
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E05F0409-0E9A-48A1-AC04-E35E3033604A}" = Visual Studio .NET Enterprise Architect 2003 - English
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A166CA-AE46-4E51-B4E9-916504A97D17}" = Photo to Cartoon
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8C4C64A-CA0E-4A1F-9C94-0EF137F7910B}" = SymmTime
"{E930E839-998E-42F9-97E2-71FC960DB1B7}" = Microsoft SQL Server 2005 Reporting Services
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = GE 98068 EasyCam™ Twin
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}" = Microsoft SQL Server 2005 Integration Services
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F539210E-8474-44E3-9035-01CB6444DB46}" = OutlookTools 2
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F90DAA33-CADD-4B0B-ADAF-DD2DE21D0710}" = Microsoft Data Access Application Block v2.0 for .NET
"{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"274c5407c4fa26908310cb5c1c5500001954585185" = NetBeans IDE 5.5
"8973-4025-0853-7287" = DbVisualizer 7.0.5
"AbiWord2" = AbiWord 2.4.5 (remove only)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"ADS Tech Master Installer V3.8" = ADS Tech Master Installer V3.8
"ADS Tech V3.8 DVD Xpress DX2 CapWiz" = ADS Tech V3.8 DVD Xpress DX2 CapWiz
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Apophysis 2.0" = Apophysis 2.0
"AppInventor Extras" = AppInventor Extras
"Areca" = Areca
"ASAP Utilities_is1" = ASAP Utilities
"Audacity_is1" = Audacity 1.2.6
"AutoREALM_is1" = AutoREALM Version 2.0
"avast5" = avast! Free Antivirus
"BN_DesktopReader" = NOOK for PC
"Borland JBuilder 2005 Foundation" = Borland JBuilder 2005 Foundation
"Chaoscope_is1" = Chaoscope 0.3.1
"Color Detector 1.0_is1" = Color Detector 1.0
"ColorImpact 3_is1" = ColorImpact 3.1.1
"Core FTP Lite 1.3b" = Core FTP Lite 1.3b
"CSEHTMLVALIDATORLITE90_is1" = CSE HTML Validator Lite v9.03
"CustomBar" = CustomBar Registered Version
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Debut" = Debut Video Capture Software
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Digital Editions" = Adobe Digital Editions
"doxygen_is1" = doxygen 1.7.0
"Dr. Hardware 2008_is1" = Dr. Hardware 2008 9.0.1d
"Dramatica Pro 4.0" = Dramatica Pro 4.0
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD-CLONER VI_is1" = DVD-CLONER V6.70 Build 986
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn Uninstall
"ExpressRip" = Express Rip Uninstall
"FBReader for Windows" = FBReader for Windows
"Finale Viewer 2008" = Finale Viewer 2008
"FlashGet(JetCar)" = FlashGet(JetCar)
"Flock (2.6.1)" = Flock (2.6.1)
"FLV Player1.33 FC" = FLV Player
"Free and Easy Biorhythm Calculator_is1" = Free and Easy Biorhythm Calculator version 2.60
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.9
"FreePortScanner_is1" = FreePortScanner 2.5
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Graboid Video" = Graboid Video 2.01
"GSview 4.9" = GSview 4.9
"HHD Hex Editor 4.x" = HHD Software Free Hex Editor Neo 4.75
"HTML Help Workshop" = HTML Help Workshop
"IconCool Editor Full-working Upgrade Package" = IconCool Editor Full-working Upgrade Package
"IconCool Editor v5.3x" = IconCool Editor v5.3x
"IconsExtract" = IconsExtract
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE PassView" = IE PassView
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-4 Q16 (2010-03-15)
"ImgBurn" = ImgBurn
"InstallShield_{55528454-3A0D-41DB-BD6B-979D365F0D70}" = Dramatica Pro Story Wizard
"InstallShield_{D13E9EC4-BBB2-49BA-9E4C-10270F542411}" = RoboHelp Office X5.0.2 Update
"InstallShield_{D33821BB-7E4D-4F8B-BC7E-BDC7451DB627}" = Dusk With Help
"InstallShield_{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office X5
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Jarte_is1" = Jarte
"JSide" = JSide
"LinkedIn Outlook Toolbar" = LinkedIn Outlook Toolbar
