The infected machine is a Dell Latitude D630 laptop running WinXP. The anti-virus program in use is McAfee VirusScan Enterprise v8.7.0i patch 2. A couple of times per day, McAfee catches and quarantines files that are related to the malware (but apparently not the root cause of the malware). The file name listed is not always the same, but here is a screen-shot of one of the errors (in a word doc): http://www.guthrieho...e_Error_001.doc
I have gone through the "malware removal guide" post in this forum. I will post all the requested information below. One note, when I ran the OTL program, it ran for awhile but eventually errored out with a popup box declaring the following error: "Invalid time flag! [md5start] Must be numerical."
I actually started through the guide a couple of weeks ago, but did not have enough time to pursue finishing it. At that time, OTL did run successfully so I have copied and pasted those logs into this post.
Thanks for any help! My hope is that this can be fixed without re-imaging the computer.
GMER LOG:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 18:01:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KGUTHR~1.COL\LOCALS~1\Temp\fftyapow.sys
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D89610]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D89624]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D895D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D895E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D8964E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D8963A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D895FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9EF6B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort0 [B9EF6B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdePort1 [B9EF6B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9EF6B3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\usbhub \Device\000000d0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c6 hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbhub \Device\000000c8 hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ba hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000bc hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ca hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000be hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Fastfat \Fat AC36AD20
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
MBAM LOG:
Malwarebytes' Anti-Malware 1.42
Database version: 3423
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
12/24/2009 8:50:40 AM
mbam-log-2009-12-24 (08-50-40).txt
Scan type: Quick Scan
Objects scanned: 144340
Time elapsed: 18 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL LOG:
OTL logfile created on: 11/17/2009 9:21:06 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Downloads\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 115.77 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KGUTHRIE1
Current User Name: kguthrie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/17 20:48:30 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL\OTL.exe
PRC - [2009/10/31 20:16:51 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/16 11:56:24 | 00,716,800 | ---- | M] () -- C:\Standalone Programs\Ditto\Ditto.exe
PRC - [2009/08/14 19:13:08 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/08/14 19:12:46 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2009/08/14 19:12:34 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/05/01 13:35:54 | 00,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/23 01:46:56 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/12/10 18:03:15 | 00,417,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/10/02 10:23:16 | 00,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/29 13:58:16 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 18:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/25 15:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 15:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 15:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 15:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/05/31 14:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/14 13:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/14 13:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/18 22:27:16 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/01/29 03:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 01:34:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/01/13 07:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE
PRC - [2006/12/19 13:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/20 16:23:38 | 00,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/07 23:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/07 23:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/07/27 15:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (SafeList) ==========
MOD - [2009/11/17 20:48:30 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL\OTL.exe
MOD - [2009/08/16 11:53:48 | 00,045,056 | ---- | M] () -- C:\Standalone Programs\Ditto\focus.dll
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/08/14 19:13:08 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/08/14 19:12:46 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/08/14 19:12:34 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/05/01 13:35:54 | 00,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/01/23 01:46:56 | 00,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/12/10 18:03:15 | 00,417,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/12/01 10:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/11/03 23:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/29 13:58:16 | 01,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/07/25 15:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2007/07/25 15:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2007/07/25 15:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2007/07/25 15:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2007/05/31 14:50:40 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/05/14 13:21:40 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/18 22:27:16 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/01/13 07:00:00 | 00,323,584 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE -- (NetCfgSvr)
SRV - [2006/12/19 13:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071010
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.22.8.65:80
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.3Beta2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2.1
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.023
