Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

e-mail hijack


  • This topic is locked This topic is locked
22 replies to this topic

#1 ggood2

ggood2

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 13 March 2010 - 04:49 PM

Some how e-mails are being sent from my computer to all im my address book. it send one to the fisrt few with a subject name of a person, then it is a link to a candain drug co. then it send another one with differant subjet line, differant link but it goes to same website. In a engieer using autocad and have no idea what is wrongAttached File  errorlog.log   5.45KB   13 downloads

BC AdBot (Login to Remove)

 


#2 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 14 March 2010 - 08:31 PM

Attached File  hijackthis.log   12.95KB   11 downloadsI need help as dont klnow what is wrong. There is e-amils being sent from my computer to all in the address book. Thanks in advance for any help

Edited by Orange Blossom, 14 March 2010 - 09:07 PM.
Merged topics. ~ OB


#3 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:22 AM

Posted 16 March 2010 - 09:05 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#4 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 16 March 2010 - 07:58 PM



#5 pwgib

pwgib

  • Malware Response Team
  • 2,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:10:22 AM

Posted 17 March 2010 - 08:26 AM

Hello ggood2

In order to help you we need to see what is going on with your computer so please run and post the DDS scans I have asked for in my post #3.

Thanks!!!
PW

#6 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 17 March 2010 - 06:20 PM

Every time i try to upload the dds it fails, says file larger than space. Im really confused now.

Thanks for you pataince

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 18 March 2010 - 12:27 PM

QUOTE(ggood2 @ Mar 17 2010, 07:20 PM) View Post
Every time i try to upload the dds it fails, says file larger than space. Im really confused now.

Thanks for you pataince

In this case, can you upload the files to me. It may be too big to attach/post.

Make sure you compress and zip the file by doing the following:

Right-click on the file >> Send to > Compressed (Zipped) Folder

Submit file
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    CODE
    http://www.bleepingcomputer.com/forums/t/302392/e-mail-hijack/
  • Click Browse and select the files you need to upload to me
  • Under the comments section, say that Extremeboy asked for the submission.
  • Then select Send File to send it
  • After that you should get a confirmation if it was uploaded successfully.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 18 March 2010 - 06:17 PM

I just sent you mt dds file

Thanks

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 18 March 2010 - 10:15 PM

Are you sure you sent it successfully? I don't see it for some reason.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 19 March 2010 - 08:52 AM

Just sent it to you again. it said it was successful it all looks like jumbled letters to me


Thanks

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 19 March 2010 - 11:50 AM

Hello.

I received it this time. We will run a different scan.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 19 March 2010 - 06:58 PM

OTL logfile created on: 3/19/2010 6:34:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Glen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 201.00 Gb Free Space | 87.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY
Current User Name: Glen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
PRC - [2010/02/11 07:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/10 13:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 20:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 19:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/21 16:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
MOD - [2008/10/02 11:48:33 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 20:20:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 17:09:31 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/28 17:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 17:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/16 19:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {FA887E92-8F5F-4EC9-99CA-09BE0E4120D6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/25 09:05:21 | 000,000,000 | ---D | M]