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Visual Studio 2005" = MSDN Library for Visual Studio 2005
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NetMos Technology" = NetMos Multi-IO Controller
"NetworkActiv Port Scanner 4.0" = NetworkActiv Port Scanner 4.0
"newnovelist" = newnovelist
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OmniFormat" = OmniFormat
"Password Solutions - Office Password Recovery PRO" = Office Password Recovery PRO v1.0 (remove only)
"PdaNet_is1" = PdaNet for Android 2.45
"PDF Counter_is1" = PDF Counter 2.0
"Phantasmagoria" = Phantasmagoria
"PhotoShow 2" = PhotoShow 2
"Picasa 3" = Picasa 3
"Placesbar Constructor_is1" = Placesbar Constructor 1.2
"Polyglot 3000_is1" = Polyglot 3000 (Version 1.5)
"Port Listener XP1.4" = Port Listener XP
"PRJPROR" = Microsoft Office Project Professional 2007
"PropertiesPlus" = PropertiesPlus (Remove Only)
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"RecordPad" = RecordPad Sound Recorder Uninstall
"Sam Spade version 1.14_is1" = Sam Spade version 1.14
"Scrivener for Windows Beta 1" = Scrivener for Windows Beta
"SecondLife" = SecondLife (remove only)
"Spiceworks" = Spiceworks
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SuperNotecard" = SuperNotecard 2.6
"TaxACT 2005" = TaxACT 2005
"TaxACT 2006" = TaxACT 2006
"TaxACT 2007" = TaxACT 2007
"TaxACT 2008" = TaxACT 2008
"TaxACT 2008 North Carolina" = TaxACT 2008 North Carolina
"TaxACT 2009" = TaxACT 2009
"TaxACT 2009 North Carolina" = TaxACT 2009 North Carolina
"TaxACT North Carolina 2005" = TaxACT North Carolina 2005
"TaxACT North Carolina 2006" = TaxACT North Carolina 2006
"TaxACT North Carolina 2007" = TaxACT North Carolina 2007
"The Journal 4_is1" = The Journal 4
"The Journal 5_is1" = The Journal 5
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"ThunderStor_is1" = ThunderStor 2.4.2
"TightVNC_is1" = TightVNC 1.3.10
"Total Commander Ultima Prime 3.2_is1" = TC UP
"TreeSize_is1" = TreeSize 1.75
"TsActiveXClient" = Terminal Services Web Client
"Tweak UI 2.10" = Tweak UI
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.0
"Universal Extractor_is1" = Universal Extractor 1.6
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"Viewer97" = Microsoft Word Viewer 97
"ViewpointMediaPlayer" = Viewpoint Media Player
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual Studio .NET Enterprise Architect 2003 - English" = Microsoft Visual Studio .NET Enterprise Architect 2003 - English
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebDesigner" = Microsoft Expression Web
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.4
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
"yWriter5_is1" = yWriter5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-806864349-1435408688-3561169190-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"3aa99e789378184a" = RandomDate
"Dropbox" = Dropbox
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"Mem Viewer" = Mem Viewer (Remove Only)
"MPR" = Mozilla Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2011 5:56:29 PM | Computer Name = AL9150 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 1/30/2011 3:02:09 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/30/2011 9:44:20 AM | Computer Name = AL9150 | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 1/31/2011 3:02:07 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/1/2011 3:02:10 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/2/2011 3:02:09 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/3/2011 3:02:09 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/4/2011 3:07:07 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/5/2011 3:07:10 AM | Computer Name = AL9150 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2/7/2011 2:58:23 PM | Computer Name = AL9150 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

