Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image - Redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 Glyn Elrod

Glyn Elrod

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 12 February 2010 - 10:10 PM

We are receiving bad image messages. For example, when logging into Microsoft Outlook a message something like "ctfmon.exe-bad image"....globalroot/systemroot/system32/4DW4R.....etc is not a valid Windows image...."

This happens with Outlook, Task Manager and IE 7.0.

We are also seeing re-directs in both Firefox and IE. For example, you google a topic, and, rather than taking you to the link you have selected, we are taken to a travel site, or, a yellow pages site. In fact, we had the embarrassing incident with this taking us to a graphic porn site with our 9 year old girl looking.

I've tried the PC Tools Spyware Doctor but that has done nothing.

I've downloaded Combofix, and ran the scan. I've saved the log file, but really don't know what to do with it. Obviously I need some assistance before moving forward.

If necessary, I'll try to get screen shots of the messages. I was hoping that what I've encountered is happening frequently, and you are familiar with these.

Your assistance will be greatly appreciated.


I entered a separate topic earlier this week, and received only one response. The person recommended the following link: http://www.geekstogo.com/forum/rundll32-ex...up-t263233.html. I tried these steps, but nothing helped (i.e., neither problem was improved). He tried to help, but to no avail.


Following is the DDS log. I also tried the GMER log; it continued for over 12 hours, but never completed. I had to shut the computer down. If you think it is necessary I will try to run GMER again.









DDS (Ver_09-12-01.01) - NTFSx86
Run by Cindy Elrod at 18:18:50.25 on Thu 02/11/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.333 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\igfxpers.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Cindy Elrod\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] "c:\progra~1\mcafee.com\vso\mcvsshld.exe"
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - c:\program files\verizon online\verizon online control pad\VerizonControlPad.Exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\linksys\bluetooth utility\btsendto_ie.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://access.concentra.com/dal0s5t/iNotes.cab
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.barkinghampalacela.com/downloads/cab/DVatDec.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://access.concentra.com/dal0s5t/download/dolcontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265586301796
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265586295906
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38118.8221643519
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://access.concentra.com/dal0s5t/dwa7W.cab
DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} - hxxp://download.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab
DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} - hxxp://prints.picturecenter.kodak.com/activex/LightSurfUploadControl.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup145.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?321
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cindye~1\applic~1\mozilla\firefox\profiles\h1n79oda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-7 207792]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-9-6 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-9-6 122368]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-5-4 106496]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2007-8-29 14976]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-7 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-7 1141712]
R3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2004-5-9 225375]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2004-5-9 23296]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-7-10 29744]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-12-4 245760]

=============== Created Last 30 ================

2010-02-11 03:42:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-11 03:27:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-11 03:20:19 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-02-11 03:20:16 0 d-----w- c:\program files\McAfee Security Scan
2010-02-10 04:15:57 0 d-sha-r- C:\cmdcons
2010-02-10 04:15:06 98816 ----a-w- c:\windows\sed.exe
2010-02-10 04:15:06 77312 ----a-w- c:\windows\MBR.exe
2010-02-10 04:15:06 261632 ----a-w- c:\windows\PEV.exe
2010-02-10 04:15:06 161792 ----a-w- c:\windows\SWREG.exe
2010-02-10 04:01:39 0 d-----w- c:\program files\McAfee
2010-02-10 02:53:54 3248 ----a-w- c:\windows\system32\wbem\Outlook_01caa9fc482f822a.mof
2010-02-09 03:25:08 548804 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-02-09 01:27:44 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-09 01:27:44 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-09 01:21:28 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-09 01:19:37 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-09 01:19:17 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-09 01:15:10 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-02-09 01:15:03 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-09 01:14:30 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-09 01:14:01 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-09 01:13:54 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-02-09 01:12:57 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-08 00:15:38 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-08 00:15:38 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-08 00:14:43 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-08 00:14:43 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-08 00:14:43 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-08 00:14:43 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-08 00:14:19 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-08 00:14:19 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-08 00:13:40 0 d-----w- c:\program files\Spyware Doctor
2010-02-08 00:13:40 0 d-----w- c:\program files\common files\PC Tools
2010-02-08 00:13:40 0 d-----w- c:\docume~1\cindye~1\applic~1\PC Tools
2010-02-08 00:13:40 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-02-08 00:09:50 0 d-----w- c:\windows\system32\XPSViewer
2010-02-08 00:07:51 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-08 00:07:51 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-08 00:07:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-08 00:07:50 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-08 00:07:50 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-08 00:07:49 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-08 00:07:49 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-07 23:45:18 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-02-06 00:25:47 28160 ----a-w- c:\windows\system32\4DW4R3WQSFlEMxIk.dll

==================== Find3M ====================

2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-27 05:09:53 147466 ----a-w- c:\windows\hpoins21.dat
2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll
2008-05-17 22:38:57 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051720080518\index.dat

============= FINISH: 18:20:46.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 18 February 2010 - 09:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 19 February 2010 - 08:58 AM

Thank you for response. I will probably be unable to respond until this weekend (2/20 or 2/21), but will perform steps you noted.

