Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
 
 Closed TopicStart new topic
Can't run updated HijackThis [CLOSED]
jaybird2569
post Oct 8 2008, 01:06 PM
Post #1


Member
**
Posts: 10
OS: Windows XP
I'm working on a computer for a friend of mine, Dell Lattitude d610 WinXP, had the System Antivirus 2008 bug. After boot, you could not do most tasks. Could not Add/Remove Programs, can't run Malwarebytes' Anti-Maleware, I can't restart in Safe Mode, it hangs up the goes to blue screen. I can't get Windows Explorer to view My Computer. I can't use the USB ports to install new anti virus programs or move files off the computer. I've installed another copy of WinXP so I can boot the computer in that copy, I can navigate through windows explorer to copy and move files. I downloaded a copy of the updated HijackThis and put it on the computer but it hangs up the the computer goes to blue screen. Any help would be appreciated. I tried to post the only HijackThis log I could get but it was from an outdated version. If you need it, I have it.
Thanks,
Jay
Go to the top of the page
 
+Quote Post
Transience
post Oct 8 2008, 03:48 PM
Post #2


Trusted Helper
Group Icon
Posts: 839
From: Massachusetts, USA
OS: Vista
Hello user, and welcome to Geeks To Go! My name is Dave and I'll be helping you remove the infections from your computer. Please be aware that I'm still a trainee here, which means my instructions have to be approved by an expert before I give them to you, so there may be a slight delay between my replies. Please take note of a few points that will help the fix go smoothly:
  • If you would like to receive email notifications when I reply to this topic, please click on Options at the top right corner of the topic and click on Track this topic. Select Immediate Email Notification and click Proceed.
  • Don't be afraid to ask questions if you're unsure about anything! There are no dumb questions here smile.gif
  • Open notepad (Start -> Run, type notepad, press enter). Click on Format at the top and uncheck Word Wrap if it's on, this will make your logs mch easier for me to read.
  • Please follow only the instructions that I post to you exactly as I give them, trying to fix things on your own will only make it harder for me to figure out what's going on with your computer.

I'll have a fix for you as soon as possible.

- Dave
Go to the top of the page
 
+Quote Post
Transience
post Oct 8 2008, 06:56 PM
Post #3


Trusted Helper
Group Icon
Posts: 839
From: Massachusetts, USA
OS: Vista

Hi jaybird2569 -

I have a few questions for you:

QUOTE
I've installed another copy of WinXP so I can boot the computer in that copy

1. Had you had problems booting the computer in the infected instance of XP?
2. Are you able to access the internet on the infected PC? If so then we can just download the files you'll need from the internet so you don't have to mess around with another operating system.
3. What happens when you try to open windows explorer? Any error messages, or does it just not open?

Your problems with HijackThis are likely due to the malware interfering with it running. Let's give this alternative a shot:

1. OTViewIt

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to split the logs up into separate posts because they will be very long and the forum has a maximum post length limit.


So please answer my questions and post the 2 logs from OTViewIt.

- Dave
Go to the top of the page
 
+Quote Post
jaybird2569
post Oct 8 2008, 08:06 PM
Post #4


Member
**
Posts: 10
OS: Windows XP
Dave,
Here are the answers to your questions.

1. Yes, could boot up but after about 2-3 minutes I would get blue screen A process or thread crucial to system operation has unexpecedly esited or been terminated.....technical information: ***Stop: 0x000000f4 (0x00000003, 0c82c01020, 0x82c01194, 0x805c749a) Beginning dump of physical memory
2. Cannot access the internet, but I have another laptop that I can download programs then transfer them to the infected laptop. The only problem is the USB ports don't work when I'm in the infected XP, I can use them in the good version and navigate through Windows Explorer to the other Desktop > drop the program there, then reboot into the infected XP and hopefully open the program. It's a real pain in the butt, but it's the only way I can do anything so far.
3. I can open windows explorer and can go through most trees, but when I try to open My Computer I just get the flashlight....and have to ctl/alt/del to terminate.
I just started in the good XP and got this message. Something about a critical error and wants to send report to Microsoft, the contents are:
C:\DOCUME~1\Tristan\LOCALS~1\Temp\WER728e.dir00\Mini100808-01.dmp
C:\DOCUME~1\Tristan\LOCALS~1\Temp\WER728e.dir00\sysdata.xml
Go to the top of the page
 