[ ODiag Events ]
Error - 6/8/2007 12:29:44 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

Error - 3/31/2008 8:58:21 AM | Computer Name = AL9150 | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 11/14/2009 11:22:45 AM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/14/2009 11:37:43 AM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 890
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/25/2010 8:15:16 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 166587
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 2/5/2010 9:06:25 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83906
seconds with 900 seconds of active time. This session ended with a crash.

Error - 2/7/2010 2:26:56 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 85350
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 2/15/2010 4:47:54 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 455147
seconds with 2700 seconds of active time. This session ended with a crash.

Error - 6/23/2010 8:42:21 AM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 514123
seconds with 5340 seconds of active time. This session ended with a crash.

Error - 9/3/2010 5:43:19 AM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 132587
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/24/2010 2:29:00 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 272877
seconds with 22440 seconds of active time. This session ended with a crash.

Error - 12/16/2010 2:59:22 PM | Computer Name = AL9150 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9602
seconds with 6540 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/7/2011 2:21:45 PM | Computer Name = AL9150 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 2/7/2011 2:45:53 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:47:55 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:49:57 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:51:59 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:54:01 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:56:04 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:58:06 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 3:00:06 PM | Computer Name = AL9150 | Source = DCOM | ID = 10010
Description = The server {0E127A61-068B-46E9-9691-EBCBDDB33289} did not register
with DCOM within the required timeout.

Error - 2/7/2011 10:42:55 PM | Computer Name = AL9150 | Source = Print | ID = 6161
Description = The document www.wcpss.net/forms/affidavit-of-residence.pdf owned
by AGJ failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size
of the spool file in bytes: 1804340. Number of bytes printed: 0. Total number of
pages in the document: 1. Number of pages printed: 0. Client machine: \\AL9150.
Win32 error code returned by the print processor: 6 (0x6).


< End of report >


Thanks again-

-Al Jacques

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 10 February 2011 - 06:20 AM

Hi,

Is this a business computer?

If so, I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.

I ask this for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 10 February 2011 - 06:57 AM

This is my own personal computer - I have been a software developer for the past 46 years so you will see development as well as office programs on my machine. This is one of eight computers in my home network. There are no confidential customer records on the machine, though there is code that is my personal property and is backed-up. These problems are not happening on any other machine in my network and outside of reloading the operating system and a lot of programs, I am hoping that your analysis will reveal something I am missing.

Thank you for looking at this.

Edited by Al Jacques, 10 February 2011 - 06:59 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 13 February 2011 - 10:36 AM

Hi,

sorry for the delay, I was away over the week-end.

Please run a scan with Rootkit Unhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 14 February 2011 - 08:26 AM

Sorry about the ping, I wasn't paying attention to what day it was.

I was finally able to run the scan using RKUnhooker.exe - the first time it popped-up a java style initialization message and the machine hung (even the mouse) - I let it run in that state for two hours. After a reboot, I made sure all unnecessary programs (ones I regularly use) were out of memory first. This time it appeared to hang everything but the mouse - could not load the task manager, tried pausing Avast for 1 hour but no difference in results. Finally I rebooted again (all reboots required a power-off) and added a shut down of all the aspects of Avast anti-virus before starting, loaded the task manager and RKunhooker ran. There was nothing in the Stealth section of the report.

Did not get the parasite message. Here is the report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6019000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAE5B5000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xA7375000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 872448 bytes
0xB7E36000 iastor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB7D4A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA744A000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xAD7BE000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB5EA2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAD9CE000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA74C6000 C:\WINDOWS\system32\DRIVERS\PRISMA02.sys 360448 bytes (Conexant Systems, Inc., PRISM Wireless NDIS 5.1 Driver)
0xA51A6000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA9D5C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBD623000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA4A4A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAD881000 C:\WINDOWS\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0xB5F00000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5FB0000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 184320 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xA5276000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D1D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAD82E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB5FDD000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAD97E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA54DE000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAE591000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5F8C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5F69000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA43AF000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAD95C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E16000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D03000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA54B0000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xA53E3000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7DD7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5F41000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA54C8000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA549A000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7DEE000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA4CE3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAE535000 C:\WINDOWS\system32\DRIVERS\NmPar.sys 81920 bytes (Windows ® 2000 DDK provider, Parallel Port Driver)
0xB6005000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xADA27000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E04000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB5F30000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5F58000 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys 69632 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0xAFF65000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8128000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8318000 C:\WINDOWS\system32\DRIVERS\mf.sys 65536 bytes (Microsoft Corporation, Multifunction Enumerator)
0xB8118000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB7695000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA5146000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA4F06000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB7675000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8158000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAFF45000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB8178000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB3157000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8168000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB7635000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB3107000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB3127000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB76A5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8198000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAFF55000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB7625000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB7665000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB8188000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB3167000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA2F22000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB3177000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8430000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB83D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB2F7F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB83F8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAEB4D000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8400000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB2F6F000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8358000 C:\WINDOWS\system32\DRIVERS\radpms.sys 28672 bytes (LogMeIn, Inc., RemotelyAnywhereDpmsSecure Device Driver)
0xB2F5F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB2F87000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB83B0000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB83B8000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB8408000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8438000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB84A0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB8410000 C:\WINDOWS\system32\DRIVERS\umaxpcls.sys 24576 bytes (Microsoft Corporation, Parallel Scanner Driver)
0xB83F0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB83C8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA62DE000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xB83E0000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xAEB95000 C:\WINDOWS\System32\Drivers\drhard.SYS 20480 bytes (Licensed for Gebhard Software, DRHARD Driver for Windows NT/2000/XP)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB83D0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB2F67000 C:\WINDOWS\system32\DRIVERS\point32.sys 20480 bytes (Microsoft Corporation, Point32.sys)
0xB8420000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8428000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB2F4F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAB1C0000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xA796B000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB856C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB8558000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7BCF000 C:\WINDOWS\system32\DRIVERS\pneteth.sys 16384 bytes (June Fabrics Technology Inc., PdaNet Broadband Adapter Driver)
0xB7BEB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB3193000 C:\WINDOWS\System32\Drivers\VD_FileDisk.SYS 16384 bytes (Flint Incorporation, VD_FileDisk Virtual Disk Driver)
0xAB1C8000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAD87D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA7973000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8554000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA7967000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7BDB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB855C000 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 12288 bytes (June Fabrics Technology, PdaNet Driver)
0xB31AB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8640000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB8606000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB862A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB863E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8642000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8644000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB8608000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB863C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB872E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB8779000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB86A1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB872D000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xB8706000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Thanks again for your help-

