I think I have the Google redirect virus what do I do?

Viruses and worms
1

It started last week 2 days after we got out computer back from the computer Dr. for some fake virus protection spywear program. I was using google and it kept redirecting me to other search sites. It was frustrating me so I looked on Yahoo and it seems to fit the symptoms. I basically know how to use the computer and internet but I kinda get lost when you get into the real technical stuff. Every site has a different method to get rid of it. Almost everyone requires downloading something. I don’t know which to trust. What do I do? ??? Please help!

Susie

2

If you trust us, we will help you… :wink:
asyn

3

welcome to the forum. lets see if we can solve the problem for you.

i suggest you download, install, update and run a scan with malwarebytes antimalware.

http://www.malwarebytes.org/mbam.php

remove whats it finds. reboot of your system might be necessary.

let us know how it goes and good luck.

4

Hey and Welcome Shayleigh!

Download malwarebyes as it was suggested by others and run it in safe mode, not all malware will be active then, by pressing F8 when the computer boots.

If nothing helps try with boot scan from Avast.

Regards,
Tenko

5

Nope. I did the scan in safe mode and Google is still redirecting.

6

did malwarebytes detects something? please post the result of the malwarebytes scan.

another suggestion is to scan with superantispyware.

http://www.superantispyware.com/

sometimes it detects things malwarebyes don’t an vice versa.

if that should not solve your problem scan with trend micros hijack this and post the result here so we can try to find problem through there.

when i was google the malware i found removeing guide of your malware and it also suggest A-squared as another tool to remove it.

good luck and keep us notified on how it goes.

7

Hello Shayleigh,

If you are still be redirected and unable to run an MBAM scan, then you have some problems. As long as you can get on this forum, please check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTL logs (you can click on it from the forum to download it from this site). Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to check this thread daily. I will continue to provide assistance in the meantime, then remain in the background while he works with you.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine if possible to check email, sync your phone, etc.

Please do not make any further changes to your machine after you have provided the logs.

Let me know if you have any questions. Thank you.

8

I’m kinda technically illiterate, so be patient with me. Are trend micros hijack and A-squared other scanning programs and can I have multiple programs in use on my computer? Thank you for the help.

9

I DO run the virus and malware scan every night. The virus scan found a few things I deleted but the malware found none. I think the yahoo search is beginning to redirect too. I’m reluctant to search too often as I fear it might progress the problem or something. I’m downloading that OTL file you told me about.

10

What you want to avoid (especially if you are technically illiterate) is more than one on-access scanner.>>http://en.wikipedia.org/wiki/Real-time_protection

You can have as many on-demand scanners as you like. Just avoid scanning with them at the same time. HijackThis is on-demand. I think A2 can be installed as on-demand also but I’m not positive about that one.

Lucky for you, Avast! forums have Essexboy on-demand. I would follow Safesurf’s posted instructions below, if I where in your situation.

11

Hi Susie - looks like the repair guys did not do a proper job… I have two programmes for you to download and run… The first is a fixing tool and the second an analysis log for me to peruse

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

.
THEN

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach all logs to your next post please (it may take two or three posts)

12

yes you can use those programs with avast.yeah hijack is a tool that will show what files you have one your computer and from there we should be able to check for the problem that is troubling your computer. a Squard was a tool that I found when I goggle your problem.it was a recommended tool that could solve the problem, but would recommend you use the tools Essexbox suggested.

I’m sorry if my previous post was unclear to you.

13

It has been a while since you have been on the forum and I had already referred you to Essexboy, our Certified Malware Expert. Please follow his instructions for your malware removal. Thank you.

14

Sorry for the delayed response. My mother insisted on taking the computer back tot he Dr. but they returned it without fixing the problem. I assure you we are not making it up, every time we type anything in google and now yahoo it directs you to a random shopping site.

Here are the documents you requested. I hope I did them right. Thanks for the help.