+Quote Post
jaybird2569
post Oct 8 2008, 08:21 PM
Post #5


Member
**
Posts: 10
OS: Windows XP
Dave,
Here are the logs you requested. PART 1


OTViewIt logfile created on: 10/8/2008 9:09:22 PM - Run
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Tristan McCollam\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 310.80 Mb Available Physical Memory | 60.78% Memory free
1.22 Gb Paging File | 1.07 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 41.28 Gb Free Space | 73.95% Space Free | Partition Type: NTFS
Drive D: | 564.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRISTAN
Current User Name: Tristan McCollam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/05/13 03:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/02/08 12:55:22 | 00,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
[2004/03/04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
[2005/05/13 03:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/09/13 17:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/05/12 22:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/12/06 21:45:14 | 00,696,425 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\WLTRAY.EXE
[2004/01/07 02:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[2006/01/23 17:06:15 | 00,168,448 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/07/11 18:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/10/05 18:45:15 | 00,060,932 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Local Settings\Temp\video232.cfg.exe
[2005/01/08 18:42:54 | 00,315,392 | R--- | M] () -- C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
[2006/01/23 17:06:15 | 00,553,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
[2004/08/19 15:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/10/09 00:06:16 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tristan McCollam\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/05/13 03:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2004/04/01 19:05:48 | 00,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM [Auto | Stopped])
[2004/03/04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2008/07/10 14:42:56 | 00,066,848 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
[2008/09/08 08:50:32 | 00,198,944 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Stopped])
[2008/06/21 12:39:08 | 00,792,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Stopped])
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Stopped])
[2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Stopped])
[2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Stopped])
[2008/06/20 05:01:18 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
[2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
[2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Stopped])
[2008/07/09 14:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Stopped])
[2005/06/09 09:53:18 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe -- (NICCONFIGSVC [Auto | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/01 17:21:39 | 00,345,376 | ---- | M] () -- C:\Program Files\SiteAdvisor\6261\SAService.exe -- (SiteAdvisor Service [Auto | Stopped])
File not found -- C:\WINDOWS\surksah.exe -- (Windows Overlay Components [Auto | Stopped])
[2004/12/06 21:45:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])

========== Driver Services ==========

[2006/01/23 17:04:30 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2004/08/04 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2004/11/16 17:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\NicConfigSvc\Appdrv.sys -- (Appdrv [On_Demand | Stopped])
[2004/08/04 07:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2005/05/13 03:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/09/03 18:23:38 | 00,121,472 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Stopped])
[2003/04/24 17:21:50 | 00,006,025 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND [Auto | Stopped])
[2004/12/06 22:09:58 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2008/10/05 18:45:35 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
[2004/08/04 07:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2004/12/01 04:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2005/05/31 17:46:26 | 00,087,936 | R--- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21 [On_Demand | Running])
[2004/06/17 21:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 21:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2004/03/17 19:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
[2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
[2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
[2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2004/08/04 07:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\omci.sys -- (omci [System | Running])
[2008/03/11 17:58:44 | 00,029,824 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus [On_Demand | Stopped])
[2008/03/11 17:58:48 | 00,041,344 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm [On_Demand | Stopped])
[2008/03/11 17:58:50 | 00,039,936 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp [On_Demand | Stopped])
[2008/03/11 17:58:56 | 00,059,776 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN [On_Demand | Stopped])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 07:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
[2005/03/10 23:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2004/08/04 07:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2004/08/04 07:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2004/12/06 02:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 02:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 02:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2004/08/04 07:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2004/06/17 21:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie
"Start Page"=http://www.google.com/ig/dell?hl=en