The problem still exists (both the redirect and the invalid image), but seemingly it isn't as bad. Before my first post I had downloaded a PC Tools application that found three Trojan viruses. However, I'm not sure that made a difference, as the computer still has issues.

#4 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 19 February 2010 - 02:44 PM

Each time I attempt to run the scan using OTL, I receive the message shown in the attached file.

Essentially, the screen turns blue, and indicates we have hard drive corruption. I tried OTL three times, and each time this message appeared.

How shall I proceed?

Attached Files



#5 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 19 February 2010 - 08:04 PM

Update. Tried again to do OTL. Same thing happens.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 20 February 2010 - 07:53 AM

Hi,

leave OTL be for the time being and please provide a fresh scan of DDS isntead (if that still runs):
Please run a scan with DDS:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    DDS.scr
    DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


Information on A/V control HERE

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 21 February 2010 - 03:51 PM

It won't allow me to do DDS either. Same error as screen shot sent.

Would it make sense for me to do a System Restore to reset this to sometime before 2/9/10?

Edited by Glyn Elrod, 21 February 2010 - 03:52 PM.


#8 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 21 February 2010 - 04:13 PM

I tried again, and got it to work!

I found some of the other anti-virus things I tried that hadn't been deleted. Attached is a revised 'dds' and 'attach' log.

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 21 February 2010 - 05:59 PM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If you still have the log, please post it in your next reply.

Please also try to run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
(Try it once in normal mode and safe mode, if it crashes let me know and I'll give you some other tool)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 21 February 2010 - 08:01 PM

Attached is the gmer log.


Edited by Glyn Elrod, 21 February 2010 - 08:03 PM.


#11 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 21 February 2010 - 09:10 PM


I may have misunderstood your last response. I mistakenly thought you instructed me to provide combofix log. It follows below:





ComboFix 10-02-21.02 - Glyn Elrod 02/21/2010 19:49:39.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.696 [GMT -6:00]
Running from: c:\documents and settings\Glyn Elrod\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\4DW4R3BBaoWPWOdv.dll
c:\windows\SYSTEM32\4DW4R3c.dll
c:\windows\SYSTEM32\4DW4R3DiXtPIEYNs.dll
c:\windows\SYSTEM32\4DW4R3dtWlOmNqxb.dll
c:\windows\SYSTEM32\4DW4R3EbtdheoRpq.dll
c:\windows\SYSTEM32\4DW4R3hvDbxbjMEK.dll
c:\windows\system32\4DW4R3ikXLEJRPwt.dll
c:\windows\SYSTEM32\4DW4R3IxKFRcpXnP.dll
c:\windows\SYSTEM32\4DW4R3KJVISKxnNq.dll
c:\windows\system32\4DW4R3klQWVmNqjV.dll
c:\windows\SYSTEM32\4DW4R3kritDVyOXx.dll
c:\windows\system32\4DW4R3KXoKgbvXji.dll
c:\windows\SYSTEM32\4DW4R3KXutCIPXmH.dll
c:\windows\SYSTEM32\4DW4R3LerswkcyIp.dll
c:\windows\SYSTEM32\4DW4R3lOLDqhnMUq.dll
c:\windows\system32\4DW4R3LQwkQJAJru.dll
c:\windows\SYSTEM32\4DW4R3LSXxYCOXPw.dll
c:\windows\SYSTEM32\4DW4R3NAIOdKJXxa.dll
c:\windows\system32\4DW4R3OYCrvXJomT.dll
c:\windows\SYSTEM32\4DW4R3pBCnRvKFOs.dll
c:\windows\system32\4DW4R3RpOWwTADvh.dll
c:\windows\system32\4DW4R3siyvwpQpAT.dll
c:\windows\system32\4DW4R3sv.dat
c:\windows\SYSTEM32\4DW4R3taiaanNvsu.dll
c:\windows\system32\4DW4R3TdywyhPUUN.dll
c:\windows\system32\4DW4R3tPkMuJBrlP.dll
c:\windows\system32\4DW4R3uOglxFLJBM.dll
c:\windows\system32\4DW4R3UOoVBroQsL.dll
c:\windows\system32\4DW4R3vmXFJwWWQc.dll
c:\windows\system32\4DW4R3vtjqeQSiod.dll
c:\windows\system32\4DW4R3wGiRkHnurT.dll
c:\windows\system32\4DW4R3wKyMFQtbwm.dll
c:\windows\SYSTEM32\4DW4R3WQSFlEMxIk.dll
c:\windows\system32\4DW4R3xBqxcCWdab.dll
c:\windows\SYSTEM32\4DW4R3xelAbMYBOp.dll
c:\windows\system32\4DW4R3xYLBvdpnLr.dll
c:\windows\SYSTEM32\4DW4R3YhXUHtQTPO.dll
c:\windows\system32\drivers\4DW4R3.sys
c:\windows\system32\drivers\4DW4R3BjuUYKuukW.sys
c:\windows\system32\drivers\4DW4R3BONCrxWjce.sys
c:\windows\system32\drivers\4DW4R3bUomrDbvnh.sys
c:\windows\system32\drivers\4DW4R3bwBysRkBvo.sys
c:\windows\system32\drivers\4DW4R3bxkYaNTLLI.sys
c:\windows\system32\drivers\4DW4R3curirQDYdn.sys
c:\windows\system32\drivers\4DW4R3DkleeebNDx.sys
c:\windows\system32\drivers\4DW4R3EqIkJOarWE.sys
c:\windows\system32\drivers\4DW4R3fjAcnDmLRp.sys
c:\windows\system32\drivers\4DW4R3JkOuLScsDK.sys
c:\windows\system32\drivers\4DW4R3kRjGkbUVXL.sys
c:\windows\system32\drivers\4DW4R3kyqvquuwDk.sys
c:\windows\system32\drivers\4DW4R3lPQiXklmXQ.sys
c:\windows\system32\drivers\4DW4R3ncRoepTSJo.sys
c:\windows\system32\drivers\4DW4R3ncrwXlWKvY.sys
c:\windows\system32\drivers\4DW4R3ouFAbpaEsH.sys
c:\windows\system32\drivers\4DW4R3pbWpeyrWil.sys
c:\windows\system32\drivers\4DW4R3pmTkkyYDpl.sys
c:\windows\system32\drivers\4DW4R3PWiwqrPErW.sys
c:\windows\system32\drivers\4DW4R3qePtrPEIRo.sys
c:\windows\system32\drivers\4DW4R3rBymMRbtby.sys
c:\windows\system32\drivers\4DW4R3STNKglERwI.sys
c:\windows\system32\drivers\4DW4R3TtoPbVVytw.sys
c:\windows\system32\drivers\4DW4R3UrJBdlpqnv.sys
c:\windows\system32\drivers\4DW4R3vCRkGrhvwy.sys
c:\windows\system32\drivers\4DW4R3vvGliehnIM.sys
c:\windows\system32\drivers\4DW4R3VYyJTWkrQi.sys
c:\windows\system32\drivers\4DW4R3WxLqikpxRK.sys
c:\windows\system32\drivers\4DW4R3xhKbmfJxTO.sys
c:\windows\system32\drivers\4DW4R3xLkMtEFKjw.sys
c:\windows\system32\drivers\4DW4R3XrWjxAvunW.sys
c:\windows\system32\drivers\4DW4R3XXvWmapXqf.sys
c:\windows\system32\drivers\4DW4R3YBYoUfJRYj.sys
c:\windows\system32\drivers\4DW4R3YmpxLRdYmV.sys
c:\windows\system32\drivers\4DW4R3yyGkUQDBiP.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_4DW4R3
-------\Legacy_4DW4R3