2010/12/07 05:06:55.0176 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/07 05:06:55.0176 ================================================================================
2010/12/07 05:06:55.0176 SystemInfo:
2010/12/07 05:06:55.0176
2010/12/07 05:06:55.0176 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/07 05:06:55.0176 Product type: Workstation
2010/12/07 05:06:55.0176 ComputerName: JAKUBEK
2010/12/07 05:06:55.0176 UserName: Home
2010/12/07 05:06:55.0176 Windows directory: C:\WINDOWS
2010/12/07 05:06:55.0176 System windows directory: C:\WINDOWS
2010/12/07 05:06:55.0176 Processor architecture: Intel x86
2010/12/07 05:06:55.0176 Number of processors: 2
2010/12/07 05:06:55.0176 Page size: 0x1000
2010/12/07 05:06:55.0176 Boot type: Normal boot
2010/12/07 05:06:55.0176 ================================================================================
2010/12/07 05:06:55.0551 Initialize success
2010/12/07 05:06:57.0941 ================================================================================
2010/12/07 05:06:57.0941 Scan started
2010/12/07 05:06:57.0941 Mode: Manual;
2010/12/07 05:06:57.0941 ================================================================================
2010/12/07 05:07:01.0160 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/07 05:07:01.0254 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/07 05:07:01.0316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/07 05:07:01.0363 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/07 05:07:01.0410 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/07 05:07:01.0488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/07 05:07:01.0551 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/07 05:07:01.0598 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/07 05:07:01.0676 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/07 05:07:01.0754 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/07 05:07:01.0816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/07 05:07:01.0894 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/07 05:07:01.0957 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/07 05:07:02.0019 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/07 05:07:02.0066 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/07 05:07:02.0129 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/07 05:07:02.0207 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/07 05:07:02.0254 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/07 05:07:02.0316 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/07 05:07:02.0363 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/07 05:07:02.0426 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/07 05:07:02.0473 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/07 05:07:02.0535 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/07 05:07:02.0566 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/07 05:07:02.0598 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/07 05:07:02.0676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/07 05:07:02.0723 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/07 05:07:02.0785 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/07 05:07:02.0863 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/07 05:07:02.0941 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/07 05:07:03.0004 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/07 05:07:03.0035 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/07 05:07:03.0098 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/07 05:07:03.0144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/07 05:07:03.0223 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/07 05:07:03.0269 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/07 05:07:03.0332 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/07 05:07:03.0441 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/07 05:07:03.0504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/07 05:07:03.0582 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/07 05:07:03.0660 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/07 05:07:03.0738 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/07 05:07:03.0801 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/12/07 05:07:03.0832 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/12/07 05:07:03.0894 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/12/07 05:07:03.0941 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/12/07 05:07:04.0004 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/12/07 05:07:04.0051 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/12/07 05:07:04.0113 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/12/07 05:07:04.0176 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/12/07 05:07:04.0223 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/12/07 05:07:04.0254 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/12/07 05:07:04.0348 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/07 05:07:04.0488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/07 05:07:04.0551 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/07 05:07:04.0629 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/07 05:07:04.0738 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/07 05:07:04.0848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/07 05:07:04.0910 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/12/07 05:07:04.0957 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

15

2010/12/07 05:07:05.0066 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/07 05:07:05.0160 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/07 05:07:05.0207 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/07 05:07:05.0316 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/07 05:07:05.0535 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/07 05:07:05.0566 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/07 05:07:05.0598 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/07 05:07:05.0644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/07 05:07:05.0676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/07 05:07:05.0723 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/07 05:07:05.0785 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/07 05:07:05.0863 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/07 05:07:05.0894 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/07 05:07:05.0941 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/07 05:07:05.0988 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/07 05:07:06.0051 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/07 05:07:06.0098 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/07 05:07:06.0144 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/07 05:07:06.0207 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/07 05:07:06.0269 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/07 05:07:06.0332 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/07 05:07:06.0426 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/07 05:07:06.0488 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/07 05:07:06.0535 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/07 05:07:06.0613 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/07 05:07:06.0848 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/07 05:07:07.0035 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/07 05:07:07.0082 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/07 05:07:07.0129 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/07 05:07:07.0285 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/07 05:07:07.0473 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/07 05:07:07.0535 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/07 05:07:07.0566 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/07 05:07:07.0629 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/07 05:07:07.0676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/07 05:07:07.0738 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/07 05:07:07.0816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/07 05:07:07.0863 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/07 05:07:07.0926 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/07 05:07:08.0019 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/07 05:07:08.0066 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/07 05:07:08.0113 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/07 05:07:08.0176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/07 05:07:08.0285 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/07 05:07:08.0348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/07 05:07:08.0394 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/07 05:07:08.0441 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/07 05:07:08.0488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/07 05:07:08.0535 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/07 05:07:08.0582 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/07 05:07:08.0613 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/07 05:07:08.0660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/07 05:07:08.0754 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/07 05:07:08.0816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/07 05:07:08.0863 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/07 05:07:08.0910 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/07 05:07:08.0941 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/07 05:07:08.0988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/07 05:07:09.0019 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/07 05:07:09.0082 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/07 05:07:09.0129 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/07 05:07:09.0160 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/07 05:07:09.0176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/07 05:07:09.0254 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/07 05:07:09.0301 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/07 05:07:09.0363 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/07 05:07:09.0426 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/07 05:07:09.0473 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/07 05:07:09.0519 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/07 05:07:09.0598 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/07 05:07:09.0707 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/07 05:07:09.0957 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