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0676CC61-CDC5-447e-AAFC-9D886EC820EB} (HKLM) -- C:\WINDOWS\system32\qgwjhcoc.dll File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE083} (HKLM) -- C:\WINDOWS\system\ctldlg32.dll File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{14D1A72D-8705-11D8-B120-0040F46CB696} (HKLM) -- C:\WINDOWS\inet20004\102621432.dll File not found
{27B4851A-3207-45A2-B947-BE8AFE6163AB} (HKLM) -- c:\Program Files\McAfee\MSK\mskapbho.dll ()
{3F508AB1-6BBA-C983-6D11-032A0C7AF158} (HKLM) -- C:\WINDOWS\system32\nkejwol.dll File not found
{500BCA15-57A7-4eaf-8143-8C619470B13D} (HKLM) -- C:\WINDOWS\system32\msxml71.dll ()
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
{73364D99-1240-4dff-B11A-67E448373048} (HKLM) -- C:\WINDOWS\system32\ipv6monk.dll File not found
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} (HKLM) -- C:\WINDOWS\system32\neaapqha.dll File not found
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- c:\Program Files\GoogleAFE\GoogleAE.dll (Google)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" (HKLM) -- c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"Dell Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY (Dell Inc)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSFox"=C:\DOCUME~1\TRISTA~1\LOCALS~1\Temp\video232.cfg.exe ()
"SpySheriff"=C:\Program Files\SpySheriff\SpySheriff.exe File not found

========== (O4) Startup Folders ==========

[2005/01/08 18:42:54 | 00,315,392 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 03:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- Reg Error: Key does not exist or could not be opened. File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 03:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1DC2E457-BDFB-4188-8CF0-C48F43B46A6C} (Servers: | Description: )
{8572D74B-FCBC-493D-8543-CACB6969BB82} (Servers: | Description: Dell Wireless 1370 WLAN Mini-PCI Card)
{918CFDD6-B4AD-40EA-B42C-BCF276ABC084} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)
{E34DD633-B0AE-4BE1-A808-5E74D6B066A2} (Servers: | Description: )

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
dllsys: "DllName" = C:\WINDOWS\Web\printers\dllsys.dll -- C:\WINDOWS\Web\printers\dllsys.dll File not found
pssvc: "DllName" = C:\WINDOWS\A6W_DATA\pssvc.dll -- C:\WINDOWS\A6W_DATA\pssvc.dll File not found
rpcc: "DllName" = C:\WINDOWS\system32\rpcc.dll -- C:\WINDOWS\system32\rpcc.dll File not found
Go to the top of the page
 