((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-19 19:30 . 2010-02-19 19:30 49152 ----a-r- c:\documents and settings\Glyn Elrod\Application Data\Microsoft\Installer\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}\NewShortcut1.exe
2010-02-19 19:30 . 2010-02-19 19:30 49152 ----a-r- c:\documents and settings\Glyn Elrod\Application Data\Microsoft\Installer\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}\ARPPRODUCTICON.exe
2010-02-15 16:26 . 2010-02-15 16:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2010-02-15 16:16 . 2010-02-15 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-13 02:56 . 2010-02-13 02:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-12 18:48 . 2010-02-12 18:48 -------- d-----w- c:\documents and settings\Hadley Elrod\Application Data\GTek
2010-02-11 03:42 . 2010-02-11 03:42 -------- d-----w- c:\program files\Common Files\Java
2010-02-11 03:27 . 2010-02-11 03:27 503808 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df250ab-n\msvcp71.dll
2010-02-11 03:27 . 2010-02-11 03:27 499712 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df250ab-n\jmc.dll
2010-02-11 03:27 . 2010-02-11 03:27 348160 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1df250ab-n\msvcr71.dll
2010-02-11 03:27 . 2010-02-11 03:27 61440 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ac3f38a-n\decora-sse.dll
2010-02-11 03:27 . 2010-02-11 03:27 12800 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ac3f38a-n\decora-d3d.dll
2010-02-11 03:27 . 2010-02-11 03:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-11 03:23 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Cindy Elrod\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-11 03:20 . 2010-02-11 03:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-11 02:46 . 2010-02-11 02:46 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-11 02:39 . 2010-02-11 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-10 04:04 . 2010-02-10 04:04 -------- d-----w- c:\documents and settings\Glyn Elrod\Application Data\McAfee
2010-02-10 04:01 . 2010-02-21 19:43 -------- d-----w- c:\program files\McAfee
2010-02-09 01:27 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-09 01:27 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-09 01:21 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-09 01:19 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-09 01:15 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-02-09 01:14 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-09 01:14 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-02-09 01:13 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-02-09 01:12 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-02-08 00:13 . 2010-02-19 19:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-08 00:10 . 2010-02-08 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-08 00:09 . 2010-02-08 00:09 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-08 00:09 . 2010-02-08 00:09 -------- d-----w- c:\program files\MSBuild
2010-02-08 00:09 . 2010-02-08 00:09 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 00:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-08 00:07 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-08 00:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-08 00:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-08 00:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-08 00:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-08 00:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-08 00:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-08 00:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 20:57 . 2004-05-10 00:06 -------- d-----w- c:\program files\Quicken
2010-02-21 20:34 . 2004-05-04 18:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-21 20:33 . 2005-07-31 20:58 -------- d-----w- c:\program files\Living Books
2010-02-12 18:57 . 2005-07-10 17:41 -------- d-----w- c:\program files\Google
2010-02-11 03:41 . 2004-05-04 18:31 -------- d-----w- c:\program files\Java
2010-02-11 03:22 . 2004-06-02 01:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-10 04:50 . 2004-05-04 18:56 239040 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 04:01 . 2004-08-10 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-09 23:16 . 2009-06-19 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 03:22 . 2004-10-31 20:16 -------- d-----w- c:\program files\Scholastic's Clifford
2010-01-15 16:18 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\Heather Elrod\Application Data\HPAppData
2010-01-09 21:07 . 2006-06-12 00:34 -------- d-----w- c:\documents and settings\Glyn Elrod\Application Data\Intuit
2010-01-05 10:00 . 2004-08-24 01:32 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2002-08-29 10:00 17408 ------w- c:\windows\system32\corpol.dll
2010-01-04 03:58 . 2009-11-26 17:43 -------- d-----w- c:\program files\iPod
2009-12-31 02:34 . 2006-12-25 19:32 -------- d-----w- c:\documents and settings\Glyn Elrod\Application Data\Apple Computer
2009-12-27 05:09 . 2008-04-06 22:46 147466 ----a-w- c:\windows\hpoins21.dat
2009-12-26 04:44 . 2009-12-26 00:49 -------- d-----w- c:\program files\Audacity
2009-12-26 00:50 . 2009-12-26 00:26 -------- d-----w- c:\program files\MixMeister EZ Vinyl Tape Converter
2009-12-25 14:14 . 2007-07-21 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-24 20:24 . 2009-10-13 02:30 -------- d-----w- c:\documents and settings\Cindy Elrod\Application Data\HpUpdate
2009-11-26 17:27 . 2009-11-26 17:27 79144 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-18 163840]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"McRegWiz"="c:\progra~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 135168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BounceBack Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk
backup=c:\windows\pss\BounceBack Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer HDD Camera Monitor.lnk
backup=c:\windows\pss\ImageMixer HDD Camera Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\SYSTEM32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cards]
2002-08-29 01:02 54563 ------w- c:\windows\SYSTEM32\cards.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27 28672 ------w- c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-04 11:50 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 -c--a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-18 02:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 07:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 portD;CMS PortIO Service;c:\windows\SYSTEM32\DRIVERS\portd2k.sys [8/29/2007 7:28 PM 14976]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [5/9/2004 5:52 PM 23296]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 12:57 PM 135664]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/10/2005 11:41 AM 29744]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 00:10]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:57]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 18:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
Trusted Zone: apple.com\www
Trusted Zone: internet
Trusted Zone: intuit.com
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://www.barkinghampalacela.com/downloads/cab/DVatDec.cab
DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://access.concentra.com/dal0s5t/download/dolcontrol.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} - hxxp://download.gamedesire.com/g_bin/eng/mahjong_2_0_0_31.cab
FF - ProfilePath - c:\documents and settings\Glyn Elrod\Application Data\Mozilla\Firefox\Profiles\cbqfyle7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-21 20:04:30
ComboFix-quarantined-files.txt 2010-02-22 02:04
ComboFix2.txt 2010-02-10 05:12