16

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/07 05:07:10.0019 ODWGU(Ativa) (678d5ee988376f52e9ca7a312212173d) C:\WINDOWS\system32\DRIVERS\ODWGU.sys
2010/12/07 05:07:10.0066 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/07 05:07:10.0098 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/07 05:07:10.0144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/07 05:07:10.0191 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/07 05:07:10.0332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/07 05:07:10.0394 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/07 05:07:10.0566 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/07 05:07:10.0629 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/07 05:07:10.0723 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/07 05:07:10.0816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/07 05:07:10.0863 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/07 05:07:10.0926 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/07 05:07:10.0973 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/07 05:07:11.0019 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/07 05:07:11.0082 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/07 05:07:11.0129 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/07 05:07:11.0176 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/07 05:07:11.0254 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/07 05:07:11.0316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/07 05:07:11.0394 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/07 05:07:11.0410 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/07 05:07:11.0473 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/07 05:07:11.0504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/07 05:07:11.0566 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/07 05:07:11.0644 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/07 05:07:11.0707 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/07 05:07:11.0785 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/07 05:07:11.0832 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/07 05:07:11.0926 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/07 05:07:11.0988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/07 05:07:12.0051 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/07 05:07:12.0113 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/07 05:07:12.0207 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/07 05:07:12.0269 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/07 05:07:12.0332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/07 05:07:12.0394 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/07 05:07:12.0473 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/07 05:07:12.0691 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/07 05:07:12.0738 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/07 05:07:12.0769 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/07 05:07:12.0816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/07 05:07:12.0894 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/07 05:07:12.0957 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/07 05:07:13.0035 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/07 05:07:13.0098 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/07 05:07:13.0144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/07 05:07:13.0207 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/07 05:07:13.0238 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/07 05:07:13.0285 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/07 05:07:13.0394 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/07 05:07:13.0426 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/07 05:07:13.0473 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/07 05:07:13.0535 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/07 05:07:13.0582 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/07 05:07:13.0644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/07 05:07:13.0707 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/07 05:07:13.0754 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/07 05:07:13.0816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/07 05:07:13.0863 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/07 05:07:13.0910 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/07 05:07:13.0941 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/07 05:07:13.0988 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/07 05:07:14.0035 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/07 05:07:14.0066 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/07 05:07:14.0144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/07 05:07:14.0238 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/07 05:07:14.0316 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/07 05:07:14.0426 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/07 05:07:14.0504 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/07 05:07:14.0566 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/07 05:07:14.0613 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/07 05:07:14.0660 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/07 05:07:14.0660 ================================================================================
2010/12/07 05:07:14.0660 Scan finished
2010/12/07 05:07:14.0660 ================================================================================
2010/12/07 05:07:14.0676 Detected object count: 1
2010/12/07 05:07:25.0207 \HardDisk0 - will be cured after reboot
2010/12/07 05:07:25.0207 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/07 05:07:47.0144 Deinitialize success

17

OTL Extras logfile created on: 12/7/2010 5:20:20 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 204.17 Gb Free Space | 88.86% Space Free | Partition Type: NTFS

Computer Name: JAKUBEK | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]

[HKEY_USERS\S-1-5-21-2704480170-2336948257-3775622099-1006\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
piffile [open] – “%1” %*
regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
“1191:UDP” = 1191:UDP::Enabled:Windows Media Format SDK (iexplore.exe)
“1190:UDP” = 1190:UDP::Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe” = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL – File not found
“C:\Program Files\Common Files\AOL\ACS\AOLDial.exe” = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL – File not found
“C:\Program Files\America Online 9.0\waol.exe” = C:\Program Files\America Online 9.0\waol.exe::Enabled:America Online 9.0 – File not found
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe” = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe” = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe – (Hewlett-Packard)
“C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe” = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe::Enabled:hpqphotocrm.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe::Enabled:hpqusgm.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe::Enabled:hpqusgh.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\HP Software Update\hpwucli.exe” = C:\Program Files\HP\HP Software Update\hpwucli.exe::Enabled:hpwucli.exe – (Hewlett-Packard)
“C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe” = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe::Enabled:smartwebprintexe.exe – (Hewlett-Packard Co.)

