reply with logs
I ran my Webroot Scan today, it found no errors.
However, although I don't know the date, it did find a problem recently.
It found;
Troj/JavaDI-BC
It quarantined it.
Today I ran Avira free and it found nothing.
I also ran TFC, it ran, cleaned and ordered a reboot, I did.
I ran Malwarebytes days ago and it did find a problem in the registry and corrected it.
Step 1
I ran it again today and it found nothing, here is the log for each day;
From 03/01/2011
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5916
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/1/2011 10:27:09 AM
mbam-log-2011-03-01 (10-26-54).txt
Scan type: Quick scan
Objects scanned: 141898
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (
http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (
http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (
http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (
http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (
http://www.helpmeopen.com/?n=app&l=x&ext=%s) Good: (
http://shell.windows.com/fileassoc/fileassoc.asp?LangID=x&Ext=%s) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
From 03/05/2011
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5968
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/5/2011 3:42:24 PM
mbam-log-2011-03-05 (15-42-24).txt
Scan type: Quick scan
Objects scanned: 142096
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Then there is the log from GMER;
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit quick scan 2011-03-05 15:54:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 SAMSUNG_HD080HJ/P rev.ZH100-46
Running: yp3jjjun.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\awdiipog.sys
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip 8A5DB0D0
Device \Driver\Tcpip \Device\Ip 8A6CF020
Device \Driver\Tcpip \Device\Ip 8A467B50
Device \Driver\Tcpip \Device\Ip 8A3D08F8
AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
Device \Driver\Tcpip \Device\Tcp 8A5DB0D0
Device \Driver\Tcpip \Device\Tcp 8A6CF020
Device \Driver\Tcpip \Device\Tcp 8A467B50
Device \Driver\Tcpip \Device\Tcp 8A3D08F8
AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
Device \Driver\Tcpip \Device\Udp 8A5DB0D0
Device \Driver\Tcpip \Device\Udp 8A6CF020
Device \Driver\Tcpip \Device\Udp 8A467B50
Device \Driver\Tcpip \Device\Udp 8A3D08F8
AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
Device \Driver\Tcpip \Device\RawIp 8A5DB0D0
Device \Driver\Tcpip \Device\RawIp 8A6CF020
Device \Driver\Tcpip \Device\RawIp 8A467B50
Device \Driver\Tcpip \Device\RawIp 8A3D08F8
AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
---- EOF - GMER 1.0.15 ----
Then there are the logs from DDS;
from DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 16:14:17.04 on Sat 03/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1438 [GMT -6:00]
.
AV: Webroot Internet Security Complete *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Complete *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Documents and Settings\David\My Documents\Downloads\DDS\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\program files\webroot\security\current\products\wisc\toolbar\LPBar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - c:\program files\webroot\security\current\plugins\browserextension\WebrootBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\program files\webroot\security\current\products\wisc\toolbar\LPBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [smapp] "c:\program files\analog devices\soundmax\SMTray.exe"
dRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
StartupFolder: c:\docume~1\david\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289649019863
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289649186457
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\5spsnxg0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Webroot malicious URL filtering: {3DF533F5-FB3C-4c4c-A1D7-99717F8C3038} - c:\program files\webroot\security\current\plugins\browserextension\ff_ptc
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://wsm.ezsitedesigner.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
============= SERVICES / DRIVERS ===============
.
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2010-11-15 122184]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 SSFMONM;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-11-15 45072]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-11-15 3897984]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-3-5 3251928]
R3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\drivers\ZTEusbgps.sys [2010-12-4 105856]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2010-12-4 105856]
S2 AHDDC2;Ashampoo HDD Control 2 Service; [x]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-29 136176]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-4 9216]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2011-1-2 3567]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-12-31 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-12-31 11104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
.
=============== Created Last 30 ================
.
2011-03-05 22:06:00 685056 -c--a-w- c:\windows\isRS-000.tmp
2011-03-01 16:02:06 -------- dc----w- c:\docume~1\david\applic~1\Malwarebytes
2011-03-01 16:01:00 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-01 16:00:59 -------- dc----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-01 16:00:56 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 16:00:56 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 01:54:48 -------- dc-h--w- c:\windows\ie8
2011-02-27 21:07:03 -------- dc----w- c:\docume~1\david\locals~1\applic~1\Mozilla
2011-02-27 21:04:56 -------- dc----w- c:\program files\Bing Bar Installer
2011-02-26 07:24:37 -------- dc----w- c:\docume~1\david\applic~1\Avery
2011-02-23 15:34:45 -------- dc----w- c:\docume~1\david\applic~1\Auslogics
2011-02-20 18:11:18 -------- dc----w- c:\docume~1\alluse~1\applic~1\V CAST Media Manager
2011-02-20 18:01:07 -------- dc----w- c:\docume~1\alluse~1\applic~1\Verizon
2011-02-20 18:01:02 -------- dc----w- c:\docume~1\david\locals~1\applic~1\V CAST Media Manager
2011-02-20 17:51:31 -------- dc----w- c:\program files\Verizon V CAST Media Manager
2011-02-20 17:47:45 221184 -c--a-w- c:\windows\system32\wmpns.dll
2011-02-20 17:47:32 -------- dc----w- c:\program files\Windows Media Connect 2
2011-02-20 17:44:40 -------- dc----w- c:\windows\system32\LogFiles
2011-02-20 17:19:10 -------- dc----w- c:\program files\common files\Motorola Shared
2011-02-20 17:19:00 -------- dc----w- c:\program files\Motorola
2011-02-17 15:48:05 -------- dc----w- c:\program files\Avery Dennison
2011-02-07 12:51:27 -------- dc----w- c:\documents and settings\david\bookmarkbackups
2011-02-05 06:57:26 73728 -c--a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2011-02-03 03:40:23 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-01-23 16:29:35 44 -c--a-w- c:\windows\system32\msssc.dll
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
2010-12-19 21:54:00 79872 -csha-r- c:\windows\system32\streamcil.dll
2010-12-09 15:15:09 718336 -c--a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 -c--a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 -c--a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:17:10.59 ===============
Then from DDS attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/13/2010 3:56:08 AM
System Uptime: 3/5/2011 4:08:53 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 09E0h
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2791/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 53.406 GiB free.
