Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to complete anti-virus scan


  • This topic is locked This topic is locked
43 replies to this topic

#1 MitziNadine

MitziNadine

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 19 February 2010 - 05:59 PM

Hello,

Our ISP had been providing McAfee free, and recently they switched to Norton Security Suite. I've downloaded the program, but it will not complete a scan. It freezes and sometimes the screen becomes black with notation that there is a problem with the hard drive and says to check the user's manual.

There is another note saying to press Enter and when I do the computer restarts. Each time I try to do a complete scan, this happens. The computer has also become slower than it was.

I have followed the directions to create the DDS and Attach files, but just as I pressed the 'scan' functionsfor the Gmer file, I received a dialogue box from Microsoft that says, "Gmer.exe has encountered a problem and needs to close. We are sorry for this inconvenience." Then the program disappeared. It is still located on my Desktop however.

My computer had been rather slow for some time before our ISP switched from McAfee to Norton, but it would still operate the McAfee scans and run email etc. Only very slowly.

I appreciate your service very much. During Christmas time I had problems with a laptop, and I received perfect advice from the Bleeping Computer and that works fine now.

MitziNadine
************************

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:58:45.71 on Fri 02/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT -6:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\snmp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.0.41\IPSBHO.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.0.41\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {D6A116E7-5906-42E4-87F6-E7E15936415E} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [GWMDMpi] c:\winnt\GWMDMpi.exe
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\winnt\system32\Shdocvw.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: Yahoo! Graffiti - hxxp://download.games.yahoo.com/games/clients/y/grt5_x.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
DPF: {01115A00-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgcmd.cab
DPF: {01118F00-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/ssrc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxps://support.gateway.com/support/profiler//PCPitStop.CAB
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://mirror.worldwinner.com/games/v45/pool/pool.cab
DPF: {511073AD-BE56-4D43-AE68-93390514385E} - hcp://system/TechTools.CAB
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://207.188.7.150/014ab9ab13cd63dea921/netzip/RdxIE601.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1257910686359
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187908897406
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187908869296
DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} - hcp://system/RunExeActiveX.CAB
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://mirror.worldwinner.com/games/shared/wwlaunch.cab
DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} - hcp://system/StartFirstControl.CAB
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.0.41\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Notification Packages = :\winnt\system3 scecli

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-17 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\winnt\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-17 259632]
R1 ccHP;Symantec Hash Provider;c:\winnt\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-17 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100210.001\IDSXpx86.sys [2010-2-16 329592]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.0.41\ccSvcHst.exe [2010-2-17 117640]
R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [2003-2-10 6736]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-2-3 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-17 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100219.002\NAVENG.SYS [2010-2-19 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100219.002\NAVEX15.SYS [2010-2-19 1324720]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\qctest\pcdoc\pcdrdrv.sys --> c:\atf\qctest\pcdoc\PCDRDRV.sys [?]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-02-19 21:42:04 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-02-18 21:33:51 0 d-----w- c:\docume~1\owner\applic~1\Tific
2010-02-16 19:51:22 107368 ----a-r- c:\winnt\system32\GEARAspi.dll
2010-02-16 19:51:21 26600 ----a-r- c:\winnt\system32\drivers\GEARAspiWDM.sys
2010-02-16 19:50:41 36400 ----a-r- c:\winnt\system32\drivers\SymIM.sys
2010-02-16 19:50:14 0 d-----w- c:\program files\Symantec
2010-02-16 19:47:46 0 d-----w- c:\winnt\system32\drivers\N360
2010-02-16 19:47:43 0 d-----w- c:\program files\Norton Security Suite
2010-02-16 19:47:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-02-16 19:47:24 0 d-----w- c:\program files\NortonInstaller
2010-02-16 19:47:24 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-02-16 19:50:14 806 ----a-w- c:\winnt\system32\drivers\SYMEVENT.INF
2010-02-16 19:50:14 7456 ----a-w- c:\winnt\system32\drivers\SYMEVENT.CAT
2010-02-16 19:50:14 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2010-02-16 19:50:14 124976 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2009-12-31 16:50:03 353792 ----a-w- c:\winnt\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\winnt\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\winnt\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\winnt\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\winnt\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\winnt\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\winnt\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\winnt\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\winnt\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\winnt\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\winnt\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\winnt\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\winnt\system32\msrle32.dll
2008-04-07 16:39:26 706 ----a-w- c:\program files\INSTALL.LOG
2008-07-23 18:31:04 32768 --sha-w- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072320080724\index.dat

============= FINISH: 16:00:07.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 20 February 2010 - 02:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2010 - 04:55 PM

Hello Myrti,

Thank you lots for your response.