18

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe” = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe::Enabled:Yahoo! Music Jukebox – (Yahoo! Inc.)
“C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe” = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Disabled:Kodak Software Updater – ()
“C:\Documents and Settings\Susie Q\My Documents\Cat\Kodak EasyShare software\bin\EasyShare.exe” = C:\Documents and Settings\Susie Q\My Documents\Cat\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare – File not found
“C:\Program Files\iTunes\iTunes.exe” = C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes – (Apple Inc.)
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe” = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe” = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe – (Hewlett-Packard)
“C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe” = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe::Enabled:hpqphotocrm.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe – (Hewlett-Packard Development Co. L.P.)
“C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe::Enabled:hpqusgm.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe” = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe::Enabled:hpqusgh.exe – (Hewlett-Packard Co.)
“C:\Program Files\HP\HP Software Update\hpwucli.exe” = C:\Program Files\HP\HP Software Update\hpwucli.exe::Enabled:hpwucli.exe – (Hewlett-Packard)
“C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe” = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe::Enabled:smartwebprintexe.exe – (Hewlett-Packard Co.)
“C:\Documents and Settings\Susie Q\Applications\Kodak EasyShare software\bin\EasyShare.exe” = C:\Documents and Settings\Susie Q\Applications\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare – ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}” = Notifier
“{0394CDC8-FABD-4ed8-B104-03393876DFDF}” = Roxio Creator Tools
“{07287123-B8AC-41CE-8346-3D777245C35B}” = Bonjour
“{0AAA9C97-74D4-47CE-B089-0B147EF3553C}” = Windows Live Messenger
“{0D397393-9B50-4c52-84D5-77E344289F87}” = Roxio Creator Data
“{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}” = Microsoft Plus! Photo Story 2 LE
“{0F7C2E47-089E-4d23-B9F7-39BE00100776}” = Toolbox
“{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}” = QuickTime
“{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}” = ESSPCD
“{183B7569-90FB-4C56-9761-0EEB002CAB83}” = Adobe Camera Raw 4.0
“{18669FF9-C8FE-407a-9F70-E674896B1DB4}” = GPBaseService
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{205C6BDD-7B73-42DE-8505-9A093F35A238}” = Windows Live Upload Tool
“{20B83B31-09C4-4F0E-9774-EF8A12A0A527}” = Adobe Device Central CS3
“{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}” = MSVCRT
“{2614F54E-A828-49FA-93BA-45A3F756BFAA}” = 32 Bit HP CIO Components Installer
“{26A24AE4-039D-4CA4-87B4-2F83216017FF}” = Java™ 6 Update 18
“{281ECE39-F043-492B-8337-F2E546B5604A}” = PowerDVD
“{2A539CD9-0F75-4875-9A32-E06DD93C4114}” = Adobe Extension Manager CS3
“{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}” = Dell DataSafe Online
“{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}” = Next Generation Visualisations
“{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}” = Roxio Drag-to-Disc
“{30465B6C-B53F-49A1-9EBA-A3F187AD502E}” = Roxio Update Manager
“{3248F0A8-6813-11D6-A77B-00B0D0150060}” = J2SE Runtime Environment 5.0 Update 6
“{3248F0A8-6813-11D6-A77B-00B0D0160030}” = Java™ 6 Update 3
“{33BB4982-DC52-4886-A03B-F4C5C80BEE89}” = Windows Media Player 10
“{34BFB099-07B2-4E95-A673-7362D60866A2}” = PSSWCORE
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}” = Sonic Activation Module
“{36FDBE6E-6684-462b-AE98-9A39A1B200CC}” = HPProductAssistant
“{38441BE7-79B0-42B8-8297-833704F949FE}” = HLPIndex
“{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}” = Adobe Setup
“{3B4E636E-9D65-4D67-BA61-189800823F52}” = Windows Live Communications Platform
“{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}” = OTtBPSDK
“{3F92ABBB-6BBF-11D5-B229-002078017FBF}” = NetWaiting
“{3FA365DF-2D68-45ED-8F83-8C8A33E65143}” = Apple Application Support
“{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}” = Adobe Version Cue CS3 Client
“{48C82F7A-F100-4DAB-A310-8E18BF2159E1}” = ESSvpot
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}” = Adobe ExtendScript Toolkit 2
“{4F677FC7-7AA8-412B-A957-F13CBE1C7331}” = ESSSONIC
“{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}” = DeviceDiscovery
“{5905F42D-3F5F-4916-ADA6-94A3646AEE76}” = Dell Driver Reset Tool
“{5ACE69F0-A3E8-44eb-88C1-0A841E700180}” = TrayApp
“{605A4E39-613C-4A12-B56F-DEFBE6757237}” = SHASTA
“{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}” = Roxio Creator Copy
“{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}” = AOLIcon
“{65D85050-5610-4A91-A3B1-D5C744291AD4}” = PCDADDIN
“{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}” = Roxio Express Labeler
“{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}” = eSupportQFolder
“{687FEF8A-8597-40b4-832C-297EA3F35817}” = BufferChm
“{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}” = Adobe Bridge CS3
“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
“{6D52C408-B09A-4520-9B18-475B81D393F1}” = Microsoft Works
“{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}” = Microsoft Plus! Digital Media Edition Installer
“{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}” = CustomerResearchQFolder