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..network.proxy.backup.ftp: "172.22.8.65"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "172.22.8.65"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "172.22.8.65"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "172.22.8.65"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "172.22.8.65"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "172.22.8.65"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "172.22.8.65"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.22.8.65"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "172.22.8.65"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 08:34:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/12 00:45:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 00:45:46 | 00,000,000 | ---D | M]
[2009/02/12 16:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Extensions
[2009/02/12 16:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/17 19:39:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions
[2009/08/08 13:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/17 16:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/08/30 08:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/01/19 09:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{74FD056A-18A2-41d8-B9A8-2025C3FFBA94}
[2009/02/28 19:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/08/30 08:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/02/28 10:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/12 16:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]
[2009/02/12 15:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]
[2009/02/14 00:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]
[2009/06/01 16:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]
[2009/08/30 08:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\unplug@compunach
[2009/02/12 16:09:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]\chrome
[2009/02/12 16:09:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]\defaults
[2009/02/12 16:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mozilla\Firefox\Profiles\mq2b37as.default\extensions\[email protected]\modules
[2009/11/16 19:30:26 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/31 20:17:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/22 08:59:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2009/10/31 20:16:46 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/31 20:16:46 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/14 10:13:24 | 00,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/14 10:13:26 | 00,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/09/04 13:01:39 | 00,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2008/08/14 07:58:26 | 00,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2008/08/14 07:57:34 | 00,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/10/31 20:17:09 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2008/06/11 21:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/02/12 16:05:45 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/02/12 16:05:45 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/02/12 16:05:45 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/02/12 16:05:45 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/02/12 16:05:45 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/02/12 16:05:45 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/02/12 16:05:45 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1589 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.4 ARS7ITSM # One of my VMs
O1 - Hosts: 10.91.20.58 IDLRMAP01.dev # Midwest ISO dev server
O1 - Hosts: 192.168.26.57 remedydev # Charter CM dev server remedydev.corp.chartercom.com
O1 - Hosts: 192.168.26.81 kstlurmwd01 # Charter CM midtier kstlurmwd01.corp.chartercom.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [Ditto] C:\Standalone Programs\Ditto\Ditto.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: columnit.com ([projects] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.chart...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194888540875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} https://projects.col...033/pjcintl.cab (PJ12ENUC Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://column.webex...ort/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} https://projects.col...ts/pjclient.cab (PjAdoInfo4 Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ra.midwestis...perSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = columnit.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6dc44641-1ad8-11de-bf66-001e377e01e7}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{6dc44641-1ad8-11de-bf66-001e377e01e7}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 16:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (71216729635684352)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/17 20:31:24 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kguthrie.COLUMNIT\Desktop\TFC.exe
[2009/11/11 12:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/11 03:01:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/07 14:01:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Malwarebytes
[2009/11/07 14:01:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/07 14:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/07 14:01:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/07 14:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 14 Days ==========
[2009/11/17 21:19:56 | 05,505,024 | ---- | M] () -- C:\Documents and Settings\kguthrie.COLUMNIT\NTUSER.DAT
[2009/11/17 20:40:15 | 00,469,666 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/17 20:40:15 | 00,081,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/17 20:40:14 | 00,561,390 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/17 20:36:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/17 20:36:06 | 00,030,160 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/17 20:35:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/17 20:35:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/17 20:30:23 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kguthrie.COLUMNIT\Desktop\TFC.exe
[2009/11/11 12:31:23 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Desktop\HijackThis.lnk
[2009/11/11 03:20:26 | 00,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/07 14:01:18 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/05 07:39:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files Created - No Company Name ==========
[2009/11/11 12:31:23 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Desktop\HijackThis.lnk
[2009/11/07 14:01:18 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/27 10:59:12 | 00,004,158 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\powjnvfp.pmy
[2009/10/14 09:42:43 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/09/22 07:45:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\sqljdbc_auth.dll