After I sent my request, I tried one more time to run the Gmer file. This time I disabled the Norton Firewall and antivirus scan. It seemed to be working, but after a long time 2 dialogue boxes appeared. One in the tray with a yellow warning said: "Windows - Delayed Write Failed. Windows was unable to save all the data for the file \Device\HarddiskVolume1\$Mft. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere."

The other box was in the middle of the screen: "Windows-Delayed Write Failed. Windows was unable to save all the data for the file\Device\HarddiskVolume1\WINNT\system 32\oobe\mui\04 ie. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this filw elsewhere."

There was a box to check "OK", but the computer was frozen at this point and the cursor couldn't move.

I shut the computer down with the power button. When the screen opened, it said:

"Checking file system on C:
The type file system is NTFS
One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk."

It went through the CHKDSK verification process and the computer is working again.

I attempted to go to the Options dropdown list and select "Track this topic", but an error occured. I will try that again soon.

Here are the 2 files opened after the OTL scan:

OTL logfile created on: 2/20/2010 3:13:15 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.82 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 15:00:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/02/16 13:49:44 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/19 11:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 18:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2008/02/11 15:57:41 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/03/16 20:13:24 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINNT\system32\drivers\CDAC11BA.EXE
PRC - [2002/09/03 07:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cidaemon.exe
PRC - [2002/08/18 23:00:00 | 000,057,388 | ---- | M] (Lanovation) -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
PRC - [2002/08/06 15:24:14 | 000,090,112 | ---- | M] (GTW) -- C:\WINNT\GWMDMMSG.exe
PRC - [2002/07/16 20:21:48 | 000,028,672 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2002/07/16 12:16:00 | 000,061,440 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 15:00:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/02/16 13:49:01 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 18:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcp60.dll
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/02/16 13:49:44 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/13 18:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2008/02/11 15:57:41 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2003/03/16 20:13:24 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINNT\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2002/08/18 23:00:00 | 000,057,388 | ---- | M] (Lanovation) [Auto | Running] -- C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2002/07/16 12:16:00 | 000,061,440 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2002/05/03 12:36:24 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/02/16 13:50:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/16 13:49:52 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/16 13:49:52 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/16 13:49:52 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/16 13:49:52 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/02/16 13:49:52 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/16 13:49:52 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/02/16 13:49:52 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/02/16 13:49:52 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2010/02/16 13:49:52 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2010/02/16 13:49:51 | 000,026,600 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/02/16 13:49:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/02/16 13:49:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/16 02:36:18 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/16 02:36:18 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/02/16 02:36:18 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100220.006\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 16:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2007/11/13 04:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/14 20:05:54 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/10/04 20:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 20:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 15:53:22 | 000,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2003/03/16 20:13:22 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2003/03/04 11:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2002/09/03 07:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2002/09/03 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/16 08:13:12 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/08/06 15:24:16 | 001,107,680 | ---- | M] (GTW) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\GWMDM.sys -- (GTWModem)
DRV - [2002/07/24 13:52:24 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:30 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:20 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:06 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:02 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:50 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:26 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/16 12:16:00 | 000,981,466 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/05/03 12:36:44 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NMSCFG.SYS -- (NMSCFG)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 12:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2000/09/12 00:39:10 | 000,006,208 | ---- | M] (Silitek Corp.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\Sk9920nt.sys -- (Sk9920nt)
