Then started malware checking, so via the guide http://www.geekstogo...uide-t2852.html
This is my reports:
MBAM results
Malwarebytes' Anti-Malware 1.44
Database version: 3590
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/18/2010 10:06:25 AM
mbam-log-2010-01-18 (10-06-25).txt
Scan type: Quick Scan
Objects scanned: 120932
Time elapsed: 8 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
The Gmer crashes on three attemps to run at about the 30 min mark.
Report from OLT
OTL logfile created on: 1/18/2010 3:13:55 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Grant\Desktop\Sapphire Drivers\Malware
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 68.18 Gb Free Space | 38.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMP-85A8F7B8EC
Current User Name: Grant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/18 10:01:43 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grant\Desktop\Sapphire Drivers\Malware\OTL.exe
PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 20:09:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/29 06:54:44 | 00,806,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/09/10 18:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE
========== Modules (SafeList) ==========
MOD - [2010/01/18 10:01:43 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grant\Desktop\Sapphire Drivers\Malware\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/24 20:09:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/04 16:53:34 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/18 22:51:12 | 00,431,472 | ---- | M] (Juniper Networks) [On_Demand | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/05/26 19:35:02 | 00,303,104 | ---- | M] (Motive Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2009/05/04 06:46:59 | 00,604,416 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/05/04 06:46:55 | 00,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/04/27 13:21:36 | 00,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/15 13:45:22 | 00,135,168 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2003/08/13 13:23:00 | 00,106,496 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager)
SRV - [2003/08/13 13:10:04 | 00,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller)
SRV - [2003/08/13 13:07:22 | 00,094,208 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager)
SRV - [2001/09/10 18:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo...GE-t265572.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = %3clocal%3e:80
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.10
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "209.145.114.173:9090"
FF - prefs.js..network.proxy.gopher: "209.145.114.173:9090"
FF - prefs.js..network.proxy.http: "209.145.114.173:9090"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "209.145.114.173:9090"
FF - prefs.js..network.proxy.ssl: "209.145.114.173:9090"
FF - user.js..browser.search.openintab: false
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/01/18 09:55:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/14 06:29:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/15 11:06:31 | 00,000,000 | ---D | M]
[2008/12/17 19:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Mozilla\Extensions
[2009/11/23 14:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\726ebzim.default\extensions
[2009/04/20 08:51:24 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\726ebzim.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/05/04 07:08:01 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\726ebzim.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/20 07:35:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/15 17:49:56 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
O1 HOSTS File: ([2010/01/11 21:16:32 | 00,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ˙˙2
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: egs-seg.gc.ca ([blrscr3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdcanadatrust.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\misc\superanitspy\SASWINLO.DLL - C:\misc\superanitspy\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Grant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Grant\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\misc\superanitspy\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/01 12:43:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0904e732-98d3-11de-81b1-001111ca0d30}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 17:12:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\L\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2008/04/13 17:12:34 | 00,023,040 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/12/01 12:43:15 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 14 Days ==========
[2010/01/18 11:11:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Grant\Recent
[2010/01/18 09:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Grant\Application Data\Malwarebytes
[2010/01/18 09:33:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/18 09:33:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/18 09:33:06 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/18 09:33:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/18 09:24:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/18 09:24:05 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/17 21:04:50 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010/01/16 11:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/01/16 11:15:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/16 11:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/01/13 21:48:21 | 00,095,232 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/01/13 17:19:18 | 00,000,000 | ---D | C] -- C:\ATI
[2010/01/13 16:16:08 | 00,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/01/13 16:16:04 | 00,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/01/13 15:47:17 | 00,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/01/13 15:47:14 | 00,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/01/13 15:47:11 | 01,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/01/13 15:46:03 | 00,578,646 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\Grant\Desktop\chasseur.exe
[2010/01/11 21:38:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/11 21:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Grant\Application Data\SUPERAntiSpyware.com
[2010/01/11 21:37:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/11 16:41:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/01/11 16:41:42 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/01/10 20:58:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Grant\My Documents\BOOT
[2010/01/10 11:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/01/10 11:40:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Grant\Desktop\Sapphire Drivers
[2010/01/05 23:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/08/09 14:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Juniper Networks
[2009/03/22 09:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/03/05 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/03/01 14:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/10 22:34:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2006/11/06 13:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2006/10/26 06:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2004/12/01 12:49:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/12/01 12:43:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/12/01 12:43:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/01/18 15:11:08 | 00,009,891 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/01/18 14:50:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 11:11:52 | 06,029,312 | ---- | M] () -- C:\Documents and Settings\Grant\NTUSER.DAT
[2010/01/18 09:43:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Grant\ntuser.ini
[2010/01/18 09:33:11 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/18 09:27:38 | 07,602,176 | ---- | M] () -- C:\Documents and Settings\Grant\NTUSER.bak
[2010/01/18 09:24:06 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\NTREGOPT.lnk
[2010/01/18 09:24:06 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\ERUNT.lnk
[2010/01/17 19:53:16 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\New Microsoft Word Document.doc