+Quote Post
jaybird2569
post Oct 8 2008, 08:21 PM
Post #6


Member
**
Posts: 10
OS: Windows XP
PART 2

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/11 18:15:00 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | open=Setup.EXE | icon=Setup.EXE | ]
[1998/03/12 15:15:04 | 00,000,043 | R--- | M] () -- D:\autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=D:\autoRcd.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\WINDOWS\System32\systeminit.exe
[2008/10/08 23:08:17 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tristan McCollam\Desktop\OTViewIt.exe
[2008/10/08 01:11:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\Malwarebytes' Anti-Malware
[2008/10/08 01:09:36 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tristan McCollam\Desktop\mbam-setup.exe
[2008/10/08 01:09:36 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Tristan McCollam\Desktop\HJTInstall.exe
[2008/10/07 23:16:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/07 23:16:27 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/07 23:16:26 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/07 23:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/07 23:14:31 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\HijackThis.lnk
[2008/10/07 23:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/07 09:31:24 | 53,627,2896 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/06 23:57:54 | 00,001,409 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\devmgmt.msc.lnk
[2008/10/06 20:46:44 | 00,000,000 | ---D | C] -- C:\WINDOWS.0
[2008/10/06 10:12:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Application Data\Malwarebytes
[2008/10/06 10:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/05 23:43:44 | 00,000,000 | ---D | C] -- C:\_Backup.RC
[2008/10/05 22:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/10/05 19:23:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/10/05 18:54:47 | 00,008,871 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\My Documents\More than 250 awsome models - Explicite-art_com.htm
[2008/10/05 18:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\My Documents\More than 250 awsome models - Explicite-art_com_files
[2008/10/05 18:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\SAV
[2008/10/05 18:45:24 | 00,115,716 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/05 00:37:44 | 00,022,722 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\WILSON GEORGE.pdf
[2008/10/04 20:30:21 | 00,031,805 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\iverson - adjsum.pdf
[2008/10/04 16:35:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\PHOTOS
[2008/10/04 16:34:19 | 00,000,378 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to KELLER.lnk
[2008/10/04 16:34:14 | 00,000,373 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to DAVIS.lnk
[2008/10/04 16:34:04 | 00,000,373 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to ESSOF.lnk
[2008/10/04 16:33:57 | 00,000,373 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to BLAHA.lnk
[2008/10/03 19:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\MOLD TRANSFERS
[2008/10/03 19:21:30 | 05,104,940 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\IVERSON
[2008/10/03 18:53:02 | 00,011,126 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\DINESH PATEL.pdf
[2008/10/03 18:47:38 | 00,033,846 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\THOMAS IVERSON.pdf
[2008/10/02 16:38:48 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\My Documents\Enclosed is a copy of your itemized and completed estimate for applied storm damages as we discussed.doc
[2008/10/02 15:17:51 | 00,079,872 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\My Documents\6745 Philips Industrial Blvd.doc
[2008/10/02 12:41:02 | 00,000,404 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to SAMUEL VASQUEZ.lnk
[2008/10/02 12:40:05 | 00,000,407 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to RICHARD NOWICKI.lnk
[2008/10/01 22:13:15 | 00,000,958 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to Shaeon wise.lnk
[2008/10/01 21:53:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/10/01 21:52:59 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/10/01 21:52:58 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/10/01 21:52:58 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/01 11:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\My Documents\iverson
[2008/10/01 11:03:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\My Documents\Powell
[2008/10/01 11:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\My Documents\wilson george
[2008/09/29 19:07:36 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Denial Letter Request Macro.doc
[2008/09/29 18:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\settlement
[2008/09/29 17:40:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\COMPLIANCE QUESTIONAIRE
[2008/09/29 17:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\damage and inspection
[2008/09/29 17:34:22 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Microsoft Office Word 2003.lnk
[2008/09/29 17:33:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\initial contact templet
[2008/09/29 16:32:14 | 00,000,378 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to Powell.lnk
[2008/09/28 06:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\temp
[2008/09/27 16:24:30 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Storm.doc
[2008/09/27 15:18:58 | 00,270,656 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\100_0068.JPG
[2008/09/26 16:04:49 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/09/26 15:47:34 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\AdjInfoSheet.doc
[2008/09/26 15:39:17 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\PilotOperationalGuide.doc
[2008/09/26 15:36:56 | 00,239,616 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\StateIssuesIL.doc
[2008/09/26 15:36:49 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\IntegriPriceIL.xls