Pre-Run: 14,821,068,800 bytes free
Post-Run: 14,993,821,696 bytes free

- - End Of File - - 4CEDEF64C595AAFC2894B24DC97CE715


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 22 February 2010 - 02:45 PM

Hi,

I did not mean for you to run ComboFix again, you had understood fine before. I wanted to see a log from gmer. smile.gif

Could you please provide it now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 22 February 2010 - 07:43 PM

Here it is.

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 AM

Posted 23 February 2010 - 11:22 AM

Hi,

ComboFix seems to have taken care of the rootkit. Could you please run a fresh scan with gmer as well as OTL and let me know how your PC is doing.

regards mytri

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Glyn Elrod

Glyn Elrod
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 23 February 2010 - 09:10 PM


I tried submitting Gmer twice. Both times it ran for approximately 10 minutes, and the computer would automatically reboot.

Here is the OTL txt.

OTL logfile created on: 2/23/2010 7:54:11 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Glyn Elrod\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 628.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 14.11 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.00 Gb Total Space | 79.60 Gb Free Space | 53.42% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3T5JT41
Current User Name: Glyn Elrod
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 19:53:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glyn Elrod\Desktop\OTL.exe
PRC - [2010/02/19 18:52:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/12 12:57:53 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2010/02/10 21:41:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/12/11 15:57:56 | 000,948,672 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/20 19:01:57 | 000,071,168 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LxrJD31s.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WgaTray.exe
PRC - [2009/03/10 12:57:18 | 001,553,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/02/04 13:54:56 | 000,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 18:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\savedump.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/17 20:46:14 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/01/11 12:05:42 | 000,212,992 | ---- | M] (McAfee, Inc) -- C:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2005/12/30 16:42:40 | 000,163,840 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Shared\mghtml.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/09/20 08:36:20 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\igfxpers.exe
PRC - [2005/09/20 08:32:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2004/04/28 16:55:12 | 000,417,849 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe
PRC - [2003/09/02 17:41:38 | 000,135,168 | ---- | M] () -- C:\Program Files\McAfee.com\Agent\McRegWiz.exe
PRC - [2003/08/17 20:50:34 | 000,163,840 | ---- | M] (Networks Associates Technology, Inc) -- C:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2003/08/08 17:04:38 | 000,106,496 | ---- | M] (Networks Associates Technology, Inc) -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe
PRC - [2003/08/06 00:04:00 | 000,114,741 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
PRC - [2003/05/31 17:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 19:53:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glyn Elrod\Desktop\OTL.exe
MOD - [2009/03/10 12:56:51 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- -- (btwdins)
SRV - [2010/02/12 12:57:53 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/02/10 21:41:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/07 18:10:08 | 000,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/20 19:01:57 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2009/02/04 13:54:56 | 000,303,104 | ---- | M] (Motive Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/04 05:50:11 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/03/25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Start_Pending] -- C:\Program Files\Hp\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/25 19:38:24 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hp\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/31 13:56:28 | 000,052,736 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006/10/31 13:56:24 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZINW12.DLL -- (Net Driver HPZ12)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 15:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/07/01 18:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/08/08 17:04:38 | 000,106,496 | ---- | M] (Networks Associates Technology, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\mcvsrte.exe -- (MCVSRte)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/31 17:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)
SRV - [2002/03/13 07:50:34 | 000,225,375 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/20 19:01:57 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LxrJD31d.sys -- (LxrJD31d)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/03/11 15:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 15:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/03/07 22:20:50 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 22:20:49 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 22:20:48 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/18 02:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/20 09:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/12/18 20:32:32 | 000,038,229 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/12/11 14:28:20 | 000,371,584 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/03 23:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 23:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DDMI2.sys -- (SDDMI2)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/23 08:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\portd2k.sys -- (portD)
DRV - [2003/08/28 17:58:40 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/08/06 00:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 00:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 00:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 00:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 00:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 00:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 00:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 00:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 00:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 02:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 10:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 10:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 01:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/06 08:14:34 | 000,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2003/04/15 09:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/04/15 09:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/03/04 11:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS -- (NwlnkNb)
DRV - [2002/08/29 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS -- (NwlnkSpx)
DRV - [2002/08/29 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/04/01 13:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2002/03/13 07:50:36 | 000,023,296 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NaiFiltr.sys -- (NaiFiltr)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\S-1-5-21-4006588327-4168831620-2479022406-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\S-1-5-21-4006588327-4168831620-2479022406-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 18:52:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 18:52:11 | 000,000,000 | ---D | M]