19

“{733D84D6-AAFD-4368-A1D0-F2734F6B9082}” = Adobe Help Viewer CS3
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{7988ba74-4a27-4685-991a-53f072f22808}” = F2200_Help
“{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}” = DellSupport
“{7F3A2319-79CF-4701-95FB-034E99281808}” = Adobe Bridge Start Meeting
“{80533B67-C407-485D-8B5D-63BB8ED9D878}” = Scan
“{818ABC3C-635C-4651-8183-D0E9640B7DD1}” = HP Update
“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable
“{83FFCFC7-88C6-41c6-8752-958A45325C82}” = Roxio Creator Audio
“{87843A41-7808-4F2E-B13F-25C1E67CF2FD}” = ESShelp
“{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}” = Roxio Creator BDAV Plugin
“{8A502E38-29C9-49FA-BCFA-D727CA062589}” = ESSTOOLS
“{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}” = UnloadSupport
“{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}” = Adobe Asset Services CS3
“{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}” = Adobe Type Support
“{8E92D746-CD9F-4B90-9668-42B74C14F765}” = ESSini
“{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}” = SmartWebPrinting
“{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}” = Choice Guard
“{90120000-0010-0409-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (English) 12
“{90120000-0015-0409-0000-0000000FF1CE}” = Microsoft Office Access MUI (English) 2007
“{90120000-0015-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0016-0409-0000-0000000FF1CE}” = Microsoft Office Excel MUI (English) 2007
“{90120000-0016-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0018-0409-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (English) 2007
“{90120000-0018-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0019-0409-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (English) 2007
“{90120000-0019-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-001A-0409-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (English) 2007
“{90120000-001A-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-001B-0409-0000-0000000FF1CE}” = Microsoft Office Word MUI (English) 2007
“{90120000-001B-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
“{90120000-001F-0409-0000-0000000FF1CE}ULTIMATER{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}” = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
“{90120000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2007
“{90120000-001F-040C-0000-0000000FF1CE}ULTIMATER{F580DDD5-8D37-4998-968E-EBB76BB86787}” = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
“{90120000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2007
“{90120000-001F-0C0A-0000-0000000FF1CE}ULTIMATER{187308AB-5FA7-4F14-9AB9-D290383A10D9}” = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
“{90120000-002C-0409-0000-0000000FF1CE}” = Microsoft Office Proofing (English) 2007
“{90120000-0044-0409-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (English) 2007
“{90120000-0044-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-006E-0409-0000-0000000FF1CE}” = Microsoft Office Shared MUI (English) 2007
“{90120000-006E-0409-0000-0000000FF1CE}ULTIMATER{DE5A002D-8122-4278-A7EE-3121E7EA254E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-00A1-0409-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (English) 2007
“{90120000-00A1-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-00BA-0409-0000-0000000FF1CE}” = Microsoft Office Groove MUI (English) 2007
“{90120000-00BA-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0114-0409-0000-0000000FF1CE}” = Microsoft Office Groove Setup Metadata MUI (English) 2007
“{90120000-0114-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0115-0409-0000-0000000FF1CE}” = Microsoft Office Shared Setup Metadata MUI (English) 2007
“{90120000-0115-0409-0000-0000000FF1CE}ULTIMATER{DE5A002D-8122-4278-A7EE-3121E7EA254E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90120000-0117-0409-0000-0000000FF1CE}” = Microsoft Office Access Setup Metadata MUI (English) 2007
“{90120000-0117-0409-0000-0000000FF1CE}ULTIMATER{2FC4457D-409E-466F-861F-FB0CB796B53E}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{90176341-0A8B-4CCC-A78D-F862228A6B95}” = Adobe Anchor Service CS3