[2008/09/26 15:36:38 | 00,612,864 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\D091208ILStorm.doc
[2008/09/26 14:58:30 | 00,009,870 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Petway.ddr
[2008/09/26 14:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\Chicago Storm
[2008/09/26 10:50:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Application Data\DeLorme
[2008/09/26 10:49:46 | 00,002,001 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2008.lnk
[2008/09/26 10:42:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DeLorme
[2008/09/26 10:42:08 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2008/09/26 10:42:08 | 00,000,000 | ---D | C] -- C:\DeLorme Docs
[2008/09/25 11:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Application Data\Smith Micro
[2008/09/25 11:15:54 | 00,001,899 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2008/09/25 11:15:45 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2008/09/25 11:15:45 | 00,077,824 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\PTDUwmcp.dll
[2008/09/25 11:15:44 | 00,059,776 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUWWAN.sys
[2008/09/25 11:15:44 | 00,039,936 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUVsp.sys
[2008/09/25 11:15:43 | 00,041,344 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUMdm.sys
[2008/09/25 11:15:43 | 00,029,824 | ---- | C] (DEVGURU Co,LTD.) -- C:\WINDOWS\System32\drivers\PTDUBus.sys
[2008/09/25 11:15:43 | 00,000,000 | ---D | C] -- C:\Program Files\PANTECH
[2008/09/25 11:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\Verizon Wireless
[2008/09/25 11:08:10 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/09/24 09:21:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Application Data\ICAClient
[2008/09/24 08:32:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2008/09/22 14:39:56 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/09/22 14:37:33 | 00,000,000 | ---D | C] -- C:\Program Files\MSB
[2008/09/22 14:36:29 | 01,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/09/22 14:36:29 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2008/09/22 14:36:29 | 00,000,384 | ---- | C] () -- C:\WINDOWS\System32\msxml3.inf
[2008/09/22 14:36:28 | 00,670,904 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\tdbg5.ocx
[2008/09/22 14:36:28 | 00,383,512 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\Tab32x20.ocx
[2008/09/22 14:36:28 | 00,087,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GAPI32.DLL
[2008/09/22 14:36:27 | 00,204,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2008/09/22 14:36:27 | 00,166,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMASK32.OCX
[2008/09/22 14:36:27 | 00,163,840 | ---- | C] (Marshall & Swift/Boeckh) -- C:\WINDOWS\System32\MSBXNet2.dll
[2008/09/22 14:36:23 | 00,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL
[2008/09/22 14:36:23 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll
[2008/09/22 14:36:23 | 00,044,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrpfs35.dll
[2008/09/22 14:36:22 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll
[2008/09/22 14:36:22 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\JETCOMP.exe
[2008/09/22 14:36:21 | 01,238,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt4jlt.dll
[2008/09/22 14:36:21 | 00,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll
[2008/09/22 14:36:21 | 00,168,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll
[2008/09/22 14:36:21 | 00,166,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll
[2008/09/22 14:36:20 | 00,252,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll
[2008/09/22 14:36:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Marshall & Swift Shared
[2008/09/22 14:35:54 | 00,000,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IntegriClaim.lnk
[2008/09/22 14:35:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSB IntegriClaim
[2008/09/22 14:35:25 | 00,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL
[2008/09/22 14:35:24 | 00,000,120 | ---- | C] () -- C:\WINDOWS\DDSSetup.ini
[2008/09/22 14:35:24 | 00,000,000 | ---D | C] -- C:\Program Files\Borland
[2008/09/22 14:34:58 | 00,000,274 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Employee Remote Desktop Log In.url
[2008/09/22 13:17:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\08 MSB HELP
[2008/09/22 13:16:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\NXT GEN HELP
[2008/09/22 13:16:46 | 00,031,507 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\61G5P43G.DDS
[2008/09/22 13:16:46 | 00,016,170 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\61G5P43C.DDS
[2008/09/22 13:16:46 | 00,014,675 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\61G5P43D.DDS
[2008/09/22 13:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\New Master Blanks
[2008/09/22 13:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Desktop\Adjuster Folder 8.31.08
[2008/09/19 14:22:38 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/09/19 13:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\My Documents\My PSP8 Files
[2008/09/19 13:52:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tristan McCollam\Application Data\Jasc Software Inc
[2008/09/19 13:52:24 | 00,001,986 | ---- | C] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Dell Picture Studio v2.0.lnk
[2008/09/19 13:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2008/09/19 13:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Computer
[2008/09/19 13:51:39 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
[2008/09/19 13:51:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell Photo Printer 720
[2008/09/19 13:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dell Photo Printer 720
[2008/09/19 13:36:06 | 00,000,155 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/09/19 13:35:32 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2008/09/19 13:35:31 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/09/19 13:35:25 | 00,000,000 | ---D | C] -- C:\Program Files\Dell 720