-Al Jacques

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 15 February 2011 - 09:14 AM

Hi,

did you fix your DNS settings yourself at some point? The first log is showing DNS poisoning, the second isn't.

Are all the entries in your hosts file made by you?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 February 2011 - 10:57 AM

Yay - good results - don't know why yet, but Excel is working again.

Haven't done anything to my DNS, but checking the hosts file, yes those are all mine. The internal addresses are all our machines that can get on the network (I don't allow our router to hand-out DHCP, which aggravates our kids when they come over - oh well, but typically there are 7-9 computer devices on at any one time. I use dnsexit as dynamic dns for my web server. The gateway and modem entries allow me a shorthand to test connectivity between me and my ISP (earthlink via time warner). The last change I made, months ago, was to eliminate some of earthlink's recommended dns servers because they amounted to redirectors whenever I was testing addresses (like developing a website).

OK, I looked at my updates and I see a Microsoft update happened. I have them set to download automatically, then inform me, so I'm not sure how it happened - except I ran Internet Explorer (I usually use Chrome, Firefox and new Flock) to download a Microsoft driver I will need for a project and I wonder if it ran then as a result. I had been holding off updates until we figured this out but I wonder if it was something there that magically cured my machine.

The DNS poisoning sounds like a good candidate for what I was seeing on the google redirects. Yet you say it does not appear in the latest log. Could Avast or Microsoft have cured it? I will go over the logs, but I would love to know which line in the first log points out the DNS poisoning to you.

Last night I discovered swrvices.exe running on my web server (with Norton running). I removed both it and its clone, lvobffk.exe (deleted this file after stopping it under task manager) from the server's registry and in that process found a srvstart.exe file in reference which had a suspicious origin so I deleted that file also. Then I logged back in under safe mode at the command prompt to delete the swrvices.exe physical file and it was not there (perhaps it was the clone and I managed to delete the propagator). I have loaded Avast server version on the machine to replace Norton (windows 2000 - cannot upgrade the machine to 2003, doesn't qualify) and it is scanning as I type this, so all my web sites are down for the day, which I think is a reasonable cost, avast has a scan during boot and that is what I'm running. I am wondering now if my problems were being generated from the web server to this desktop which has admin privileges to the web server, but the web server is not mapped to any internal network drives, nor does it have admin access to anything other than itself. Maybe just muddying the water here.

Thanks again for your help. Would like to know where I should start looking in the first log.

-Al Jacques

Edited by Al Jacques, 15 February 2011 - 11:34 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 15 February 2011 - 11:44 AM

Hi,

it's close to impossible to say what propagated how.

Regarding your DNS entries, these were showing in the first log:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F054DD7-870A-4440-A0A3-41974EED8BA6}: NameServer = 64.182.102.188,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{96C34C24-F4D5-4752-BABD-871167A34870}: NameServer = 64.182.102.188,85.255.112.154

But no longer show now. It is quite possible that your anti virus program picked up on them, they are known bad IPs.