[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions
[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Freecause Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\Acadm 6\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Acadm 6\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Acadm 6\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Acadm 6\AcPreview.ocx (AcPreview Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/27 20:02:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell - "" = AutoRun
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1F8DDBB5-590C-0C43-AEE2-9FB1A903310F} - NetShow
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22271136-F5A5-877D-5105-99EB12243BAC} - DirectX
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4DF1ECA5-ACA4-C05C-E4F6-B8292043E8B3} - Outlook Express
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5512D063-78B3-4C5B-6B2D-CD5A09D24D09} - Viewpoint Media Player
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6D54E522-0A5B-F0AA-7D58-564300000F18} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C37BE941-1560-14FB-06C3-30E0E66E74F9} - Adobe Shockwave Director 10.4
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D7479035-044B-2C31-ACD1-77F9B0DBF8D5} - DirectX
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DDDF8241-536F-390A-2F39-2E6D8415F0D6} - DirectX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F0A2CC9D-7B8E-6804-648A-B1468AA1BC50} - Internet Explorer Version Update
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 18:32:35 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
[2010/03/13 19:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\KodakGallery
[2010/03/13 18:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2010/03/13 18:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Desktop\virus
[2010/03/13 18:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\My Print Creations
[2010/03/13 18:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\ArcSoft
[2010/03/13 18:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\ArcSoft
[2010/03/13 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/03/13 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/03/13 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/03/13 18:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/03/13 18:10:53 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/03/13 18:10:53 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2010/03/13 18:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/03/13 18:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2010/03/13 18:10:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/03/13 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/03/13 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/03/12 17:13:30 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/03/12 17:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/03/11 21:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/10 18:58:58 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/01 20:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2010/03/01 20:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/02/15 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/09/19 19:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2009/05/13 15:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 23:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2009/03/27 19:13:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/18 18:46:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/23 13:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/11 07:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/02/11 07:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/02/11 07:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/10 21:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/24 10:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
[2010/03/19 18:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 16:15:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/19 14:35:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F794ACC-1EC4-4B86-AE15-72B15EF81FF8}.job
[2010/03/19 02:26:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/18 19:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/18 18:30:51 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Glen\ntuser.dat
[2010/03/16 19:52:14 | 000,590,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 19:52:14 | 000,489,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/16 19:52:14 | 000,089,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 19:51:15 | 000,021,907 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/16 19:51:00 | 000,041,984 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/16 19:48:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 19:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 19:48:24 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 01:10:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/14 03:00:12 | 000,031,744 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/13 18:18:36 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\FT BOM.xls
[2010/03/13 18:16:53 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Web Surf & Share Pix with Firefox.lnk
[2010/03/13 18:13:51 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/03/13 18:13:50 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/03/13 18:12:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/13 18:08:47 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/03/13 15:19:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Glen\defogger_reenable
[2010/03/12 18:58:09 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\GLENS TIMESHEET.xls
[2010/03/12 17:11:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 21:00:35 | 000,001,675 | ---- | M] () -- C:\WINDOWS\yahtzee.ini
[2010/03/06 20:37:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Glen\ntuser.ini
[2010/03/04 20:16:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/02 20:29:05 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\9653WS-40-BOM.xls
[2010/03/01 20:15:43 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\password 2008.xls
[2010/03/01 20:06:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/01 02:00:11 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/28 20:25:05 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\blackstone delays.doc
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 18:16:13 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\fold jack leg bom.xls
[2010/02/22 21:08:15 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\9653ws-14.xls
[2010/02/19 19:09:15 | 000,000,057 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2010/02/19 19:09:10 | 000,000,445 | ---- | M] () -- C:\WINDOWS\EntPack.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 18:26:18 | 000,041,984 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/13 18:26:18 | 000,031,744 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/13 18:18:31 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\FT BOM.xls
[2010/03/13 18:16:53 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Web Surf & Share Pix with Firefox.lnk
[2010/03/13 18:13:51 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/03/13 18:13:50 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/03/13 18:08:47 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/03/13 15:19:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glen\defogger_reenable
[2010/03/12 17:15:19 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/02 20:29:04 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\9653WS-40-BOM.xls
[2010/03/01 20:06:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/02/28 20:25:05 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\blackstone delays.doc
[2010/02/23 18:16:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\fold jack leg bom.xls
[2010/02/22 20:41:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\9653ws-14.xls
[2009/11/03 18:50:56 | 000,440,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/27 20:34:53 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SOLANTIC.INI
[2009/03/12 13:18:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/02/17 19:58:46 | 000,007,835 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/12/02 22:22:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/09/03 21:51:47 | 000,017,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/06 16:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/07/16 12:47:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/07/08 14:49:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/06/20 21:38:49 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/06/20 21:38:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/06/17 15:23:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/14 17:36:49 | 000,010,912 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\wklnhst.dat
[2008/06/11 13:19:45 | 000,001,675 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2008/06/11 13:09:26 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/10 07:49:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/10 07:13:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/10 07:12:01 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,881 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/09/19 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/02/01 19:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/07/13 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/06/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/20 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/06/10 07:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/03/12 19:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Ansys
[2009/09/19 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ATTToolbar
[2009/11/17 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Autodesk
[2009/12/13 17:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\FCTB000061107
[2009/06/02 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\LimeWire
[2009/08/26 20:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MSNInstaller
[2009/03/12 13:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\pdf995
[2010/03/13 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2008/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TaxCut
[2010/03/01 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2008/06/14 17:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Template
[2008/09/09 15:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Unigraphics Solutions
[2010/03/13 18:08:47 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/03/15 01:10:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/01 02:00:11 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/03/19 02:26:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/19 14:35:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F794ACC-1EC4-4B86-AE15-72B15EF81FF8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/19 19:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/08 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/13 18:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/09/19 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/02/01 19:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/12/05 21:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/14 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/10/27 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/02/10 22:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/19 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/06/11 12:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/04/12 15:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/04/12 15:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/09/03 21:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2008/06/10 07:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/03/13 18:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/07/10 03:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/12 17:12:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/04 15:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/07/13 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/02/17 20:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/06/10 07:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/27 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008/06/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/09/19 20:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/06/20 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/06/10 07:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/03/12 19:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/03 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/03/27 19:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/19 20:37:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/09/19 20:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/07/10 07:59:14 | 002,684,304 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_4fef32\Setup.exe
[2010/03/13 18:09:35 | 000,175,104 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
[2010/03/13 18:10:23 | 000,062,976 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
[2010/03/13 18:10:24 | 000,077,824 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
[2010/03/13 18:08:52 | 000,045,056 | ---- | M] (EASTMAN KODAK Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
[2008/06/10 07:42:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
[2008/09/03 17:06:54 | 005,342,161 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.1.exe
[2008/10/27 22:09:43 | 000,155,710 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.1.exe
[2008/10/27 21:52:23 | 000,474,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.1.exe
[2009/01/21 18:23:49 | 000,148,954 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.1.exe
[2009/05/26 11:23:39 | 003,484,829 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.1.exe
[2008/06/25 11:50:12 | 000,529,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
[2007/12/23 02:03:22 | 004,819,440 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe

< %APPDATA%\*. >
[2008/10/29 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Adobe
[2008/10/06 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Ansys
[2008/12/01 12:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Apple Computer
[2010/03/13 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ArcSoft
[2009/09/19 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ATTToolbar
[2009/11/17 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Autodesk
[2008/06/10 07:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\CyberLink
[2009/12/13 17:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\FCTB000061107
[2009/02/10 21:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Google
[2008/08/18 17:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Help
[2009/03/19 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HP
[2008/10/03 10:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HPAppData
[2009/11/20 20:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HpUpdate
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Identities
[2008/06/10 07:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\InstallShield
[2009/06/02 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\LimeWire
[2008/10/29 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Macromedia
[2009/12/30 19:16:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Glen\Application Data\Microsoft
[2008/06/17 15:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Microsoft Web Folders
[2009/05/04 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Motive
[2009/12/16 21:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Move Networks
[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla
[2009/08/26 20:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MSNInstaller
[2008/11/20 17:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MySpace
[2009/03/12 13:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\pdf995
[2009/01/28 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Roxio
[2010/03/13 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2008/06/10 07:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Sun
[2008/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TaxCut
[2010/03/01 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2008/06/14 17:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Template
[2009/06/02 10:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\U3
[2008/09/09 15:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Unigraphics Solutions
[2009/09/19 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2009/09/10 14:58:10 | 000,143,496 | ---- | M] (FreeCause Inc.) -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\ToolbarUpdate.exe
[2009/03/24 22:43:02 | 000,096,256 | ---- | M] (FreeCause Inc.) -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\TroubleShooter.exe
[2009/12/13 17:02:22 | 000,059,760 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\Uninst.exe
[3 C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\*.tmp files -> C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\*.tmp -> ]
[2009/06/02 10:07:21 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009/06/02 10:07:22 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009/06/02 10:07:22 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009/06/02 10:07:22 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009/06/02 10:07:22 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009/06/02 10:07:22 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009/06/02 10:07:22 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009/06/02 10:07:23 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009/06/02 10:07:23 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/03/11 21:08:23 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Glen\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2008/10/06 16:41:08 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Glen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009/11/07 21:22:31 | 001,794,456 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
[2009/11/07 21:22:33 | 000,143,976 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\uninstall.exe
[2 C:\Documents and Settings\Glen\Application Data\Move Networks\*.tmp files -> C:\Documents and Settings\Glen\Application Data\Move Networks\*.tmp -> ]
[2009/10/14 19:50:30 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009/08/26 20:15:49 | 001,244,648 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Glen\Application Data\MSNInstaller\msnauins.exe
[2008/11/20 17:36:49 | 006,850,312 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Glen\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.756.0-static.exe
[2006/04/05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 02:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\i386\iastor.sys
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


#13 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 19 March 2010 - 07:00 PM