[2009/07/28 22:17:57 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2009/07/24 18:16:34 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\$_hpcst$.hpc
[2009/07/16 19:17:02 | 00,038,544 | ---- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Comma Separated Values (Windows).ADR
[2009/03/27 20:57:52 | 00,011,264 | ---- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/17 11:52:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\desktop.ini
[2009/01/17 11:52:06 | 06,953,254 | -H-- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Application Data\IconCache.db
[2009/01/17 11:52:06 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/02 15:23:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/10/20 10:06:12 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/08/29 13:58:26 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/05/22 13:33:08 | 00,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysathea.dll
[2008/04/23 08:29:00 | 00,000,449 | ---- | C] () -- C:\Program Files\Shortcut to Java.lnk
[2008/04/01 13:42:29 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/03/18 15:17:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2008/02/19 00:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/12 14:19:35 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/11/12 12:26:52 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/11/09 16:34:24 | 00,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/10 00:29:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/10 00:27:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/10/10 00:21:44 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/10/10 00:21:44 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/10 00:11:38 | 01,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/10/09 23:46:09 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/09 23:46:09 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/09 23:46:08 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/09 23:46:08 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/09 23:44:39 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/30 14:30:30 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2007/01/13 13:03:04 | 00,049,230 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\devicemanager.xml.rc4
[2006/11/07 03:25:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/02 13:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 16:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/11 16:00:37 | 00,000,749 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 16:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2002/02/27 08:41:28 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 08:41:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 08:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
========== LOP Check ==========
[2008/08/19 11:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009/10/29 06:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2007/10/10 00:22:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/16 10:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/21 13:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/11/09 15:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2007/12/20 09:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/19 16:58:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\AR System
[2009/01/17 11:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Dell
[2009/10/23 10:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Juniper Networks
[2009/10/21 13:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Leadertech
[2009/07/28 21:52:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Mp3tag
[2009/01/17 12:34:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\OfficeUpdate12
[2009/04/07 21:58:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Opera
[2009/08/09 21:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Smith Micro
[2007/10/10 00:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Wave Systems Corp
[2009/11/13 15:33:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\webex
[2009/01/23 09:00:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Windows Desktop Search
[2009/01/23 09:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\kguthrie.COLUMNIT\Application Data\Windows Search
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/17 20:35:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2009/09/05 21:02:20 | 01,837,280 | ---- | M] (Microsoft Corporation) -- C:\snpvw.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2 C:\i386\*.tmp files -> C:\i386\*.tmp -> ]
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
OTL EXTRA LOG:
OTL Extras logfile created on: 11/17/2009 9:21:06 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Downloads\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.97 Gb Total Space | 115.77 Gb Free Space | 77.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KGUTHRIE1
Current User Name: kguthrie
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\AT&T Network Client\NetClient.exe" = C:\Program Files\AT&T Network Client\NetClient.exe:*:Enabled:Network access client -- (AT&T)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Standalone Programs\Eclipse\eclipse.exe" = C:\Standalone Programs\Eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\AT&T Network Client\NetClient.exe" = C:\Program Files\AT&T Network Client\NetClient.exe:*:Enabled:Network access client -- (AT&T)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627006\Windows\resource\jre\bin\javaw.exe" = C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627006\Windows\resource\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found
"C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627270\Windows\resource\jre\bin\javaw.exe" = C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627270\Windows\resource\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found
"C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627427\Windows\resource\jre\bin\javaw.exe" = C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627427\Windows\resource\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found
"C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627543\Windows\resource\jre\bin\javaw.exe" = C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253627543\Windows\resource\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found
"C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253710573\Windows\resource\jre\bin\javaw.exe" = C:\Documents and Settings\kguthrie.COLUMNIT\Local Settings\Temp\I1253710573\Windows\resource\jre\bin\javaw.exe:*:Enabled:Java Platform SE binary -- File not found
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\AR System\ars7.5\DevStudio\DeveloperStudio\devstudio.exe" = C:\Program Files\AR System\ars7.5\DevStudio\DeveloperStudio\devstudio.exe:*:Enabled:devstudio -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{154A9EEB-05FC-45E6-B7BD-75D27ED02276}" = Crystal11_Redistributables