[2009/01/09 20:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glyn Elrod\Application Data\Mozilla\Extensions
[2010/02/19 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glyn Elrod\Application Data\Mozilla\Firefox\Profiles\cbqfyle7.default\extensions
[2010/02/23 17:48:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/09 23:05:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hp\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hp\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (Networks Associates Technology, Inc)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\SYSTEM32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [McRegWiz] c:\Program Files\McAfee.com\Agent\McRegWiz.exe ()
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VirusScan Online] c:\Program Files\McAfee.com\VSO\mcvsshld.exe (Networks Associates Technology, Inc)
O4 - HKLM..\Run: [VSOCheckTask] c:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (Networks Associates Technology, Inc)
O4 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra 'Tools' menuitem : Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe (Verizon Internet Solutions)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hp\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: apple.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: apple.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-4006588327-4168831620-2479022406-1008\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} https://access.concentra.com/dal0s5t/iNotes.cab (iNotes Class)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://www.barkinghampalacela.com/downloads/cab/DVatDec.cab (VatCtrl Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} https://access.concentra.com/dal0s5t/download/dolcontrol.cab (LotusDRSControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1265586301796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1265586295906 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...302/Coupons.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8118.8221643519 (Reg Error: Key error.)
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB (GDIChk Object)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} http://www2.verizon.net/update/msnwebinsta...es/vzWebIns.CAB (CPostLaunch Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://download.games.yahoo.com/games/web_...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://access.concentra.com/dal0s5t/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} http://download.gamedesire.com/g_bin/eng/m...ng_2_0_0_31.cab (GameDesire Mahjong)
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} http://prints.picturecenter.kodak.com/acti...loadControl.cab (LightSurfUploadCtl Class)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abacast.com/download/files/abasetup145.cab (Reg Error: Key error.)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?321 (QDiagHUpdateObj Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Glyn Elrod\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glyn Elrod\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/05/04 12:10:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\SYSTEM32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer HDD Camera Monitor.lnk - C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe - (PIXELA CORPORATION)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: cards - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DVDSentry - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: IntelMeM - hkey= - key= - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{92e1da6e-1c89-4e33-a216-35e1f2730501} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 19:53:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glyn Elrod\Desktop\OTL.exe
[2010/02/21 20:10:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/21 19:07:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/15 10:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/02/15 10:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/02/15 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/02/12 20:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/12 12:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/10 21:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/10 21:42:17 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/10 21:42:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/10 21:42:17 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/10 21:42:17 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/10 21:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/10 21:27:14 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/10 21:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/02/10 21:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/10 20:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/09 22:15:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/09 22:15:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/09 22:15:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/09 22:15:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/09 22:15:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/09 22:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/09 22:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glyn Elrod\Application Data\McAfee
[2010/02/09 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/02/08 21:15:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/02/08 19:27:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/08 19:27:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/08 19:16:29 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/02/08 19:16:28 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/08 19:16:27 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/08 19:16:26 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/08 19:15:03 | 000,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/02/08 19:14:30 | 000,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/08 19:14:01 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/02/08 19:13:54 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/02/08 19:12:57 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/02/08 08:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/07 18:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/07 18:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/02/07 18:09:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/07 18:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/07 18:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/07 18:07:51 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/02/07 18:07:51 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/02/07 18:07:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/02/07 18:07:50 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/02/07 18:07:49 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/02/07 18:07:49 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/02/07 17:45:18 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/06/25 09:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2008/11/01 10:46:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/01/05 07:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit
[2007/07/24 16:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/17 20:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/06/07 18:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2006/03/29 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005/04/04 20:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/12/08 11:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/12/04 09:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/05/04 12:13:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/05/04 12:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Glyn Elrod\My Documents\*.tmp files -> C:\Documents and Settings\Glyn Elrod\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 19:54:12 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/23 19:53:16 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glyn Elrod\Desktop\OTL.exe
