The laptop is a dell D400 with a detachable cd rom drive.below I have included the three reports from all of the software
OTL
OTL logfile created on: 9/2/2009 10:08:01 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.20 Mb Total Physical Memory | 761.37 Mb Available Physical Memory | 74.48% Memory free
1.66 Gb Paging File | 1.53 Gb Available in Paging File | 92.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 10.91 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive D: | 210.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-D0CD241933
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2005/07/05 05:32:04 | 00,639,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ZCfgSvc.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/29 04:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/02 22:01:06 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/11/11 02:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2008/02/21 18:02:53 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Stopped])
SRV - [2008/02/18 14:37:42 | 00,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
SRV - [2007/08/22 04:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/28 22:19:32 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2004/06/30 13:05:21 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008/09/05 12:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/10/17 16:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice [Auto | Stopped])
SRV - [2007/06/11 10:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Stopped])
SRV - [2007/06/11 10:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device [Auto | Stopped])
SRV - [2003/04/29 18:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/07/05 05:26:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Stopped])
SRV - [2005/07/05 05:28:34 | 00,421,955 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Stopped])
SRV - [2007/08/10 20:46:18 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])
SRV - [2008/11/24 13:25:31 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2005/12/19 13:08:42 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])
SRV - [2006/10/18 23:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2004/06/30 13:05:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/31 21:25:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/02 17:02:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/01 16:22:24 | 00,000,000 | ---D | M]
[2009/08/31 20:50:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/31 20:50:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 16:03:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 16:03:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/31 22:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/08/04 16:03:31 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/24 00:12:00 | 00,001,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [KB923561] C:\WINDOWS\System32\apphelp.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1175875028027 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1175875141640 (MUWebControl Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/27 15:02:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009/09/02 22:01:05 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/02 22:00:16 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/09/02 21:14:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/09/02 21:14:05 | 00,003,023 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/09/02 21:06:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/02 21:06:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/02 21:06:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/09/02 21:06:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/09/02 17:16:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/01 16:59:58 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/09/01 16:59:43 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/09/01 16:53:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/09/01 16:11:32 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2009/09/01 00:37:25 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/09/01 00:29:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/09/01 00:29:47 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/01 00:29:44 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/01 00:29:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/01 00:29:09 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/01 00:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/01 00:27:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/01 00:25:59 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/09/01 00:25:59 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/09/01 00:25:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/31 21:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/08/31 21:24:06 | 00,000,000 | ---D | C] -- C:\d6a81001d56f4bf8d7db04031c7134
[2009/08/31 20:52:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/08/31 20:02:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/31 17:37:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Shayla DeVore
[2009/08/31 16:31:51 | 00,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2009/08/31 16:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2009/08/30 20:48:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/08/30 20:48:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/08/30 19:36:06 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/08/30 19:19:33 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/08/25 19:28:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/08/25 19:28:14 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/08/25 19:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer(2)
[2009/08/25 19:26:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/25 19:26:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/25 19:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/22 14:12:58 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
========== Files - Modified Within 14 Days ==========
[2 C:\WINDOWS\*.tmp files]
[2009/09/02 22:01:06 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/09/02 22:00:16 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/09/02 21:40:51 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/02 21:40:51 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/02 21:40:49 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/02 21:37:02 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/02 21:35:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/02 21:35:40 | 00,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/02 21:20:53 | 00,003,023 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/09/02 20:57:54 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/09/02 20:20:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/02 20:20:26 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/09/02 20:14:11 | 00,000,670 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/02 20:14:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/02 20:14:11 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/09/02 20:04:25 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/02 17:17:20 | 00,510,352 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/09/01 16:11:32 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2009/09/01 00:29:47 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/01 00:25:59 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/09/01 00:25:59 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/08/27 16:22:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ATHPRXY(2).DLL
========== LOP Check ==========
[2009/09/02 16:22:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/09/02 16:23:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/11/24 13:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/24 12:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008/11/22 01:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/12/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
[2009/07/21 00:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/08/11 12:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/22 21:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/03/07 21:38:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2002/09/03 15:48:04 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/02 20:20:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/02 20:20:26 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38673444
< End of report >
extras
OTL Extras logfile created on: 9/2/2009 10:08:01 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.20 Mb Total Physical Memory | 761.37 Mb Available Physical Memory | 74.48% Memory free
1.66 Gb Paging File | 1.53 Gb Available in Paging File | 92.11% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 10.91 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive D: | 210.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: USER-D0CD241933
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\lxdicfg.exe" = C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" = C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{094FABA0-4865-11D4-95B6-000103485DB6}" = SimCoaster
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}" = RollerCoaster Tycoon
"{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Bonus
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = CardBus
"{530FFED3-1F94-4E6E-AE1E-AFDEED340FCA}" = Deal or No Deal
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{574595C0-D6B4-4DB4-99F5-942D8DF02ED4}" = SymNet
"{66B9BD1F-4189-4F35-BD82-9948720A04CF}" = Parental Control
"{69CCCF13-601F-43FC-A4A7-4A2ADF0821D1}" = Norton AntiVirus Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}" = CC_ccProxyExt
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}" = ccPxyCore
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{b697396d-4bff-430d-9578-8aa5a549777a}" = Intel® PROSet