DRV - [2000/09/11 18:32:28 | 000,007,552 | ---- | M] (Silitek Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sk99202k.sys -- (Sk99202k)
DRV - [2000/06/06 10:29:58 | 000,006,736 | ---- | M] (RioPort.com) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\RioPnP.sys -- (RioPNP)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINNT\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\S-1-5-21-102963878-3288179143-129146118-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-102963878-3288179143-129146118-1003\S-1-5-21-102963878-3288179143-129146118-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/02/20 14:42:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/03/21 14:44:01 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No CLSID value found.
O3 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [GWMDMMSG] C:\WINNT\GWMDMMSG.exe (GTW)
O4 - HKLM..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKU\S-1-5-21-102963878-3288179143-129146118-1003..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKU\S-1-5-21-102963878-3288179143-129146118-1003\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01115A00-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgcmd.cab (Support.com Control Commander Proxy)
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/ssrc.cab (SupportSoft RemoteControl Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} https://support.gateway.com/support/profiler//PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://mirror.worldwinner.com/games/v45/pool/pool.cab (Pool Control)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} hcp://system/TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://207.188.7.150/014ab9ab13cd63dea921/...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1257910686359 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1187908897406 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1187908869296 (MUWebControl Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} hcp://system/RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://mirror.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} hcp://system/StartFirstControl.CAB (StartFirstControl.CheckFirst)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Graffiti http://download.games.yahoo.com/games/clients/y/grt5_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Web\Wallpaper\GTW_blue.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Web\Wallpaper\GTW_blue.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/09 14:29:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{83ab1a8f-5682-11d9-85c7-0007e9e2e6c2}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure20.exe -- File not found
O33 - MountPoints2\{c529ed8b-7737-11d9-85db-0007e9e2e6c2}\Shell\AutoRun\command - "" = G:\JDSecure\Windows\JDSecure20.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2007/06/10 22:22:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINNT\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SymEFA.sys - C:\WINNT\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\WINNT\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Installation Support
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Installation Support
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Installation Support
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: {F9C174E3-3E87-40bc-AA94-B8974F2B9222} - Q813489
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 15:00:28 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/19 16:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/02/18 15:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Tific
[2010/02/18 15:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Tific
[2010/02/17 11:55:07 | 000,217,136 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symtdi.sys
[2010/02/17 11:55:07 | 000,048,688 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symndisv.sys
[2010/02/17 11:55:06 | 000,482,432 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/02/17 11:55:06 | 000,310,320 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/02/17 11:55:06 | 000,308,272 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.sys
[2010/02/17 11:55:06 | 000,089,904 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symfw.sys
[2010/02/17 11:55:06 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.sys
[2010/02/17 11:55:06 | 000,036,400 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symndis.sys
[2010/02/17 11:55:06 | 000,033,072 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symids.sys
[2010/02/17 11:55:05 | 000,259,632 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/02/17 11:53:29 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\N360\0308000.029
[2010/02/16 13:51:22 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINNT\System32\GEARAspi.dll
[2010/02/16 13:51:21 | 000,026,600 | R--- | C] (GEAR Software Inc.) -- C:\WINNT\System32\drivers\GEARAspiWDM.sys
[2010/02/16 13:51:17 | 000,000,000 | ---D | C] -- C:\WINNT\System32\DRVSTORE
[2010/02/16 13:50:41 | 000,036,400 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SymIM.sys
[2010/02/16 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/02/16 13:47:46 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\N360
[2010/02/16 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/02/16 13:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/02/16 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/02/16 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/02/16 13:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/02/16 13:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Symantec