[2008/09/19 13:35:22 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2008/09/19 13:18:41 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/09/16 06:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
File not found -- C:\WINDOWS\System32\systeminit.exe
[2008/10/09 00:06:16 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tristan McCollam\Desktop\OTViewIt.exe
[2008/10/08 21:09:11 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/08 21:09:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/08 21:09:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/08 21:09:06 | 53,627,2896 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/08 20:55:27 | 53,630,5664 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2008/10/08 02:07:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Tristan McCollam\Desktop\HJTInstall.exe
[2008/10/08 00:58:39 | 00,001,409 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\devmgmt.msc.lnk
[2008/10/07 23:16:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/07 23:14:31 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\HijackThis.lnk
[2008/10/07 04:02:29 | 00,000,325 | -HS- | M] () -- C:\boot.ini
[2008/10/07 01:24:48 | 00,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2008/10/07 01:21:03 | 00,001,124 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/10/07 01:21:03 | 00,000,384 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/06 01:47:24 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tristan McCollam\Desktop\mbam-setup.exe
[2008/10/05 18:54:47 | 00,008,871 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\My Documents\More than 250 awsome models - Explicite-art_com.htm
[2008/10/05 18:45:35 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2008/10/05 18:45:24 | 00,115,716 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2008/10/05 16:19:12 | 00,011,869 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/10/05 00:37:44 | 00,022,722 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\WILSON GEORGE.pdf
[2008/10/04 20:30:22 | 00,031,805 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\iverson - adjsum.pdf
[2008/10/04 16:34:19 | 00,000,378 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to KELLER.lnk
[2008/10/04 16:34:14 | 00,000,373 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to DAVIS.lnk
[2008/10/04 16:34:04 | 00,000,373 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to ESSOF.lnk
[2008/10/04 16:33:57 | 00,000,373 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to BLAHA.lnk
[2008/10/03 19:21:34 | 05,104,940 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\IVERSON
[2008/10/03 18:53:02 | 00,011,126 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\DINESH PATEL.pdf
[2008/10/03 18:47:39 | 00,033,846 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\THOMAS IVERSON.pdf
[2008/10/03 00:42:42 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 16:38:48 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\My Documents\Enclosed is a copy of your itemized and completed estimate for applied storm damages as we discussed.doc
[2008/10/02 15:17:52 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\My Documents\6745 Philips Industrial Blvd.doc
[2008/10/02 12:41:02 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to SAMUEL VASQUEZ.lnk
[2008/10/02 12:40:05 | 00,000,407 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to RICHARD NOWICKI.lnk
[2008/10/01 22:13:15 | 00,000,958 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to Shaeon wise.lnk
[2008/09/29 19:26:24 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Denial Letter Request Macro.doc
[2008/09/29 17:38:00 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Microsoft Office Word 2003.lnk
[2008/09/29 17:18:12 | 00,612,864 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\D091208ILStorm.doc
[2008/09/29 16:32:14 | 00,000,378 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Shortcut to Powell.lnk
[2008/09/27 16:24:30 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Storm.doc
[2008/09/27 11:10:32 | 00,270,656 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\100_0068.JPG
[2008/09/26 16:04:49 | 00,000,036 | ---- | M] () -- C:\WINDOWS\webica.ini
[2008/09/26 15:47:34 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\AdjInfoSheet.doc
[2008/09/26 15:39:19 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\PilotOperationalGuide.doc
[2008/09/26 15:36:57 | 00,239,616 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\StateIssuesIL.doc
[2008/09/26 15:36:49 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\IntegriPriceIL.xls
[2008/09/26 12:02:32 | 00,009,870 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Petway.ddr
[2008/09/26 10:49:46 | 00,002,001 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2008.lnk
[2008/09/25 11:15:54 | 00,001,899 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2008/09/25 11:13:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/22 14:35:54 | 00,000,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IntegriClaim.lnk
[2008/09/22 14:35:24 | 00,000,120 | ---- | M] () -- C:\WINDOWS\DDSSetup.ini
[2008/09/19 14:22:38 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2008/09/19 13:53:29 | 00,001,986 | ---- | M] () -- C:\Documents and Settings\Tristan McCollam\Desktop\Dell Picture Studio v2.0.lnk
[2008/09/19 13:51:40 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
[2008/09/19 13:49:20 | 00,000,155 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/09/19 13:48:06 | 04,835,802 | -H-- | M] () -- C:\Documents and Settings\Tristan McCollam\Local Settings\Application Data\IconCache.db
[2008/09/19 13:18:41 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2008/09/16 05:56:09 | 00,000,076 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2008/09/16 05:51:00 | 00,000,140 | ---- | M] () -- C:\WINDOWS\fantasy2.ini
[2008/09/16 05:50:59 | 00,000,250 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2008/09/16 05:50:59 | 00,000,113 | ---- | M] () -- C:\WINDOWS\photoimpression.ini
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
Go to the top of the page
 