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F881C2-B134-474E-AA60-B25DD218AE0D}" = Crash Analysis Tool
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8176C35-0C2D-4142-9ED4-81861ECAB403}" = CIB
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CGSPELLV10" = Uninstall Curious George RW&S
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"Family Feud" = Family Feud
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = PCI 7510 CardBus Controller with SmartCard and Software
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mission Runway" = Mission Runway
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MP3 Rocket" = MP3 Rocket
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RumbleFighter" = Rumble Fighter
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpongeBob SquarePants 3-D" = SpongeBob SquarePants 3-D
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SymSetup.{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Norton Add-on Pack (Symantec Corporation)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/31/2009 4:29:34 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\User\Local Settings\Application
Data\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}\Memeo AutoBackup.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:29:44 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\User\Local Settings\Application
Data\{E00349D7-2D4A-40AB-AD07-7E81E8674BDA}\Memeo AutoSync.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:55:53 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:55:53 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:55:56 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:55:56 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:56:07 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:56:07 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:56:13 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 8/31/2009 4:56:13 PM | Computer Name = USER-D0CD241933 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\5355bd.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
[ System Events ]
Error - 9/2/2009 8:07:42 PM | Computer Name = USER-D0CD241933 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 9/2/2009 8:09:10 PM | Computer Name = USER-D0CD241933 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 9/2/2009 8:14:48 PM | Computer Name = USER-D0CD241933 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 9/2/2009 8:16:15 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 9:28:04 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 9:32:14 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 9:32:54 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 9:33:34 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 9:34:29 PM | Computer Name = USER-D0CD241933 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
Error - 9/2/2009 10:05:46 PM | Computer Name = USER-D0CD241933 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
mbam
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2 (Safe Mode)
9/1/2009 12:34:00 PM
mbam-log-2009-09-01 (12-34-00).txt
Scan type: Full Scan (C:\|)
Objects scanned: 167239
Time elapsed: 46 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{394877F8-517C-4656-86B4-EF900C9003CE}\RP150\A0052317.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{394877F8-517C-4656-86B4-EF900C9003CE}\RP152\A0082395.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
root repeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/02 22:05
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7543000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7494000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF6FB3000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7553000 Size: 42368 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF742E000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: b57xp32.sys
Image Path: C:\WINDOWS\System32\DRIVERS\b57xp32.sys
Address: 0xF7280000 Size: 167936 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF78FB000 Size: 16384 File Visible: - Signed: -
Status: -
Name: bcmwl5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\bcmwl5.sys
Address: 0xF7218000 Size: 424320 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A0F000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF78F3000 Size: 12288 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7613000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7523000 Size: 53248 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF78F7000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF7513000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6DFF000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A1B000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF70FB000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7B1E000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF740E000 Size: 129792 File Visible: - Signed: -
Status: -
Name: framebuf.dll
Image Path: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A0B000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7446000 Size: 125056 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF7204000 Size: 9984 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7573000 Size: 52480 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF79E7000 Size: 5504 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF6FFD000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF70A8000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF74E3000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77CB000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF79E3000 Size: 8192 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF7175000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF73E5000 Size: 92928 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF77C3000 Size: 23040 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF74F3000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF6E50000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF787B000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF75B3000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF799B000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF72FE000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7318000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF796F000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF7107000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF71D9000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF75E3000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7603000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF6FD5000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF788B000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7345000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B95000 Size: 2944 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7533000 Size: 61696 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF776B000 Size: 19712 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF7483000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCIIde.sys
Image Path: PCIIde.sys
Address: 0xF7AAB000 Size: 3328 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS
Address: 0xF7763000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF7465000 Size: 120192 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF71C8000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF77FB000 Size: 17792 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF79DB000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF7583000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7593000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF75A3000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF780B000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF6EC0000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A13000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF7198000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF7623000 Size: 57600 File Visible: - Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xF6BD7000 Size: 49152 File Visible: No Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF73FC000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF6A85000 Size: 333952 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79F1000 Size: 4352 File Visible: - Signed: -
Status: -
Name: SymIM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SymIM.sys
Address: 0xF7823000 Size: 24576 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF704F000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF77EB000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF75C3000 Size: 40704 File Visible: - Signed: -
Status: -
Name: tiumflt.sys
Image Path: tiumflt.sys
Address: 0xF79E9000 Size: 7552 File Visible: - Signed: -
Status: -
Name: tiumfwl.sys
Image Path: C:\WINDOWS\system32\drivers\tiumfwl.sys
Address: 0xF77AB000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xF6E17000 Size: 66048 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF7117000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79F5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF779B000 Size: 30208 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF75D3000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF72A9000 Size: 147456 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF78AB000 Size: 26368 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7793000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF786B000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xF70DB000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7503000 Size: 52352 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF78EB000 Size: 20480 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF79E5000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF73D2000 Size: 77568 File Visible: - Signed: -
Status: -
hopefully this will help you diagnose my problem