One more thing I noticed was that in using my Flash key to get programs from and to this laptop (I don't want it on the network), It continually installs a file called m.exe with a skype icon and tries to autorun.
Thanks for any help.
Here are the logs.
****Rooter Log ****
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:88379 Mo/Free:2046 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Fixed] - FAT32 - (Total:6999 Mo/Free:732 Mo)
G:\ [Removable] (Total:30631 Mo/Free:1561 Mo)
Fri 03/20/2009|11:44
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\WINDOWS\system32\msdtc.exe
---------- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
---------- C:\WINDOWS\system32\IFXSPMGT.exe
---------- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
---------- C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
---------- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
---------- C:\WINDOWS\System32\snmp.exe
---------- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\system32\mqsvc.exe
---------- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
---------- C:\WINDOWS\system32\mqtgsvc.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
---------- C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\SMINST\Scheduler.exe
---------- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
---------- C:\Program Files\QuickTime\qttask.exe
---------- C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
---------- C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
---------- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
---------- C:\Program Files\Hp\HP Software Update\HPWuSchd.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\system32\AccelerometerSt.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
---------- C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\Documents and Settings\Administrator\Desktop\Virus Tools\mbam-setup.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Fri 03/20/2009|11:45
----------------------\\ Scan completed at 11:45
****OT List IT Log ****
OTListIt logfile created on: 3/20/2009 11:48:09 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Administrator\Desktop\Virus Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 541.02 Mb Available Physical Memory | 52.87% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 66.00 Gb Free Space | 76.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.84 Gb Total Space | 0.72 Gb Free Space | 10.47% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 29.91 Gb Total Space | 29.52 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHARHILL
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\IFXSPMGT.exe (Infineon Technologies AG)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe (Digital Business Processes)
PRC - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE (Infineon Technologies AG)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Program Files\ProtectTools\Embedded Security Software\SpTna.exe (Infineon Technologies AG)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd.exe ()
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\AccelerometerSt.exe (Hewlett-Packard Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\Virus Tools\mbam-setup.exe (Malwarebytes Corporation )
PRC - C:\Documents and Settings\Administrator\Desktop\Virus Tools\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IFXSpMgtSrv [Auto | Running]) -- C:\WINDOWS\system32\IFXSPMGT.exe (Infineon Technologies AG)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)
SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)
SRV - (MSSQL$NR2007 [On_Demand | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NeatReceipts Database Controller [Auto | Running]) -- C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe (Digital Business Processes)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCA [Auto | Stopped]) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (PersonalSecureDriveService [Auto | Running]) -- C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE (Infineon Technologies AG)
SRV - (Pml Driver HPZ12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SBAMSvc [Auto | Running]) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (SQLBrowser [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Symantec Core LC [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WmcCds [Unknown | Stopped]) -- c:\program files\windows media connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs [On_Demand | Stopped]) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (Accelerometer [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudioService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ATSWPDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (CO_Mon [Auto | Running]) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (GTIPCI21 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gtipci21.sys (Texas Instruments)
DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hpdskflt [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IFXTPM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS (Infineon Technologies AG)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090316.002\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090316.002\NAVEX15.SYS (Symantec Corporation)
DRV - (PersonalSecureDrive [System | Running]) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)
DRV - (sbaphd [System | Running]) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (sbapifs [Auto | Running]) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\SBREdrv.sys (Sunbelt Software)
DRV - (sbtis [System | Running]) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090310.004\SymIDSco.sys (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (U2SP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/01 10:10:08 | 00,000,000 | ---D | M]
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd.exe" ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [System Protector] C:\Documents and Settings\Char Hill\Application Data\lsascs.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dfaefebdc: DllName - C:\WINDOWS\system32\dfaefebdc.dll - C:\WINDOWS\system32\dfaefebdc.dll ()
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\system32\IfxWlxEN.dll (Infineon Technologies AG)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - E:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - E:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - G:\autorun.inf () - [ NTFS ]
O33 - MountPoints2\{9b3929dc-c461-11da-b1c9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{9b3929dc-c461-11da-b1c9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3cb0869-13cf-11de-b584-000fb0f9ff3e}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cb0869-13cf-11de-b584-000fb0f9ff3e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/20 11:44:27 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/20 11:43:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/20 11:42:47 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk
[2009/03/20 11:42:47 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk
[2009/03/20 11:42:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/20 11:35:14 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\Virus Tools
[2009/03/20 11:32:00 | 10,731,39712 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/20 11:30:44 | 00,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2009/03/20 10:10:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/20 09:41:27 | 02,012,936 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\278180.rar
[2009/03/20 09:41:09 | 00,000,000 | ---D | C] -- C:\sbtemp
[2009/03/20 09:38:27 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/03/20 09:36:58 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2009/03/20 09:25:54 | 00,001,740 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VIPRE.lnk
[2009/03/19 15:55:11 | 00,654,294 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\SafeMode Scan results.bmp
[2009/03/19 11:03:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/03/19 10:43:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/03/19 10:43:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/03/19 10:43:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/03/19 10:43:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/03/19 10:40:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/03/19 10:35:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/03/19 08:45:21 | 00,000,115 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\netstat.bat
[2009/03/19 08:42:22 | 01,447,262 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\Vipre scan results.bmp
[2009/03/19 08:41:43 | 00,911,934 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\vipre risk details.bmp
[2009/03/19 08:19:06 | 00,003,820 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\searchassistant.reg
[2009/03/18 14:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sunbelt
[2009/03/18 14:02:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/03/18 14:00:57 | 00,202,928 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys
[2009/03/18 14:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2009/03/18 11:50:54 | 00,233,274 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\untitled2.bmp
[2009/03/18 11:43:25 | 00,728,694 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\untitled.bmp
[2009/03/18 11:25:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2009/03/18 11:22:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Symantec
[2009/03/18 11:13:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2009/03/18 11:10:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/03/17 15:24:37 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\TurboTax
[2009/03/17 15:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Intuit
[2009/03/17 15:24:09 | 00,129,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 15:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2009/03/16 12:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/03/16 10:56:22 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/03/16 10:40:03 | 00,000,000 | ---D | C] -- C:\NSS
[2009/03/16 08:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/16 08:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/16 06:01:24 | 00,065,320 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/03/15 17:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\System Protector
[2009/03/13 13:15:28 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\spyprotector.cpl
[2009/02/19 13:03:34 | 00,579,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2009/02/19 13:03:26 | 00,207,240 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2009/02/19 12:31:42 | 00,031,280 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/02/19 12:31:42 | 00,009,844 | ---- | C] () -- C:\WINDOWS\System32\drivers\SymRedir.cat
[2009/02/19 12:31:42 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\SymRedir.inf
[2009/02/19 12:31:18 | 00,041,008 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndisv.sys
[2009/02/19 12:31:16 | 00,184,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2009/02/19 12:31:16 | 00,096,560 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symfw.sys
[2009/02/19 12:31:16 | 00,038,576 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symids.sys
[2009/02/19 12:31:16 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndis.sys
[2009/02/19 12:31:16 | 00,022,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symredrv.sys
[2009/02/19 12:31:16 | 00,013,616 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symdns.sys
========== Files - Modified Within 30 Days ==========
[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/20 11:42:47 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk
[2009/03/20 11:42:47 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk
[2009/03/20 11:32:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/20 11:32:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/20 11:32:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/20 11:32:00 | 10,731,39712 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/20 11:30:52 | 02,480,104 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/03/20 11:30:45 | 00,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/20 11:30:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/20 11:30:45 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/03/20 09:41:28 | 02,012,936 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\278180.rar
[2009/03/20 09:25:54 | 00,001,740 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\VIPRE.lnk
[2009/03/19 15:55:11 | 00,654,294 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\SafeMode Scan results.bmp
[2009/03/19 11:07:13 | 00,561,364 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/19 11:07:13 | 00,467,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/19 11:07:13 | 00,085,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/19 11:04:18 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/03/19 11:02:20 | 00,665,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/19 10:52:49 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/19 10:38:16 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/03/19 08:45:21 | 00,000,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\netstat.bat
[2009/03/19 08:42:22 | 01,447,262 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\Vipre scan results.bmp
[2009/03/19 08:41:43 | 00,911,934 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\vipre risk details.bmp
[2009/03/19 08:19:06 | 00,003,820 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\searchassistant.reg
[2009/03/18 11:50:54 | 00,233,274 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\untitled2.bmp