[2010/01/17 09:46:26 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/17 09:46:26 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/17 09:46:26 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/16 16:45:45 | 03,749,124 | -H-- | M] () -- C:\Documents and Settings\Grant\Local Settings\Application Data\IconCache.db
[2010/01/16 13:51:10 | 00,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/01/16 11:22:24 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\SpeedFan.lnk
[2010/01/16 11:22:23 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/01/16 11:12:53 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\WhoCrashed.lnk
[2010/01/15 15:57:23 | 00,807,424 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\computer.doc
[2010/01/15 13:04:44 | 00,000,089 | ---- | M] () -- C:\WINDOWS\NavWin.INI
[2010/01/14 14:20:29 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 17:35:22 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/12 22:25:50 | 00,038,912 | ---- | M] () -- C:\Documents and Settings\Grant\Desktop\alarms.doc
[2010/01/08 17:42:00 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/01/18 09:33:11 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/18 09:24:06 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\NTREGOPT.lnk
[2010/01/18 09:24:06 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\ERUNT.lnk
[2010/01/17 19:53:16 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\New Microsoft Word Document.doc
[2010/01/16 11:22:24 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\SpeedFan.lnk
[2010/01/16 11:22:21 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/01/16 11:12:53 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\WhoCrashed.lnk
[2010/01/13 17:10:15 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/01/12 22:18:36 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\alarms.doc
[2010/01/07 18:35:18 | 00,807,424 | ---- | C] () -- C:\Documents and Settings\Grant\Desktop\computer.doc
[2009/05/02 08:23:09 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/15 16:49:00 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/20 11:44:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/28 18:09:08 | 00,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/12/26 21:14:30 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Grant\Local Settings\Application Data\fusioncache.dat
[2008/10/14 10:53:24 | 00,000,135 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2008/08/01 15:41:36 | 00,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/26 19:58:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/05/29 12:23:01 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
[2008/04/27 21:52:32 | 00,000,089 | ---- | C] () -- C:\WINDOWS\NavWin.INI
[2008/04/27 21:51:59 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\G32_TICK.DLL
[2008/03/04 14:34:53 | 00,054,624 | ---- | C] () -- C:\WINDOWS\System32\af338.sys
[2007/09/12 15:40:10 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/07/12 21:42:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2007/04/03 18:16:28 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\1672794204.dll
[2007/04/01 16:00:26 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/03/01 15:42:11 | 00,000,598 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/29 22:03:40 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/22 17:38:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/12/12 09:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/28 16:35:57 | 00,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/11/04 14:50:14 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\Grant\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/21 14:16:00 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/10/21 14:11:42 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/21 14:11:42 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/21 14:11:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/21 14:11:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/21 14:11:42 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/21 14:11:42 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/21 14:10:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/21 14:03:47 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2005/08/02 14:24:02 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/12/01 14:43:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/01 12:51:57 | 00,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/01 11:29:23 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/12/01 11:29:10 | 00,030,723 | ---- | C] () -- C:\WINDOWS\System32\sxofcp3.dll
[2004/12/01 11:29:10 | 00,030,722 | ---- | C] () -- C:\WINDOWS\System32\2kreins.dll
[2004/12/01 11:29:10 | 00,021,506 | ---- | C] () -- C:\WINDOWS\System32\pregwin.dll
[2004/12/01 11:28:46 | 00,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/01 11:28:15 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009/10/01 18:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/15 13:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs
[2007/05/10 11:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/08/01 15:41:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2007/07/12 21:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/08/19 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/03/01 14:39:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA6C.tmp
[2007/03/01 14:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA7A.tmp
[2009/06/07 10:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/04/06 19:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2009/10/22 07:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/25 16:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TELUS
[2008/06/23 15:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/05 12:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tenebril
[2006/10/21 15:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/05/04 06:45:34 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/10/23 19:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/02/13 15:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\BookmarkBridge
[2007/07/13 20:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\HotSync
[2009/05/09 08:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Hoyle
[2009/02/22 17:02:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Hoyle FaceCreator
[2007/02/13 11:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\InterVideo
[2010/01/11 21:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Leadertech
[2009/06/07 10:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\NCH Swift Sound
[2009/04/15 17:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Red Alert 3
[2009/10/16 17:59:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\TELUS
[2006/11/01 11:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\TuneUp Software
[2009/10/01 18:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Grant\Application Data\Uniblue
[2009/07/26 21:00:03 | 00,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2009/12/13 10:09:20 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/13 10:09:19 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/17 17:39:52 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 05:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/17 17:39:52 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/17 17:39:52 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 05:00:00 | 16,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/17 17:39:52 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/10 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/11/24 20:27:54 | 00,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 17:11:51 | 01,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:AC9C4C0BDBADA944
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OLT Extras report
OTL Extras logfile created on: 1/18/2010 3:13:55 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Grant\Desktop\Sapphire Drivers\Malware
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179.31 Gb Total Space | 68.18 Gb Free Space | 38.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COMP-85A8F7B8EC
Current User Name: Grant
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\misc\rise\rise.exe" = C:\misc\rise\rise.exe:*:Disabled:Rise of Nations -- (Big Huge Games, Inc.)