OTL logfile created on: 3/19/2010 6:34:03 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Glen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 201.00 Gb Free Space | 87.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNY
Current User Name: Glen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
PRC - [2010/02/11 07:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/10 13:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/18 20:11:19 | 001,529,856 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/07 19:10:30 | 000,210,200 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2007/09/17 11:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/11/03 20:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/21 16:19:46 | 000,129,536 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
MOD - [2008/10/02 11:48:33 | 000,198,144 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 20:20:56 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/06 17:09:31 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/28 20:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/28 17:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 17:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/19 22:10:10 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/07/16 19:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/16 19:45:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {FA887E92-8F5F-4EC9-99CA-09BE0E4120D6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/25 09:05:21 | 000,000,000 | ---D | M]

[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions
[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Freecause Toolbar BHO) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (AddThis Toolbar) - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PRISMSVR.EXE] C:\WINDOWS\System32\PRISMSVR.EXE File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\Acadm 6\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Acadm 6\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Acadm 6\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Acadm 6\AcPreview.ocx (AcPreview Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/27 20:02:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell - "" = AutoRun
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d96d2e21-3451-11de-bb9d-001d099deb47}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {0430454D-47EA-11D6-AD58-00010333D0AD} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1F8DDBB5-590C-0C43-AEE2-9FB1A903310F} - NetShow
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22271136-F5A5-877D-5105-99EB12243BAC} - DirectX
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4DF1ECA5-ACA4-C05C-E4F6-B8292043E8B3} - Outlook Express
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5512D063-78B3-4C5B-6B2D-CD5A09D24D09} - Viewpoint Media Player
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6D54E522-0A5B-F0AA-7D58-564300000F18} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {924C1588-90C3-4910-B6CA-D57A1C0418FE} - Reg Error: Value error.
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C37BE941-1560-14FB-06C3-30E0E66E74F9} - Adobe Shockwave Director 10.4
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D7479035-044B-2C31-ACD1-77F9B0DBF8D5} - DirectX
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {DDDF8241-536F-390A-2F39-2E6D8415F0D6} - DirectX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F0A2CC9D-7B8E-6804-648A-B1468AA1BC50} - Internet Explorer Version Update
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 18:32:35 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
[2010/03/13 19:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\KodakGallery
[2010/03/13 18:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2010/03/13 18:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Desktop\virus
[2010/03/13 18:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\My Print Creations
[2010/03/13 18:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\ArcSoft
[2010/03/13 18:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\ArcSoft
[2010/03/13 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/03/13 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/03/13 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/03/13 18:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2010/03/13 18:10:53 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/03/13 18:10:53 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2010/03/13 18:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/03/13 18:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2010/03/13 18:10:53 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/03/13 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/03/13 17:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/03/12 17:13:30 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/03/12 17:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/03/11 21:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/10 18:58:58 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/01 20:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2010/03/01 20:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/02/15 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2009/09/19 19:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2009/05/13 15:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 23:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Viewpoint
[2009/03/27 19:13:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/03/18 18:46:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/02/23 13:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/02/11 07:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/02/11 07:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/02/11 07:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/10 21:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/24 10:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/08/10 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/19 18:32:44 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
[2010/03/19 18:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 16:15:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/19 14:35:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5F794ACC-1EC4-4B86-AE15-72B15EF81FF8}.job
[2010/03/19 02:26:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/18 19:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/18 18:30:51 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Glen\ntuser.dat
[2010/03/16 19:52:14 | 000,590,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 19:52:14 | 000,489,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/16 19:52:14 | 000,089,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 19:51:15 | 000,021,907 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/16 19:51:00 | 000,041,984 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/16 19:48:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/16 19:48:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/16 19:48:24 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 01:10:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/14 03:00:12 | 000,031,744 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/13 18:18:36 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\FT BOM.xls
[2010/03/13 18:16:53 | 000,001,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Web Surf & Share Pix with Firefox.lnk
[2010/03/13 18:13:51 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/03/13 18:13:50 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/03/13 18:12:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/13 18:08:47 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/03/13 15:19:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Glen\defogger_reenable
[2010/03/12 18:58:09 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\GLENS TIMESHEET.xls
[2010/03/12 17:11:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/09 21:00:35 | 000,001,675 | ---- | M] () -- C:\WINDOWS\yahtzee.ini
[2010/03/06 20:37:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Glen\ntuser.ini
[2010/03/04 20:16:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/02 20:29:05 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\9653WS-40-BOM.xls
[2010/03/01 20:15:43 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\password 2008.xls