[2009/03/18 11:43:25 | 00,728,694 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\untitled.bmp
[2009/03/18 11:12:56 | 00,000,084 | -HS- | M] () -- C:\DOCUME~1\ADMINI~1\My Documents\desktop.ini
[2009/03/17 15:24:09 | 00,129,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/17 15:23:59 | 00,002,393 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\TurboTax 2008.lnk
[2009/03/16 06:01:24 | 00,065,320 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/03/13 13:15:28 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\spyprotector.cpl
[2009/03/09 20:00:00 | 00,000,630 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Char Hill.job
[2009/03/04 23:30:16 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/19 13:03:34 | 00,579,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymNeti.dll
[2009/02/19 13:03:26 | 00,207,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymRedir.dll
[2009/02/19 12:31:42 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/02/19 12:31:42 | 00,009,844 | ---- | M] () -- C:\WINDOWS\System32\drivers\SymRedir.cat
[2009/02/19 12:31:42 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SymRedir.inf
[2009/02/19 12:31:18 | 00,041,008 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndisv.sys
[2009/02/19 12:31:16 | 00,184,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys
[2009/02/19 12:31:16 | 00,096,560 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symfw.sys
[2009/02/19 12:31:16 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symids.sys
[2009/02/19 12:31:16 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symndis.sys
[2009/02/19 12:31:16 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symredrv.sys
[2009/02/19 12:31:16 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symdns.sys
< End of report >
**** Extras Log ****
OTListIt Extras logfile created on: 3/20/2009 11:48:09 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.0 Folder = C:\Documents and Settings\Administrator\Desktop\Virus Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.36 Mb Total Physical Memory | 541.02 Mb Available Physical Memory | 52.87% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 86.31 Gb Total Space | 66.00 Gb Free Space | 76.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.84 Gb Total Space | 0.72 Gb Free Space | 10.47% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 29.91 Gb Total Space | 29.52 Gb Free Space | 98.70% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CHARHILL
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)
C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler ()
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1F89F212-2052-414A-8B7E-D8604C431BDF}" = HP User Guides 0013
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2298055A-F5E6-4332-9A15-C5D99870E72F}" = HP Embedded Security for ProtectTools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (NR2007)
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{340695E9-AABC-4BCE-98CC-DFDC20649242}" = Enterprise
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 B2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8D199EBB-749F-478E-B4E4-9D343A1BEB07}" = NeatReceipts Professional 3.0 Core Files
"{8D8B55F5-419F-4D5D-B52D-30DFFDDEBCE0}" = SymNet
"{8EA67542-82B6-4c5c-8AD3-CD36232C1362}" = HP PSC & Officejet 4.7 Corporate Edition
"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 B3
"{91789CDD-E83A-4186-B436-AA7A588679FD}" = NeatReceipts Database Controller
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95F9D960-C571-11D0-90F0-00001B1EFBA8}" = QuickBooks 2001
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 C2
"{AE1B3F7B-CF35-4195-9D30-ED08A4BA892E}" = ATI Catalyst Control Center
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BB2F715D-2030-4689-8070-4415185A2412}" = VIPRE Antivirus + Antispyware
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD763351-DE1C-4EA7-986D-A6EC8AF76434}" = TurboTax 2008 waziper
"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Hardcopy" = Hardcopy
"hp photosmart 7900 series_Driver" = hp photosmart 7900 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NeatReceipts Professional" = NeatReceipts Professional
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pet Vet" = Pet Vet (remove only)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Shopping List_is1" = Shopping List 4.x
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Typing Instructor for Kids 3" = Typing Instructor for Kids 3
"Web Cal Plus" = Web Cal Plus
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/20/2009 8:37:01 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 8:46:23 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 9:11:27 AM | Computer Name = CHARHILL | Source = MsiInstaller | ID = 1008
Description = The installation of C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{3F9B37D7-D6A4-47F5-9754-3654E761B34E}\SBVIPRE_EN.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.
Error - 3/20/2009 9:15:26 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 9:16:51 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 9:30:11 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 9:36:43 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
Error - 3/20/2009 9:47:12 AM | Computer Name = CHARHILL | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 3/20/2009 9:47:12 AM | Computer Name = CHARHILL | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 3/20/2009 11:32:08 AM | Computer Name = CHARHILL | Source = comHost | ID = 65535
Description =
[ System Events ]
Error - 3/20/2009 9:45:40 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).
Error - 3/20/2009 9:45:46 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/20/2009 9:45:49 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The SNMP Service service terminated unexpectedly. It has done this
1 time(s).
Error - 3/20/2009 9:46:04 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/20/2009 9:46:04 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7031
Description = The Remote Registry service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.
Error - 3/20/2009 9:46:04 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/20/2009 9:46:04 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The WebClient service terminated unexpectedly. It has done this 1
time(s).
Error - 3/20/2009 9:46:09 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).
Error - 3/20/2009 11:32:50 AM | Computer Name = CHARHILL | Source = Service Control Manager | ID = 7023
Description = The COM Host service terminated with the following error: %%2147549183
Error - 3/20/2009 11:33:32 AM | Computer Name = CHARHILL | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00430068, parameter2 00000002, parameter3
00000000, parameter4 804f45aa.
< End of report >
Attached Files
Edited by goldster, 23 March 2009 - 10:16 AM.