“{91120000-002E-0000-0000-0000000FF1CE}” = Microsoft Office Ultimate 2007
“{91120000-002E-0000-0000-0000000FF1CE}ULTIMATER{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}” = Microsoft Office 2007 Service Pack 2 (SP2)
“{91120000-002E-0000-0000-0000000FF1CE}ULTIMATER{3D019598-7B59-447A-80AE-815B703B84FF}” = Security Update for Microsoft Office system 2007 (972581)
“{91517631-A9F3-4B7C-B482-43E0068FD55A}” = ESSgui
“{9422C8EA-B0C6-4197-B8FC-DC797658CA00}” = Windows Live Sign-in Assistant
“{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting
“{999D43F4-9709-4887-9B1A-83EBB15A8370}” = VPRINTOL
“{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}” = ESScore
“{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}” = Status
“{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}” = Segoe UI
“{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}” = Adobe CMaps
“{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}” = SolutionCenter
“{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}” = ESSvpaht
“{AADAC983-FDE9-42FA-8FD9-7BB324155593}” = HLPRFO
“{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}” = Apple Mobile Device Support
“{AB5D51AE-EBC3-438D-872C-705C7C2084B0}” = DeviceManagementQFolder
“{AC76BA86-7AD7-1033-7B44-A81200000003}” = Adobe Reader 8.1.2
“{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}” = ESSCDBK
“{B0DF58A2-40DF-4465-AA56-38623EC9938C}” = Documentation & Support Launcher
“{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}” = CCScore
“{B6884A07-0305-47AE-9969-8F26FADC17DE}” = Games, Music, & Photos Launcher
“{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}” = Dell Support Center
“{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}” = HPSSupply
“{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}” = KSU
“{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}” = Adobe Default Language CS3
“{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}” = HP Photosmart Essential 2.5
“{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}” = Modem Diagnostic Tool
“{c6922d7f-c698-4d9e-9671-8b3de04d1511}” = DJ_AIO_03_F2200_Software_Min
“{C6CA8874-5F22-4AF0-9BE3-016BF299C536}” = Windows Live Essentials
“{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}” = Roxio Creator DE
“{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}” = PCDHELP
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CCB9B81A-167F-4832-B305-D2A0430840B3}” = WebReg
“{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware
“{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}” = Adobe Update Manager CS3
“{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}” = Adobe PDF Library Files
“{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}” = MarketResearch
“{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}” = Nikon Message Center
“{D32470A1-B10C-4059-BA53-CF0486F68EBC}” = Kodak EasyShare software
“{D45E8C45-B601-4A80-AFD8-E16338744DE1}” = ArcSoft Panorama Maker 4
“{D639085F-4B6E-4105-9F37-A0DBB023E2FB}” = Roxio MyDVD DE
“{D77D43B5-ED55-426b-B67B-E21F804F6102}” = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
“{D99A8E3A-AE5A-4692-8B19-6F16D454E240}” = Destination Component
“{DB02F716-6275-42E9-B8D2-83BA2BF5100B}” = SFR
“{db18dc72-cd20-4801-be82-f5d2caeec4d7}” = DJ_AIO_03_F2200_Software
“{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}” = VideoToolkit01
“{E646DCF0-5A68-11D5-B229-002078017FBF}” = Digital Line Detect
“{E9757890-7EC5-46C8-99AB-B00F07B6525C}” = Nikon Transfer
“{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}” = F2200
“{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}” = Yahoo! Music Jukebox
“{eca3039b-e429-420f-bd5e-7dec0683fc32}” = DJ_AIO_03_F2200_ProductContext
“{F01D5ED5-D53A-4468-B428-149DC2CB3110}” = Adobe Dreamweaver CS3
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}” = Copy
“{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}” = iTunes
“{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}” = SKINXSDK
“{F6BD194C-4190-4D73-B1B1-C48C99921BFE}” = Windows Live Call
“{F9593CFB-D836-49BC-BFF1-0E669A411D9F}” = WIRELESS
“{FDF9943A-3D5C-46B3-9679-586BD237DDEE}” = SKIN0001