E: is CDROM ()
F: is CDROM ()
V: is CDROM (CDFS)
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_3005103C&REV_01\4&1886B119&0&00E1
Manufacturer: Broadcom
Name: Broadcom NetXtreme Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_3005103C&REV_01\4&1886B119&0&00E1
Service: b57w2k
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1117367&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1117367&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 12/19/2010 7:11:43 PM - System Checkpoint
RP2: 12/21/2010 10:14:59 AM - System Checkpoint
RP3: 12/23/2010 1:13:55 AM - System Checkpoint
RP4: 12/24/2010 1:23:05 AM - System Checkpoint
RP5: 12/24/2010 10:23:07 AM - Installed Verizon Wireless AC30 Firmware Updates.
RP6: 12/24/2010 10:24:28 AM - Removed VZAccess Manager.
RP7: 12/24/2010 10:25:40 AM - Installed VZAccess Manager.
RP8: 12/26/2010 12:48:08 AM - System Checkpoint
RP9: 12/27/2010 3:52:24 AM - System Checkpoint
RP10: 12/28/2010 4:14:30 AM - System Checkpoint
RP11: 12/29/2010 12:52:44 AM - Software Distribution Service 3.0
RP12: 12/29/2010 9:28:31 AM - Installed Windows XP KB915800-v4.
RP13: 12/29/2010 9:28:46 AM - Installed Windows XP Windows Search 4.0.
RP14: 12/30/2010 9:58:30 AM - System Checkpoint
RP15: 1/1/2011 10:18:24 AM - Installed Active@ Hard Disk Monitor
RP16: 1/2/2011 11:49:35 AM - System Checkpoint
RP17: 1/2/2011 7:40:05 PM - Removed WinZip 14.0
RP18: 1/2/2011 10:21:32 PM - Removed Active@ Hard Disk Monitor
RP19: 1/3/2011 11:23:49 PM - Auslogics Regisry Defrag - before defragmentation
RP20: 1/5/2011 9:38:57 AM - System Checkpoint
RP21: 1/7/2011 2:14:56 AM - System Checkpoint
RP22: 1/8/2011 2:18:38 AM - System Checkpoint
RP23: 1/9/2011 6:40:37 AM - System Checkpoint
RP24: 1/10/2011 7:28:02 AM - System Checkpoint
RP25: 1/12/2011 12:52:39 AM - System Checkpoint
RP26: 1/13/2011 12:12:57 AM - Software Distribution Service 3.0
RP27: 1/14/2011 2:26:49 AM - System Checkpoint
RP28: 1/16/2011 11:57:54 AM - System Checkpoint
RP29: 1/17/2011 12:24:41 PM - System Checkpoint
RP30: 1/20/2011 10:57:12 AM - System Checkpoint
RP31: 1/22/2011 12:52:50 AM - System Checkpoint
RP32: 1/23/2011 9:50:19 AM - Removed Realtek High Definition Audio Driver
RP33: 1/23/2011 10:02:08 AM - Installed Realtek AC'97 Audio
RP34: 1/23/2011 12:15:01 PM - Auslogics Regisry Defrag - before defragmentation
RP35: 1/24/2011 3:13:39 PM - System Checkpoint
RP36: 1/26/2011 1:34:28 AM - System Checkpoint
RP37: 1/27/2011 7:00:58 AM - System Checkpoint
RP38: 1/30/2011 3:13:46 PM - System Checkpoint
RP39: 1/31/2011 3:16:11 PM - System Checkpoint
RP40: 2/1/2011 9:08:33 PM - System Checkpoint
RP41: 2/4/2011 2:38:14 AM - System Checkpoint
RP42: 2/5/2011 12:53:39 AM - Removed Java(TM) 6 Update 22
RP43: 2/5/2011 12:56:41 AM - Installed Java(TM) 6 Update 23
RP44: 2/6/2011 1:59:20 AM - System Checkpoint
RP45: 2/7/2011 10:59:41 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP46: 2/9/2011 12:57:23 AM - System Checkpoint
RP47: 2/10/2011 12:04:02 AM - Software Distribution Service 3.0
RP48: 2/11/2011 1:43:44 AM - System Checkpoint
RP49: 2/12/2011 2:42:37 AM - System Checkpoint
RP50: 2/13/2011 2:48:25 AM - System Checkpoint
RP51: 2/14/2011 9:00:37 AM - System Checkpoint
RP52: 2/14/2011 10:37:51 AM - Installed Windows XP -- Software Updates KB952011.