This PC has also been infected by it's own:

O20 - AppInit_DLLs: (wivawira.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\mufewulu.dll) - File not found

However the infection seems to have been overcome, as both files are now missing.

I would like you to run a scan with Malwarebytes next:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Do you still have one of the files you deleted, could you upload it here: www.virustotal.com and link me the analysis.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 February 2011 - 12:09 PM

Eeek! The two ip addresses are the primary dns servers I have been using for a long time. Do you have recommendations for better dns addresses?

I am not at home at the moment, but will run the malwarebytes as soon as I can. I did not think to try to grab a copy of the files before attempting to delete them (yes, I know better, just let the emotion to destroy the bugs carry me away), but will look again when I get home to see if they've magically reappeared or exist in another directory. Both were in system32.

I'll add the output once the scan is done.

Thanks-

-Al Jacques

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 15 February 2011 - 12:29 PM

Hi,

are you sure about that second IP address? It's resolving to PromNet, Ukraine for me: link

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 February 2011 - 12:51 PM

from your post:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F054DD7-870A-4440-A0A3-41974EED8BA6}: NameServer = 64.182.102.188,85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{96C34C24-F4D5-4752-BABD-871167A34870}: NameServer = 64.182.102.188,85.255.112.154

from my hosts file:
63.223.76.173 ns1.dnsexit.com
64.182.102.188 dns1
64.182.102.188 ns2.dnsexit.com
85.255.112.154 dns2
85.255.115.234 dns3
207.69.188.171 dns4
207.69.188.172 dns5
207.69.188.186 dns6
207.69.188.187 dns7
156.154.70.22 dns8
156.154.71.22 dns9

note my entries for dns1 and dns2 - that's the first two entries in the list of dns I use (and I don't go to 9 - only the first 3).

love my droid and logmein. I ran the scan and it is rebooting now. I will paste the log here as soon as my meeting ends.

Thanks-

-Al Jacques

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:13 AM

Posted 15 February 2011 - 01:35 PM

Hi,

you are the very first person I've ever seen using these DNS servers out of their own free will. What made you choose them?

DNS Servers out of the ukraine, especially when provided by PromNet, are notorious for google redirects and popups. I wouldn't trust them as far as I can throw a car.
Try removing them and see if the google redirects stop. Maybe look at the IPs provided by opendns instead?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Al Jacques

Al Jacques
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 15 February 2011 - 03:49 PM

Don't remember where those 85 addresses came from, most likely someone I was talking to at GoDaddy as something supposedly faster than Network Solutions (used to use them as a registrar and email handler, got to where it took up to an hour to get an email message from home to work so I switched to GD). I am checking all of my computers to make sure they do not use those - I signed-up for an account at opendns and am adding those as the replacement. I checked all the other addresses and they're from places I recognize like earthlink and network solutions and godaddy servers themselves.

Here is the log from the malwarebytes scan:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5768

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/15/2011 12:49:34 PM
mbam-log-2011-02-15 (12-49-34).txt

Scan type: Quick scan
Objects scanned: 279348
Time elapsed: 26 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{26A98AA8-07FE-46E6-B6DF-26704F3B895F} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19F8-7157-C097-ECAFF653C9AD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MJCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OW1T3CYG7T (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JSide (Adware.JSideBar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\JSide (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\lib (Adware.JSideBar) -> Quarantined and deleted successfully.

Files Infected:
c:\recycler\s-1-5-21-806864349-1435408688-3561169190-1005\dc7.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036ab_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036ae_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036ah_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036ai_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036aj_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036ak_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036al_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\AGJ\local settings\temp\oprd036am_1500k.wmv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\JSide\jside.error (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\JSide.ico (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\JSide.jar (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\src.zip (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\uninstall.exe (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\lib\flexdock-0.4.0.jar (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\lib\js.jar (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\lib\swing-layout-1.0.jar (Adware.JSideBar) -> Quarantined and deleted successfully.
c:\program files\JSide\lib\synthetica.jar (Adware.JSideBar) -> Quarantined and deleted successfully.

When I get home I'll finish checking my webserver and other machines.

Thanks again - you've been a big help. I had seen those lines with the dns addresses and didn't think anything of them because they did not look suspicious to me. I'll do a better job of checking out addresses before I use them in the future.

Is there anything else you'd like me to run?

-Al Jacques




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users