+Quote Post
jaybird2569
post Oct 8 2008, 08:22 PM
Post #7


Member
**
Posts: 10
OS: Windows XP
PART 3 - EXTRAS

OTViewIt Extras logfile created on: 10/8/2008 9:09:22 PM - Run
OTViewIt by OldTimer - Version 1.0.10.1 Folder = C:\Documents and Settings\Tristan McCollam\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 310.80 Mb Available Physical Memory | 60.78% Memory free
1.22 Gb Paging File | 1.07 Gb Available in Paging File | 88.19% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.81 Gb Total Space | 41.28 Gb Free Space | 73.95% Space Free | Partition Type: NTFS
Drive D: | 564.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRISTAN
Current User Name: Tristan McCollam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\system32\ss.exe.exe:*:Enabled:enable
File not found -- C:\WINDOWS\system32\cmd32.exe:*:Enabled:enable
[2004/08/04 06:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
File not found -- C:\WINDOWS\system32\adirss.exe:*:Enabled:enable
[2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/10/23 19:51:20 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])
ipp: [HKLM - No CLSID value]
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 03:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 19:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 14:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 16:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2008/09/04 11:43:36 | 00,121,632 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])
[2008/05/16 11:49:40 | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6261\SiteAdv.dll (siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 23:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003DF6C7-2E32-46E1-8CAE-3BB038F88CBB}"=BVSInstall
"{024E6362-7D37-4D78-93F9-00C1747DA645}"=Residential Component Technology - Standalone
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{15C165F1-1DAE-4476-AFB6-8723729B41E7}"=hp deskjet 5100
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}"=Internal Network Card Power Management
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}"=Broadcom ASF Management Applications
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Google AFE
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Advanced Control Suite 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.1
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{81D0EAC7-B352-4E71-B8A1-461E41029A2E}"=DeLorme Street Atlas USA 2008
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow! Plus
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{AC76BA86-7AD7-1033-7B44-A70500000002}"=Adobe Reader 7.0.5
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}"=Citrix Presentation Server Client v10
"{B376402D-58EA-45EA-BD50-DD924EB67A70}"=HP Memories Disc
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}"=PANTECH UM175 Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD
"{E0828692-FD9D-459F-9312-C645C3CA6650}"=HP Photo and Imaging 2.0 - Deskjet Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Advanced Browser"=Advanced Browser
"ATI Display Driver"=ATI Display Driver
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"Dell Photo Printer 720"=Dell Photo Printer 720
"Dell Photo Printer 720 Logger"=Dell Photo Printer 720 Logger
"elitemediagroup"=elitemediagroup
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 1.99.1
"hp print screen utility"=hp print screen utility
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}"=Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}"=Broadcom Advanced Control Suite 2
"IntegriClaim"=IntegriClaim
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"McAfee SiteAdvisor"=McAfee SiteAdvisor for Internet Explorer
"media-motor"=Media-motor
"MegaStat 9.1"=MegaStat 9.1
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MSC"=McAfee SecurityCenter
"MSNINST"=MSN
"ShockwaveFlash"=Macromedia Flash Player 8
"VZAccess Manager"=VZAccess Manager
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2008 11:35:41 PM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/7/2008 12:20:45 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/7/2008 12:20:46 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/7/2008 10:07:55 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/7/2008 10:38:17 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/7/2008 10:46:17 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/8/2008 12:16:43 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/8/2008 12:16:45 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/8/2008 12:20:17 AM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/8/2008 9:58:14 PM | Computer Name = TRISTAN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 10/6/2008 11:30:44 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7022
Description = The McAfee Real-time Scanner service hung on starting.

Error - 10/6/2008 11:30:44 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/6/2008 11:30:44 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 10/6/2008 11:30:44 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/6/2008 11:30:46 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 10/6/2008 11:30:46 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/6/2008 11:30:46 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/6/2008 11:30:46 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/6/2008 11:31:42 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Services service, but
this action failed with the following error: %%1056

Error - 10/6/2008 11:31:47 PM | Computer Name = TRISTAN | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the McAfee Network Agent service,
but this action failed with the following error: %%1056


< End of report >
<