"{1DD270EC-7EA7-4667-8E50-057AD5526399}" = BMC Remedy Migrator 7.1
"{1F695CFF-C3A2-4A06-8D40-2FC93BC4208A}" = BMC Remedy User 7.1
"{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{28AAE6A5-B887-4E19-B06C-E367F3C43EDB}" = Cisco AnyConnect VPN Client
"{2E21CBDA-1EDF-4C18-A561-DB53D683229F}" = AT&T Network Client
"{2ED57E6C-7276-4430-86DE-49D2007303B6}" = BMC Remedy Administrator 7.1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160060}" = Java SE Development Kit 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4C3FFAF4-133E-46BF-8498-E67FF90E2823}" = RSA SecurID Software Token
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{520049D8-7E67-4E71-BB3E-74FDB34810AD}" = Softerra LDAP Browser
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B3-0409-0000-0000000FF1CE}" = Microsoft Office Project 2007 Add-in for Outlook
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPROR_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9556CFD4-3F7E-4D1C-958B-759703E9CC21}" = O2Micro USB Smart Card Reader
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D3023AD7-9CDE-48DC-8AA6-91BBE48EF86C}" = Abydos Analyser 4.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D9FCA292-1186-421F-8D93-9A5D272AD5D0}" = IntelliSonic Speech Enhancement
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EF26F10C-1CF0-101B-9CFD-978DF2FFD975}" = DNE Update
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"5FD5E95A18EBF60A056BA7A51A2E794E4216D3DD" = Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ARSystem 1" = BMC Remedy Action Request System 7.5.00 Install 1
"ARSystem 2" = BMC Remedy Action Request System 7.5.00 Install 2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Jukebox Driver" = Creative Jukebox Driver
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Calendar Sync" = Google Calendar Sync
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mp3tag" = Mp3tag v2.43
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PRJPROR" = Microsoft Office Project Professional 2007
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"SearchAssist" = SearchAssist
"SecondLife" = SecondLife (remove only)
"Snapshot Viewer" = Snapshot Viewer
"Trillian" = Trillian
"VISPROR" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VZAccess Manager" = VZAccess Manager
"Windows XP Service Pack" = Windows XP Service Pack 3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/15/2009 8:57:43 PM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/15/2009 8:58:31 PM | Computer Name = KGUTHRIE1 | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =
Error - 11/16/2009 9:41:03 AM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/16/2009 5:40:57 PM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/17/2009 1:40:57 AM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/17/2009 10:48:10 AM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/17/2009 6:48:07 PM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 11/17/2009 10:35:55 PM | Computer Name = KGUTHRIE1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 11/17/2009 10:35:55 PM | Computer Name = KGUTHRIE1 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 11/17/2009 10:35:55 PM | Computer Name = KGUTHRIE1 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
[ Cisco AnyConnect VPN Client Events ]
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 192.168.75.255
Netmask: 255.255.255.255 Gateway: 192.168.176.1 Interface: 192.168.176.221 Metric:
1
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 192.168.93.255
Netmask: 255.255.255.255 Gateway: 192.168.176.1 Interface: 192.168.176.221 Metric:
1
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 169.254.255.255
Netmask: 255.255.255.255 Gateway: 192.168.176.1 Interface: 192.168.176.221 Metric:
1
Error - 11/13/2009 8:54:27 AM | Computer Name = KGUTHRIE1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
[ OSession Events ]
Error - 4/15/2009 10:11:00 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 881
seconds with 300 seconds of active time. This session ended with a crash.
Error - 4/17/2009 10:02:09 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 41009
seconds with 60 seconds of active time. This session ended with a crash.
Error - 4/20/2009 9:57:51 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1187
seconds with 360 seconds of active time. This session ended with a crash.
Error - 4/24/2009 9:57:19 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2762
seconds with 420 seconds of active time. This session ended with a crash.
Error - 4/28/2009 9:48:11 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/6/2009 3:48:22 PM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21265
seconds with 1560 seconds of active time. This session ended with a crash.
Error - 6/1/2009 10:05:15 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1565
seconds with 240 seconds of active time. This session ended with a crash.
Error - 10/30/2009 10:29:57 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3362
seconds with 1560 seconds of active time. This session ended with a crash.
Error - 10/30/2009 10:31:44 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 102
seconds with 60 seconds of active time. This session ended with a crash.
Error - 10/30/2009 10:32:45 AM | Computer Name = KGUTHRIE1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/17/2009 10:32:41 PM | Computer Name = KGUTHRIE1 | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless SSO Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/17/2009 10:32:41 PM | Computer Name = KGUTHRIE1 | Source = Service Control Manager | ID = 7034
Description = The VMware DHCP Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/17/2009 10:32:41 PM | Computer Name = KGUTHRIE1 | Source = Service Control Manager | ID = 7034
Description = The VMware Authorization Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 11/17/2009 10:33:22 PM | Computer Name = KGUTHRIE1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 11/17/2009 10:34:29 PM | Computer Name = KGUTHRIE1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the vpnagent service.
Error - 11/17/2009 10:35:55 PM | Computer Name = KGUTHRIE1 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain COLUMNIT due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.
Error - 11/17/2009 10:36:07 PM | Computer Name = KGUTHRIE1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
Error - 11/17/2009 10:36:07 PM | Computer Name = KGUTHRIE1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.
Error - 11/17/2009 10:51:15 PM | Computer Name = KGUTHRIE1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 11/17/2009 11:21:15 PM | Computer Name = KGUTHRIE1 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.
< End of report >