[2010/02/23 19:52:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/23 19:52:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 19:52:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 19:52:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/23 19:52:15 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/23 19:03:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 18:43:15 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Glyn Elrod\Desktop\gmer.zip
[2010/02/21 20:16:56 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Glyn Elrod\NTUSER.DAT
[2010/02/21 20:16:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Glyn Elrod\NTUSER.INI
[2010/02/21 20:01:02 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 14:29:17 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Glyn Elrod\Desktop\Windows Explorer.lnk
[2010/02/15 20:05:02 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/02/15 20:00:30 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Glyn Elrod\My Documents\Worksheet for 2008 Amended Return.xls
[2010/02/10 21:41:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/10 21:41:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/10 21:41:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/10 21:41:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/10 21:41:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/10 21:23:15 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/10 21:22:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/10 21:12:41 | 000,001,059 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/10 21:12:41 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/02/09 23:05:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/02/09 20:53:54 | 000,548,804 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/09 20:53:54 | 000,461,858 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/02/09 20:53:54 | 000,079,554 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/02/09 17:16:29 | 000,700,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/08 21:38:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/08 21:23:07 | 000,003,834 | ---- | M] () -- C:\WINDOWS\DISNEY.INI
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Glyn Elrod\My Documents\*.tmp files -> C:\Documents and Settings\Glyn Elrod\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/22 18:43:15 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Glyn Elrod\Desktop\gmer.zip
[2010/02/12 12:58:14 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/12 12:58:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/10 21:23:15 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/10 21:22:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/09 22:16:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/09 22:15:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/09 22:15:06 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/09 22:15:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/09 22:15:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/09 22:15:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/09 22:15:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/07 18:10:12 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/03 07:26:44 | 000,000,097 | ---- | C] () -- C:\WINDOWS\Cloud9.ini
[2009/09/11 19:50:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/20 19:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2009/08/20 19:01:57 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2009/08/20 19:01:57 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2009/08/20 19:01:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/11/28 16:23:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Glyn Elrod\Application Data\$_hpcst$.hpc
[2008/04/06 16:47:14 | 000,031,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/09/09 17:52:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/09 17:52:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/09 17:42:08 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2007/09/09 17:42:08 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2007/09/09 17:42:08 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2007/08/23 20:11:10 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Glyn Elrod\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/23 20:10:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Aurora MPEG To DVD.INI
[2007/06/16 12:45:04 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Glyn Elrod\Local Settings\Application Data\fusioncache.dat
[2007/02/15 17:40:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/06/15 17:32:28 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\REGISTRY.INI
[2005/11/27 13:02:02 | 000,000,475 | ---- | C] () -- C:\WINDOWS\DogsOWar.INI
[2005/11/27 10:18:04 | 000,001,472 | ---- | C] () -- C:\WINDOWS\Gemstorm.ini
[2005/11/23 12:27:44 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/11/23 12:27:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/11/21 16:04:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/03/13 22:17:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/30 12:18:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Preschol.ini
[2004/11/29 17:26:01 | 000,003,753 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/31 14:16:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2004/07/17 21:07:41 | 000,002,693 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2004/07/08 08:43:24 | 000,000,345 | ---- | C] () -- C:\WINDOWS\tlcapps.ini
[2004/07/08 08:42:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/06/10 09:03:32 | 000,000,448 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/05/19 17:01:13 | 000,003,834 | ---- | C] () -- C:\WINDOWS\DISNEY.INI
[2004/05/12 17:12:39 | 000,000,377 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/05/09 18:08:02 | 000,000,240 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/05/09 18:07:22 | 000,000,217 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/09 17:52:32 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\NaiFiltr.sys
[2004/05/09 17:14:30 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/04 12:56:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/04 12:47:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/04 12:36:40 | 000,000,578 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/05/04 12:22:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/04 12:14:32 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/02/10 19:15:36 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/01/23 08:03:50 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/11/20 12:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 07:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 02:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/12/07 21:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/05/17 15:33:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/12/07 21:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/05/17 15:33:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 12:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/12/07 21:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/05/17 15:33:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/12/07 21:38:41 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/05/17 15:33:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2003/04/23 08:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 04:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 04:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 04:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >



Another file called "extras" was generated. Here is "extras".

OTL Extras logfile created on: 2/23/2010 7:54:11 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Glyn Elrod\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 628.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 14.11 Gb Free Space | 37.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.00 Gb Total Space | 79.60 Gb Free Space | 53.42% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3T5JT41
Current User Name: Glyn Elrod
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4006588327-4168831620-2479022406-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{152BF35B-56D7-4652-B519-1661AAC270EE}" = The Print Shop 20
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25EF00A3-F17B-11D6-88EA-000476CD2443}" = Verizon Online Control Pad
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30AD5099-00DA-4210-B5C2-BAF47B75232B}" = Vz In Home Agent
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38F3492E-515F-409D-B090-8D35E548C0CF}" = Matador for Outlook
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E6AE74-357C-4B33-8324-FDDC9997B4D1}" = Princess Magical Dress-Up
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9C92937F-7E79-4A32-AB80-BD7637146308}" = BRATZ - Rock Angelz
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A73ACE08-4CA7-4d08-912E-EFE4DF521B39}" = c7200_Help
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAD8C6AD-7410-4C0D-BA67-0E390F7FB143}" = HP Design Studio Holiday Cards 1.0 by AmericanGreetings.com
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE4888DB-CE49-485b-AA3A-A9E0F361B277}" = C7200
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{E14B8A08-42B3-4676-9E91-1D39F8158DA1}" = HP Print Diagnostic Utility
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7417E3A-EC38-4566-83CC-92942466F4D1}" = Shrek Activity Center
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F619E2AF-677D-49bc-9618-D60BDFB925DB}" = C7200_doccd
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE73168-EE4D-11D5-B233-0050DACD394D}" = Disney's Winnie the Pooh ABCs
"{FCE73230-EE4D-11D5-B233-0050DACD394D}" = Disney's Winnie the Pooh Spelling
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Audacity_is1" = Audacity 1.2.6
"AVI DivX MPEG to DVD Converter & Burner_is1" = AVI DivX MPEG to DVD Converter & Burner 4.6
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS Video Tools 5_is1" = AVS Video Tools 5.6
"Barbie™ as Rapunzel" = Barbie™ as Rapunzel
"Clifford Reading" = Clifford Reading
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy AVI/VCD/DVD/MPEG Converter_is1" = Easy AVI/VCD/DVD/MPEG Converter
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 1.5.2.0 by MixMeister
"FPRdyPre" = Fisher-Price® Ready for Preschool
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"I Can Be An Animal Doctor" = I Can Be An Animal Doctor
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"JDSecure" = JD Secure 3.1
"JumpStart Math for Kindergartners" = JumpStart Math for Kindergartners
"Mcafee SecurityCenter" = McAfee SecurityCenter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mp3tag" = Mp3tag v2.39
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"My Little Pony" = My Little Pony
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Reader Rabbit Personalized 2nd Grade" = Reader Rabbit Personalized 2nd Grade
"Reader Rabbit Personalized Preschool" = Reader Rabbit Personalized Preschool
"rrm46_32.exe" = Reader Rabbit's Math Ages 4-6
"Rudolph Deinstall Key" = Rudolph's Magical Sleigh Ride
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Secret Agent™ Barbie™" = Secret Agent™ Barbie™
"Shockwave" = Shockwave
"ST4UNST #1" = Fractals for Windows
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Treehouse CD" = Treehouse CD
"TurboTax 2008" = TurboTax 2008
"TurboTax Basic 2004" = TurboTax Basic 2004
"TurboTax Basic 2005" = TurboTax Basic 2005
"TurboTax Basic 2007" = TurboTax Basic 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"UnityWebPlayer" = Unity Web Player
"Verizon Help and Support" = Verizon Help and Support Tool
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winnie the Pooh Toddler" = Disney's Winnie the Pooh Toddler
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2010 1:26:38 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/15/2010 1:38:17 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/15/2010 1:38:52 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/15/2010 2:10:27 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/15/2010 2:10:55 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/19/2010 3:23:37 PM | Computer Name = D3T5JT41 | Source = pctsSvc.exe | ID = 0
Description =

Error - 2/21/2010 3:07:51 PM | Computer Name = D3T5JT41 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.2.25, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2010 3:08:03 PM | Computer Name = D3T5JT41 | Source = Application Hang | ID = 1001
Description = Fault bucket 1533099553.

Error - 2/21/2010 8:57:06 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

Error - 2/21/2010 8:57:08 PM | Computer Name = D3T5JT41 | Source = MsiInstaller | ID = 11706
Description = Product: HP Smart Web Printing -- Error 1706.No valid source could
be found for product HP Smart Web Printing. The Windows Installer cannot continue.

[ System Events ]
Error - 2/23/2010 9:28:01 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Port Client Driver service failed to start due to the
following error: %%2

Error - 2/23/2010 9:28:01 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Service service failed to start due to the following
error: %%2

Error - 2/23/2010 9:28:26 PM | Computer Name = D3T5JT41 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 8671100c.

Error - 2/23/2010 9:29:26 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/23/2010 9:29:26 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTKRNL

Error - 2/23/2010 9:52:47 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Serial Driver service failed to start due to the following
error: %%2

Error - 2/23/2010 9:52:47 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Port Client Driver service failed to start due to the
following error: %%2

Error - 2/23/2010 9:52:47 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Service service failed to start due to the following
error: %%2

Error - 2/23/2010 9:54:11 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/23/2010 9:54:11 PM | Computer Name = D3T5JT41 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTKRNL


< End of report >








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users