"C:\misc\Holye\Hoyle Card Games.exe" = C:\misc\Holye\Hoyle Card Games.exe:*:Disabled:Hoyle Card Games -- ()
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\MISC\Firefly Studios\Stronghold Crusaders\Stronghold Crusader.exe" = C:\Program Files\MISC\Firefly Studios\Stronghold Crusaders\Stronghold Crusader.exe:*:Disabled:Stronghold Crusader -- ()
"C:\Program Files\MISC\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Program Files\MISC\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Disabled:Stronghold Legends -- (Firefly Studios)
"C:\Program Files\EA Games\The Godfather II\godfather2.exe" = C:\Program Files\EA Games\The Godfather II\godfather2.exe:*:Disabled:The Godfather™ II -- (Electronic Arts Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0965D484-1777-4BA5-8C3A-095A6B0D2696}_is1" = Driver Sweeper 1.5.5
"{0B1F138F-F085-22C6-6A38-3DBFB785B14B}" = Catalyst Control Center Graphics Full New
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2481EC4A-B95E-6B1F-9240-EC3C7A72CF6F}" = Skins
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160050}" = Java SE Development Kit 6 Update 5
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}" = Trade Navigator
"{3C637334-FE5D-E488-4F11-BF9EFD6ADAA9}" = CCC Help English
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{433AA25B-442D-D97B-6492-71D2747355DB}" = ccc-utility
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{61BCD850-1A0F-E253-06FF-2A9778945765}" = ccc-core-static
"{6264F0C5-3D33-A669-62ED-AD8E325723BB}" = Catalyst Control Center Core Implementation
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{67D29F24-DB21-8599-CC54-AE736306180D}" = ATI Catalyst Install Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{756D213C-254E-42D0-B00A-C4E964E661A9}" = UltraEdit 15.00
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{83BF9176-882C-3AE7-3E1F-3F7E62EFD459}" = ccc-core-preinstall
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{932B8CC5-06AB-375C-42B9-B0CB58BC7019}" = Catalyst Control Center HydraVision Full
"{98282981-0E26-50CD-6D7F-F0E3E3DF6486}" = Catalyst Control Center Graphics Full Existing
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B31FFE22-A9BB-CB94-F91B-E678B8645D49}" = Catalyst Control Center Localization All
"{B80964E3-9445-46C3-3A2F-6556B595CBAC}" = Catalyst Control Center Graphics Light
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D410670C-B1B7-E7A4-0CD1-5C18669D35E5}" = Catalyst Control Center Graphics Previews Common
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"Able2Extract v3.0" = Able2Extract v3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AnyDVD" = AnyDVD
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Dante's Card Maker" = Dante's Card Maker
"DAO 3.5" = DAO 3.5
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Hearts of Iron 2 Doomsday_is1" = Hearts of Iron 2 Doomsday
"Hoyle Card Games" = Hoyle Card Games
"ie8" = Windows Internet Explorer 8
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSC" = McAfee SecurityCenter
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"PROSet" = Intel® PRO Network Adapters and Drivers
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedFan" = SpeedFan (remove only)
"WhoCrashed_is1" = WhoCrashed 2.00
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 1/18/2010 12:20:01 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Run the configured recovery program.
Error - 1/18/2010 12:20:02 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee SystemGuards service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/18/2010 12:55:18 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 1/18/2010 12:55:19 PM | Computer Name = COMP-85A| Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.
Error - 1/18/2010 12:57:45 PM | Computer Name = COMP-85A| Source = DCOM | ID = 10010
Description = The server {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} did not register
with DCOM within the required timeout.
< End of report >
Any ideas?