[2009/12/08 14:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/02/28 15:49:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/12/16 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005/02/11 18:17:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/02/03 16:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/09/03 23:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/09/03 18:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/12/09 12:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINNT\System32\comintfs.dll
[2003/02/10 22:52:46 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\a3d.dll
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[12 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/20 15:00:34 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/20 15:00:00 | 000,000,486 | ---- | M] () -- C:\WINNT\tasks\1-Click Maintenance.job
[2010/02/20 14:42:55 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/02/20 14:42:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/02/20 14:42:11 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/02/20 14:42:08 | 535,678,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 14:34:07 | 000,819,182 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/19 19:24:05 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
[2010/02/19 19:24:05 | 000,023,304 | ---- | M] () -- C:\WINNT\System32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
[2010/02/19 19:24:05 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
[2010/02/19 19:24:05 | 000,018,648 | ---- | M] () -- C:\WINNT\System32\BMXState-{00000002-00000000-00000001-00001102-00000004-00581102}.rfx
[2010/02/19 19:24:05 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settingsbkup.sfm
[2010/02/19 19:24:05 | 000,001,080 | ---- | M] () -- C:\WINNT\System32\settings.sfm
[2010/02/19 19:24:04 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCStateBkp-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
[2010/02/19 19:24:04 | 000,000,024 | ---- | M] () -- C:\WINNT\System32\DVCState-{00000002-00000000-00000001-00001102-00000004-00581102}.dat
[2010/02/19 19:23:26 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/19 19:23:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/19 16:47:45 | 000,000,418 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{ED174CA8-843B-4E75-A252-2CD3B5ED1DD5}.job
[2010/02/19 16:24:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/19 15:54:07 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/19 15:42:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/19 15:39:03 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/02/18 21:07:29 | 535,711,744 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2010/02/17 18:33:22 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/02/17 11:53:29 | 000,000,172 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/16 13:50:14 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2010/02/16 13:50:14 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2010/02/16 13:50:14 | 000,007,456 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2010/02/16 13:50:14 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2010/02/16 13:49:52 | 000,310,320 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.sys
[2010/02/16 13:49:52 | 000,308,272 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.sys
[2010/02/16 13:49:52 | 000,217,136 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symtdi.sys
[2010/02/16 13:49:52 | 000,089,904 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symfw.sys
[2010/02/16 13:49:52 | 000,048,688 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symndisv.sys
[2010/02/16 13:49:52 | 000,043,696 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.sys
[2010/02/16 13:49:52 | 000,036,400 | R--- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SymIM.sys
[2010/02/16 13:49:52 | 000,036,400 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symndis.sys
[2010/02/16 13:49:52 | 000,033,072 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\symids.sys
[2010/02/16 13:49:51 | 000,026,600 | R--- | M] (GEAR Software Inc.) -- C:\WINNT\System32\drivers\GEARAspiWDM.sys
[2010/02/16 13:49:50 | 000,482,432 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\cchpx86.sys
[2010/02/16 13:49:50 | 000,259,632 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.sys
[2010/02/16 13:49:21 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\WINNT\System32\GEARAspi.dll
[2010/02/16 13:48:51 | 000,003,373 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/02/16 13:48:51 | 000,001,752 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/02/16 13:48:51 | 000,001,562 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/02/16 13:48:51 | 000,001,561 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNet.inf
[2010/02/16 13:48:51 | 000,001,388 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.inf
[2010/02/16 13:48:51 | 000,001,382 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.inf
[2010/02/16 13:48:51 | 000,000,640 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/02/16 13:47:46 | 000,009,412 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\symnetv.cat
[2010/02/16 13:47:46 | 000,009,402 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNet.cat
[2010/02/16 13:47:46 | 000,007,431 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/02/16 13:47:46 | 000,007,429 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.cat
[2010/02/16 13:47:46 | 000,007,425 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.cat