RP53: 2/16/2011 12:17:02 AM - Installed Java(TM) 6 Update 24
RP54: 2/17/2011 1:02:54 AM - System Checkpoint
RP55: 2/17/2011 9:47:39 AM - Installed DesignPro 5
RP56: 2/18/2011 10:07:43 AM - System Checkpoint
RP57: 2/19/2011 11:23:13 AM - System Checkpoint
RP58: 2/20/2011 11:43:35 AM - Installed Windows Media Player 11
RP59: 2/20/2011 11:44:36 AM - Installed Windows XP Wudf01000.
RP60: 2/20/2011 11:48:30 AM - Installed Windows XP MSCompPackV1.
RP61: 2/21/2011 3:00:15 AM - Software Distribution Service 3.0
RP62: 2/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP63: 2/23/2011 3:00:15 AM - Software Distribution Service 3.0
RP64: 2/23/2011 9:26:14 AM - Software Distribution Service 3.0
RP65: 2/25/2011 7:36:46 AM - System Checkpoint
RP66: 2/26/2011 2:52:53 AM - Software Distribution Service 3.0
RP67: 2/26/2011 2:54:08 AM - Software Distribution Service 3.0
RP68: 2/26/2011 10:11:10 AM - Software Distribution Service 3.0
RP69: 2/27/2011 1:19:43 PM - Auslogics Regisry Defrag - before defragmentation
RP70: 2/27/2011 7:56:27 PM - Installed Windows Internet Explorer 8.
RP71: 2/27/2011 9:56:30 PM - Software Distribution Service 3.0
RP72: 3/1/2011 1:42:45 AM - System Checkpoint
RP73: 3/2/2011 1:44:50 AM - System Checkpoint
RP74: 3/3/2011 1:55:18 AM - System Checkpoint
RP75: 3/4/2011 2:41:02 AM - System Checkpoint
RP76: 3/5/2011 3:48:49 AM - System Checkpoint
.
==== Installed Programs ======================
.
1600
1600_Help
1600Trb
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advertising Center
AiO_Scan
AiOSoftware
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Auslogics BoostSpeed
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
BufferChm
Capture-A-ScreenShot
DeepBurner v1.9.0.228
DeLorme Street Atlas USA 2009
DesignPro 5
Destinations
Director
DolbyFiles
DVDFab 8.0.6.1 (18/12/2010)
Fax
FinalTorrent 2010
Foxit Reader
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Setup Client
Malwarebytes' Anti-Malware
Menu Templates - Pack 1
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
Movie Templates - Starter Kit
Mozilla Firefox (3.6.14)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV RegClean 5.9 English
Nero 6 Demo
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
OGA Notifier 2.0.0048.0
Picasa 3
ProductContext
QFolder
Quicken 2010
QuickTime
Readme
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows XP (KB923789)
SoundMAX
System Requirements Lab for Intel
The Weather Channel Toolbar
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2492475)
Update for Windows Internet Explorer 8 (KB976662)
Verizon V CAST Media Manager
Verizon Wireless AC30 Firmware Updates
VZAccess Manager
WebFldrs XP
WebReg
Webroot Software
Windows Essentials Media Codec Pack 2.2c
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
ZTE USB Drivers
.
==== Event Viewer Messages From Past Week ========
.
3/5/2011 3:51:20 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:51:05 PM, error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
3/5/2011 3:50:00 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/5/2011 3:47:55 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/5/2011 3:22:52 PM, error: Service Control Manager [7034] - The SoundMAX Agent Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:22:52 PM, error: Service Control Manager [7034] - The SNMP Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:22:52 PM, error: Service Control Manager [7034] - The Simple TCP/IP Services service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:22:52 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:22:52 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 3:22:52 PM, error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/3/2011 12:23:39 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
2/28/2011 5:47:46 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
2/28/2011 5:47:46 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2011 5:47:45 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/28/2011 10:54:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
2/27/2011 1:25:54 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabmig.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabimp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wabfind.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\setup50.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\oemiglib.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\oemig50.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:13:07 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msimn.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\isignup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\inetwiz.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwutil.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwtutor.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwrmind.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwhelp.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwdl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn2.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn1.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\icwconn.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
2/27/2011 1:11:42 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\connection wizard\trialoc.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2600.0.
2/27/2011 1:11:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
2/27/2011 1:11:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
2/27/2011 1:11:33 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 8.0.6001.18702.
.
==== End Of File ===========================
So, there we are.