20

“Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“Adobe_435a6af7459cb02a9c1138113a26e93” = Adobe Dreamweaver CS3
“avast5” = avast! Free Antivirus
“CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1” = Conexant D850 56K V.9x DFVc Modem
“Glary Utilities_is1” = Glary Utilities 2.28.0.1011
“green02.scr” = green02 ScreenSaver
“HDMI” = Intel(R) Graphics Media Accelerator Driver
“Hoyle Board Games 3” = Hoyle Board Games 3
“Hoyle Card Games Demo” = Hoyle Card Games Demo
“HP Imaging Device Functions” = HP Imaging Device Functions 10.0
“HP Photosmart Essential” = HP Photosmart Essential 2.5
“HP Smart Web Printing” = HP Smart Web Printing 4.60
“HP Solution Center & Imaging Support Tools” = HP Solution Center 13.0
“HPExtendedCapabilities” = HP Customer Participation Program 10.0
“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs
“ie7” = Windows Internet Explorer 7
“Licking Dog Screen Clean Screensaver” = Licking Dog Screen Clean Screensaver
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Mozilla Firefox (3.6.6)” = Mozilla Firefox (3.6.6)
“MSNINST” = MSN
“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs
“Picasa 3” = Picasa 3
“PROSet” = Intel(R) PRO Network Connections Drivers
“RealPlayer 6.0” = RealPlayer Basic
“Shop for HP Supplies” = Shop for HP Supplies
“Stellarium_is1” = Stellarium 0.10.2
“StreetPlugin” = Learn2 Player (Uninstall Only)
“ULTIMATER” = Microsoft Office Ultimate 2007
“ViewpointMediaPlayer” = Viewpoint Media Player
“Windows Media Format Runtime” = Windows Media Format Runtime
“Windows Media Player” = Windows Media Player 10
“Windows XP Service Pack” = Windows XP Service Pack 3
“WinLiveSuite_Wave3” = Windows Live Essentials
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2010 1:02:39 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application 0.5047485340980179.exe, version 2.67.0.239, faulting
module 0.5047485340980179.exe, version 2.67.0.239, fault address 0x00004327.

Error - 12/7/2010 1:02:42 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application 0.9247337076589472.exe, version 2.67.0.239, faulting
module 0.9247337076589472.exe, version 2.67.0.239, fault address 0x00004327.

Error - 12/7/2010 3:39:55 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 12/7/2010 4:04:35 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/7/2010 4:05:30 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 12/7/2010 4:14:43 AM | Computer Name = JAKUBEK | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/7/2010 5:19:05 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
with error: The connection with the server was terminated abnormally

Error - 12/7/2010 5:19:13 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
with error: This network connection does not exist.

Error - 12/7/2010 7:06:04 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
with error: The connection with the server was terminated abnormally

Error - 12/7/2010 7:06:22 AM | Computer Name = JAKUBEK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
with error: The connection with the server was terminated abnormally

[ OSession Events ]
Error - 12/15/2008 7:39:32 AM | Computer Name = JAKUBEK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 667
seconds with 240 seconds of active time. This session ended with a crash.

Error - 8/28/2009 8:16:21 AM | Computer Name = JAKUBEK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1921
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/7/2010 12:25:57 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 3:41:25 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer ‘time.windows.com,0x1’. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/7/2010 3:41:25 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/7/2010 3:41:40 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer ‘time.windows.com,0x1’. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/7/2010 3:41:40 AM | Computer Name = JAKUBEK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/7/2010 3:55:18 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 4:15:30 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 7:11:22 AM | Computer Name = JAKUBEK | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 12/7/2010 7:18:52 AM | Computer Name = JAKUBEK | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 12/7/2010 7:20:44 AM | Computer Name = JAKUBEK | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

< End of report >