[2010/02/16 13:47:46 | 000,007,400 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/02/16 13:47:46 | 000,007,383 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/02/16 11:23:02 | 003,207,333 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000004-00581102}.CDF
[2010/02/16 11:23:02 | 003,207,333 | ---- | M] () -- C:\WINNT\{00000002-00000000-00000001-00001102-00000004-00581102}.BAK
[2010/02/10 12:08:55 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[12 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\drivers\*.tmp files -> C:\WINNT\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 16:24:27 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/02/19 15:54:05 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/02/19 15:42:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2010/02/19 15:39:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2010/02/17 18:33:36 | 000,819,182 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/17 11:55:07 | 000,009,412 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\symnetv.cat
[2010/02/17 11:55:07 | 000,009,402 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNet.cat
[2010/02/17 11:55:07 | 000,001,562 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNetV.inf
[2010/02/17 11:55:07 | 000,001,561 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymNet.inf
[2010/02/17 11:55:06 | 000,007,431 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.cat
[2010/02/17 11:55:06 | 000,007,429 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.cat
[2010/02/17 11:55:06 | 000,007,425 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.cat
[2010/02/17 11:55:06 | 000,003,373 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\SymEFA.inf
[2010/02/17 11:55:06 | 000,001,388 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtspx.inf
[2010/02/17 11:55:06 | 000,001,382 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\srtsp.inf
[2010/02/17 11:55:05 | 000,007,400 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.CAT
[2010/02/17 11:55:05 | 000,007,383 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\ccHPx86.cat
[2010/02/17 11:55:05 | 000,001,752 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\ccHPx86.inf
[2010/02/17 11:55:05 | 000,000,640 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\BHDrvx86.inf
[2010/02/17 11:53:29 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/16 13:49:58 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2009/11/14 19:46:44 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\msnpromo.txt
[2008/03/21 14:35:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/06/11 01:10:07 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2005/11/26 19:53:38 | 000,000,024 | ---- | C] () -- C:\WINNT\@loha.ini
[2005/08/13 16:39:10 | 000,001,155 | ---- | C] () -- C:\WINNT\Mpcwty02.ini
[2005/03/19 20:45:31 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2005/03/19 20:31:10 | 000,006,656 | ---- | C] () -- C:\WINNT\System32\CNMVS56.DLL
[2005/02/05 18:58:45 | 000,000,000 | ---- | C] () -- C:\WINNT\JDSecure20.INI
[2004/03/08 15:26:23 | 000,000,877 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/02/08 10:22:28 | 000,008,344 | ---- | C] () -- C:\WINNT\hplj1010.ini
[2004/01/19 17:46:09 | 000,000,039 | ---- | C] () -- C:\WINNT\POWERUP.INI
[2003/11/03 22:55:10 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/07/14 09:12:00 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2003/06/09 08:37:36 | 000,000,706 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2003/03/16 20:13:25 | 000,202,752 | ---- | C] () -- C:\WINNT\CDAC14BA.DLL
[2003/03/16 20:13:23 | 000,011,376 | ---- | C] () -- C:\WINNT\System32\drivers\CdaC15BA.SYS
[2003/02/20 21:56:17 | 000,072,704 | ---- | C] () -- C:\WINNT\System32\GTRTST32.DLL
[2003/02/20 21:54:50 | 000,000,000 | ---- | C] () -- C:\WINNT\arhelper.INI
[2003/02/16 12:27:10 | 000,000,012 | ---- | C] () -- C:\WINNT\ulead32.ini
[2003/02/15 13:32:14 | 000,000,043 | ---- | C] () -- C:\WINNT\INTUIT.INI
[2003/02/15 13:28:36 | 000,000,000 | ---- | C] () -- C:\WINNT\QFN.ini
[2003/02/15 13:28:36 | 000,000,000 | ---- | C] () -- C:\WINNT\QDQICK.ini
[2003/02/15 13:20:34 | 000,000,050 | ---- | C] () -- C:\WINNT\qwimp.ini
[2003/02/15 10:41:41 | 000,000,340 | ---- | C] () -- C:\WINNT\QTW.INI
[2003/02/15 10:41:36 | 000,000,144 | ---- | C] () -- C:\WINNT\INDEO.INI
[2003/02/15 10:24:13 | 000,000,020 | ---- | C] () -- C:\WINNT\LANG.INI
[2003/02/14 19:05:00 | 000,000,024 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/02/14 19:04:54 | 000,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2003/02/10 23:12:41 | 000,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/02/10 22:55:31 | 000,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/02/10 22:53:43 | 000,000,211 | ---- | C] () -- C:\WINNT\Quicken.ini
[2003/02/10 22:52:58 | 000,000,231 | ---- | C] () -- C:\WINNT\AC3API.INI
[2003/02/10 22:52:58 | 000,000,000 | ---- | C] () -- C:\WINNT\SBWIN.INI
[2003/02/10 22:52:48 | 000,053,024 | ---- | C] () -- C:\WINNT\System32\UPDDRV9X.DLL
[2003/02/10 22:52:48 | 000,037,727 | ---- | C] () -- C:\WINNT\System32\Emu10kx.ini
[2003/02/10 22:52:48 | 000,000,180 | ---- | C] () -- C:\WINNT\System32\kill.ini
[2003/02/10 22:52:48 | 000,000,092 | ---- | C] () -- C:\WINNT\System32\editinf.ini
[2003/02/10 22:52:48 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2003/02/10 22:52:22 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2003/02/10 22:52:22 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2003/02/10 21:51:39 | 000,000,256 | ---- | C] () -- C:\WINNT\System32\UPDATE.INI
[2003/02/10 21:51:27 | 000,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[2002/09/03 13:00:31 | 000,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINNT\System32\sysres.dll