[2010/03/01 20:06:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/03/01 02:00:11 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/02/28 20:25:05 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\blackstone delays.doc
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 18:16:13 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\fold jack leg bom.xls
[2010/02/22 21:08:15 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\9653ws-14.xls
[2010/02/19 19:09:15 | 000,000,057 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2010/02/19 19:09:10 | 000,000,445 | ---- | M] () -- C:\WINDOWS\EntPack.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 18:26:18 | 000,041,984 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/13 18:26:18 | 000,031,744 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/13 18:18:31 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\FT BOM.xls
[2010/03/13 18:16:53 | 000,001,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Web Surf & Share Pix with Firefox.lnk
[2010/03/13 18:13:51 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/03/13 18:13:50 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2010/03/13 18:08:47 | 000,000,434 | ---- | C] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/03/13 15:19:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Glen\defogger_reenable
[2010/03/12 17:15:19 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/02 20:29:04 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\9653WS-40-BOM.xls
[2010/03/01 20:06:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/02/28 20:25:05 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\blackstone delays.doc
[2010/02/23 18:16:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\fold jack leg bom.xls
[2010/02/22 20:41:54 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\9653ws-14.xls
[2009/11/03 18:50:56 | 000,440,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/27 20:34:53 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SOLANTIC.INI
[2009/03/12 13:18:24 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/02/17 19:58:46 | 000,007,835 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/12/02 22:22:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/09/03 21:51:47 | 000,017,736 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/06 16:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2008/07/16 12:47:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/07/08 14:49:41 | 000,000,057 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/06/20 21:38:49 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/06/20 21:38:49 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/06/17 15:23:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/14 17:36:49 | 000,010,912 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\wklnhst.dat
[2008/06/11 13:19:45 | 000,001,675 | ---- | C] () -- C:\WINDOWS\yahtzee.ini
[2008/06/11 13:09:26 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/10 07:49:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/10 07:13:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/10 07:12:01 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,881 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/09/19 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/02/01 19:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/07/13 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/06/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/06/20 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/06/10 07:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/03/12 19:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/06 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Ansys
[2009/09/19 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ATTToolbar
[2009/11/17 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Autodesk
[2009/12/13 17:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\FCTB000061107
[2009/06/02 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\LimeWire
[2009/08/26 20:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MSNInstaller
[2009/03/12 13:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\pdf995
[2010/03/13 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2008/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TaxCut
[2010/03/01 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2008/06/14 17:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Template
[2008/09/09 15:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Unigraphics Solutions
[2010/03/13 18:08:47 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/03/15 01:10:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/01 02:00:11 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/03/19 02:26:09 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/03/19 14:35:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F794ACC-1EC4-4B86-AE15-72B15EF81FF8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/19 19:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/08 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/03/13 18:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/09/19 22:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2010/02/01 19:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/12/05 21:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/10/14 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/10/27 20:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/02/10 22:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/19 16:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/06/11 12:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/04/12 15:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/04/12 15:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/09/03 21:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2008/06/10 07:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/03/13 18:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/07/10 03:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/12 17:12:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/05/04 15:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/07/13 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2004/08/10 13:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/02/17 20:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2008/06/10 07:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/01/27 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008/06/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/09/19 20:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/06/20 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/06/10 07:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/03/12 19:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/03 21:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/03/27 19:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/19 20:37:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2009/09/19 20:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/07/10 07:59:14 | 002,684,304 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_4fef32\Setup.exe
[2010/03/13 18:09:35 | 000,175,104 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
[2010/03/13 18:10:23 | 000,062,976 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
[2010/03/13 18:10:24 | 000,077,824 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
[2010/03/13 18:08:52 | 000,045,056 | ---- | M] (EASTMAN KODAK Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
[2008/06/10 07:42:35 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\_default\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\7e7d3c88-958b-4607-85a7-8c1cc5188887.1\NOTEPAD.EXE
[2008/09/03 17:06:54 | 005,342,161 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.1.exe
[2008/10/27 22:09:43 | 000,155,710 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.1.exe
[2008/10/27 21:52:23 | 000,474,511 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.1.exe
[2009/01/21 18:23:49 | 000,148,954 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.1.exe
[2009/05/26 11:23:39 | 003,484,829 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.1.exe
[2008/06/25 11:50:12 | 000,529,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
[2007/12/23 02:03:22 | 004,819,440 | ---- | M] (Sonic Solutions) -- C:\Documents and Settings\All Users\Application Data\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe

< %APPDATA%\*. >
[2008/10/29 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Adobe
[2008/10/06 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Ansys
[2008/12/01 12:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Apple Computer
[2010/03/13 18:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ArcSoft
[2009/09/19 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ATTToolbar
[2009/11/17 21:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Autodesk
[2008/06/10 07:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\CyberLink
[2009/12/13 17:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\FCTB000061107
[2009/02/10 21:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Google
[2008/08/18 17:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Help
[2009/03/19 23:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HP
[2008/10/03 10:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HPAppData
[2009/11/20 20:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HpUpdate
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Identities
[2008/06/10 07:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\InstallShield
[2009/06/02 10:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\LimeWire
[2008/10/29 21:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Macromedia
[2009/12/30 19:16:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Glen\Application Data\Microsoft
[2008/06/17 15:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Microsoft Web Folders
[2009/05/04 15:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Motive
[2009/12/16 21:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Move Networks
[2009/06/02 10:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Mozilla
[2009/08/26 20:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MSNInstaller
[2008/11/20 17:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\MySpace
[2009/03/12 13:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\pdf995
[2009/01/28 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Roxio
[2010/03/13 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Skinux
[2008/06/10 07:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Sun
[2008/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TaxCut
[2010/03/01 20:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
[2008/06/14 17:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Template
[2009/06/02 10:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\U3
[2008/09/09 15:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Unigraphics Solutions
[2009/09/19 20:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2009/09/10 14:58:10 | 000,143,496 | ---- | M] (FreeCause Inc.) -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\ToolbarUpdate.exe
[2009/03/24 22:43:02 | 000,096,256 | ---- | M] (FreeCause Inc.) -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\TroubleShooter.exe
[2009/12/13 17:02:22 | 000,059,760 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\Uninst.exe
[3 C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\*.tmp files -> C:\Documents and Settings\Glen\Application Data\FCTB000061107\Toolbar\*.tmp -> ]
[2009/06/02 10:07:21 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009/06/02 10:07:22 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009/06/02 10:07:22 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009/06/02 10:07:22 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009/06/02 10:07:22 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009/06/02 10:07:22 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009/06/02 10:07:22 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009/06/02 10:07:23 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009/06/02 10:07:23 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\Glen\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2010/03/11 21:08:23 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Glen\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
[2008/10/06 16:41:08 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Glen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009/11/07 21:22:31 | 001,794,456 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
[2009/11/07 21:22:33 | 000,143,976 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\uninstall.exe
[2 C:\Documents and Settings\Glen\Application Data\Move Networks\*.tmp files -> C:\Documents and Settings\Glen\Application Data\Move Networks\*.tmp -> ]
[2009/10/14 19:50:30 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009/08/26 20:15:49 | 001,244,648 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Glen\Application Data\MSNInstaller\msnauins.exe
[2008/11/20 17:36:49 | 006,850,312 | ---- | M] (MySpace Inc.) -- C:\Documents and Settings\Glen\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.756.0-static.exe
[2006/04/05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Glen\Application Data\U3\temp\cleanup.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 10:02:40 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 02:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\i386\iastor.sys
[2007/07/19 18:26:24 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >


#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 20 March 2010 - 11:31 AM

Hello again,

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the tab at the bottom.
  • Now press the button.
  • A box will pop up, check the boxes beside All Seven options/scan area
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button.
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Is the e-mail problem still there? Can you explain to me an update of what's happening?

Thanks.

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 ggood2

ggood2
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 20 March 2010 - 04:04 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/20 12:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FC4000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9938000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_6ec.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\mcmsc_ctbzzynehse7j4s
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\glen\local settings\temp\~dfc3b0.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_227.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Stealth Objects
-------------------
Object: Hidden Handle [Index: 812, Type: File]
Process: spoolsv.exe (PID: 1496) Address: 0x85ba0778 Size: -

Object: Hidden Handle [Index: 1224, Type: Event]
Process: spoolsv.exe (PID: 1496) Address: 0x85bff7b0 Size: -

Object: Hidden Module [Name: YPUBC.dll]
Process: iexplore.exe (PID: 1172) Address: 0x65000000 Size: 212992

==EOF==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users