========== Custom Scans ==========


< CODE >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll
[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/07/23 11:41:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/07/23 11:41:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/09/03 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2008/07/23 11:41:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/07/23 11:41:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/03/21 16:13:37 | 022,245,337 | ---- | M] () .cab file -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sp2.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\INSTALL.LOG:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\My Documents\20041029-037-i32.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\LuResult.txt:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\NTUSER.DAT:SummaryInformation
< End of report >
****
OTL Extras logfile created on: 2/20/2010 3:13:15 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.82 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Camera Window
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PDF IFilter 6.0" = Adobe PDF IFilter 6.0
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CdaC13Ba" = SafeCast Shared Components
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"comcasttb" = Comcast Toolbar 3.0
"Creative Driver" = Creative Driver
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"Easy-WebPrint" = Easy-WebPrint
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Canon Camera Window for ZoomBrowser EX
"Mald32V4" = MyAdvancedLabelDesigner 4.0.1a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"Total 3D Home & Landscape" = Total 3D Home & Landscape
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2010 4:31:49 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:49 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:50 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:53 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/18/2010 5:34:45 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application symnpd.exe, version 1.0.0.14, faulting module
symnpdscan.dll, version 1.0.0.14, fault address 0x000100b1.

Error - 2/18/2010 5:37:14 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1449734928.

Error - 2/18/2010 5:37:50 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application symnpd.exe, version 1.0.0.14, faulting module
symnpdscan.dll, version 1.0.0.14, fault address 0x000100b1.

Error - 2/18/2010 5:37:55 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1449734928.

Error - 2/19/2010 6:30:12 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Error - 2/19/2010 6:32:37 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1613256587.

[ System Events ]
Error - 2/18/2010 10:11:57 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:13 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:28 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:43 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:58 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:14 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:28 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:43 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/20/2010 2:10:01 PM | Computer Name = NADINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ROBERT-F88BFCF5 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3C8A670F-DC0. The master browser is stopping or an election is being
forced.

Error - 2/20/2010 4:31:17 PM | Computer Name = NADINE | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.


< End of report >

*******


#4 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2010 - 05:01 PM

Hi again Myrti,

The size of both files was too great I think. I could only post the OTL.Tox in reply, so here is the Extras.Txt file.

Thank you,

MitziNadine
*****************************
OTL Extras logfile created on: 2/20/2010 3:13:15 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 25.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.82 Gb Free Space | 73.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NADINE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{2236B741-6631-49AE-B76E-3E14CA01CC87}" = RemoteCapture Task
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9115E7DB-3B29-445A-802D-11E0AA945B7F}" = Sound Blaster Audigy
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Camera Window
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PDF IFilter 6.0" = Adobe PDF IFilter 6.0
"CANONBJ_Deinstall_CNMCP56.DLL" = Canon i860
"CdaC13Ba" = SafeCast Shared Components
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"comcasttb" = Comcast Toolbar 3.0
"Creative Driver" = Creative Driver
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint Plus" = Canon Utilities Easy-PhotoPrint Plus
"Easy-WebPrint" = Easy-WebPrint
"GTW V.92 Voicemodem" = GTW V.92 Voicemodem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Canon Camera Window for ZoomBrowser EX
"Mald32V4" = MyAdvancedLabelDesigner 4.0.1a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SK_PS2MillenniumKeyboard" = PS/2 Millennium Keyboard
"Total 3D Home & Landscape" = Total 3D Home & Landscape
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-102963878-3288179143-129146118-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2010 4:31:49 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:49 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:50 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/16/2010 4:31:53 PM | Computer Name = NADINE | Source = Application Hang | ID = 1001
Description = Fault bucket 736169863.

Error - 2/18/2010 5:34:45 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application symnpd.exe, version 1.0.0.14, faulting module
symnpdscan.dll, version 1.0.0.14, fault address 0x000100b1.

Error - 2/18/2010 5:37:14 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1449734928.

Error - 2/18/2010 5:37:50 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application symnpd.exe, version 1.0.0.14, faulting module
symnpdscan.dll, version 1.0.0.14, fault address 0x000100b1.

Error - 2/18/2010 5:37:55 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1449734928.

Error - 2/19/2010 6:30:12 PM | Computer Name = NADINE | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Error - 2/19/2010 6:32:37 PM | Computer Name = NADINE | Source = Application Error | ID = 1001
Description = Fault bucket 1613256587.

[ System Events ]
Error - 2/18/2010 10:11:57 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:13 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:28 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:43 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:12:58 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:14 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:28 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/18/2010 10:13:43 PM | Computer Name = NADINE | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 2/20/2010 2:10:01 PM | Computer Name = NADINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
ROBERT-F88BFCF5 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3C8A670F-DC0. The master browser is stopping or an election is being
forced.

Error - 2/20/2010 4:31:17 PM | Computer Name = NADINE | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 20 February 2010 - 05:02 PM

Hi,

have you tried running gmer in safe mode? Does it crash there as well? If it does crash as well please provide a log from rootrepeal as well:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2010 - 05:27 PM

Hi Myrti,

I am almost computer illiterate. I will be happy to run the Gmer file in Safe mode if you tell me how to get there please.

Thanks,

MitziNadine

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 20 February 2010 - 05:35 PM

Hi,

you can find detailed instructions on how to boot into safe mode in this tutorial.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2010 - 08:56 PM

Hello Myrti,

I am writing from my husbands computer since I am not sure what to do with mine next.

Thank you for the tutorial link.

I ran the Gmer scan in safe mode (really took a long time) and it just now ended or stopped scanning. There is no box at the end of the file for me to choose 'Save'. There is no scroll bar to make the page go that far. It only goes down to the box for "Show All" and I can see there is more to the page, but cannot make it fit the window. I shortened the page and raised it to the top of the window and then tried to stretch it out again, but it seems to be getting smaller with each try.

It must have been larger in the beginning because I cliked on "Scan" which is below where it ends now. I could see it scanning for ages and then it just stopped. I have left it as it ended still in the window.

Do you still wish me to run RootRepeal? and if so should I run that from Safe Mode as well?

Thank you,

MitzieNadine



#9 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2010 - 11:31 PM

Hi,

I decided to try to run the Gmer scan again in normal mode adn with Norton disabled.

After scanning for a while, a box appeared: "Gmer Warning! Gmer has found modification caused by ROOTKIT activity."

I clicked OK in the box at bottom. Then a smaller one said: "The scan was stopped." When I clicked OK to this box, it closed Gmer.

MitziNadine


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 21 February 2010 - 08:56 AM

Hi,

Sadly I'm not aware of a way to make that window larger for gmer. So please try running root repeal then, you can run it in normal mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 February 2010 - 12:42 PM

Hi Myrti,

I've tried to run the RootRepeal program, but it doesn't look as though it will work.

When I first wrote you, my computer had the problem of being extremely slow, then as we worked on several scans, it got much better. Now I notice that it is back to running extremely slow again.

While downloading RootRepeal and extracting, it seemed to run normally, but once I clicked on "Run", a box with the notice, "Initiallizing, please wait" appeared, but never did anything else for more than 15 minutes. I tried again, and got the same results (with Norton disabled).

Most of the problems began with the installation of the Norton Security Suite from Comcast. I am beginning to wonder if we might uninstall that program and either run another from Bleeping Computers or go without virus protection for a while. We had problems with all our computers when we first switched from McAfee and installed Norton, but were able to clear up all of these except on my computer.

At this moment, my computer is frozen up from trying to close the RootRepeal program. I will restart it and wait to hear from you.

Thank you lots,

MitziNadine

#12 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 February 2010 - 12:58 PM

Hello again,

Things have changed a little.

A box appeared saying: "Windows Virtual memory minimum too low. Your System is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applicaitons may be denied. For more information, see help."

I clicked OK, so it is doing something. Neither the desktop icons nor the tray are visible but it isn't frozen as the cursor still moves.

Thanks,

MitziNadine

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 21 February 2010 - 01:56 PM

Hi,

please kill off Rootrepeal for now and reboot. Then try running RootRepeal with the following settings:
Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 MitziNadine

MitziNadine
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 February 2010 - 02:43 PM

Hi Myrti,

I'm sorry for being so dense! I just must be doing this all wrong. I rebooted the system and then double clicked on RootRepeal. From that moment, a box opens which says: "Initializing, please wait". There is no option to change anything.

Is it from the RootRepeal Program's Settings > Options that I should be able to choose Special or High level?. I did look at the file tab, but didn't find any area to uncheck "Use Lowest Level for MBR"

Maybe you meant for me to change the "Disk Access Level" from some other area.

I'll just read through the Windows help menu and see if I can find anything like that while I wait to hear back.

Thank you,

MitziNadine

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:17 AM

Posted 21 February 2010 - 04:19 PM

Hi,

ok, then let's leave RootRepeal as well. Try to run mbr as well:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users