Malwarebytes' Anti-Malware 1.44
Database version: 3608
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1/22/2010 4:58:34 PM
mbam-log-2010-01-22 (16-58-34).txt
Scan type: Quick Scan
Objects scanned: 158606
Time elapsed: 15 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 18:47:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SBurke\LOCALS~1\Temp\uwtyrkog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA7DEB6D0]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \Driver\atapi \Device\Ide\IdePort0 89F04638
Device \Driver\atapi \Device\Ide\IdePort1 89F04638
Device \Driver\atapi \Device\Ide\IdePort2 89F04638
Device \Driver\atapi \Device\Ide\IdePort3 89F04638
Device \Driver\atapi \Device\Ide\IdePort4 89F04638
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-14 89F04638
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 89F04638
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Processes - GMER 1.0.15 ----
Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [1544] 0x10000000
Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\system32\taskmgr.exe [1688] 0x10000000
Library C:\WINDOWS\system32\sgvrfy32.exe (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [2840] 0x00400000
Library C:\WINDOWS\system32\vdorctrl.dll (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [2840] 0x10000000
Library C:\WINDOWS\system32\cmproxfr.dll (*** hidden *** ) @ C:\WINDOWS\system32\sgvrfy32.exe [2840] 0x00E80000
Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ O:\Sales\SBurke\Downloads\Geeks\gmer.exe [3288] 0x10000000
Library C:\WINDOWS\system32\vdorctrl.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3508] 0x10000000
Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3508] 0x024E0000
Library C:\WINDOWS\system32\svrltmgr.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3580] 0x10000000
Library C:\WINDOWS\system32\svrltwp.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3580] 0x02700000
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
OTL Extras logfile created on: 1/23/2010 8:03:28 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = O:\Sales\SBurke\Downloads\Geeks
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 32.33 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 273.40 Gb Total Space | 165.71 Gb Free Space | 60.61% Space Free | Partition Type: NTFS
Drive O: | 543.88 Gb Total Space | 169.24 Gb Free Space | 31.12% Space Free | Partition Type: NTFS
Computer Name: SBURKE1733
Current User Name: sburke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"2468:TCP" = 2468:TCP:*:Enabled:System Event Dispatcher
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"65124:TCP" = 65124:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"1832:TCP" = 1832:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"2468:TCP" = 2468:TCP:*:Enabled:System Event Dispatcher
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"1832:TCP" = 1832:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"\\dbserver\epicor\prgs91d\bin\prowin32.exe" = \\dbserver\epicor\prgs91d\bin\prowin32.exe:*:Enabled:prowin32
"C:\WINDOWS\TIREMOTE\wuser32.exe" = C:\WINDOWS\TIREMOTE\wuser32.exe:*:Enabled:Track-It! Remote Control -- (Intuit Track-It!)
"C:\WINDOWS\TIREMOTE\TIRemoteService.exe" = C:\WINDOWS\TIREMOTE\TIRemoteService.exe:*:Enabled:Track-It! Workstation Manager -- (Numara Software, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0AC7DF16-E500-40C0-91C5-563616063037}" = DWGeditor
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{53183B25-FBDC-4B95-856A-DCDD69DFEE18}" = Intel® PRO Alerting Agent
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{867DA348-D324-4764-AA7B-FF491E83DD1F}" = Xerox Corporation Wide Format Scan Service
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69411C0-8D66-4F9C-B6D6-9ED2FB89D0E4}" = eDrawings 2008
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Access 2000 Bible" = Access 2000 Bible
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Gadwin PrintScreen" = Gadwin PrintScreen
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lotus NotesSQL 2.06 driver" = Lotus NotesSQL 2.06 driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manufacturing by Epicor" = Manufacturing by Epicor
"Manufacturing Systems client " = Manufacturing Systems client
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfficeScanNT" = Trend Micro Client/Server Security Agent
"PROGRESS 9.1D Shared Network Installation" = PROGRESS 9.1D Shared Network Installation
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SmartDraw 6" = SmartDraw 6
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/13/2010 7:52:23 AM | Computer Name = SBURKE1733 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.
Error - 1/13/2010 7:53:17 AM | Computer Name = SBURKE1733 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.
Error - 1/13/2010 10:12:59 AM | Computer Name = SBURKE1733 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winproj.exe, version 11.3.2009.1108, stamp 4968495f,
faulting module x5500pcl.dll, version 1.0.0.18, stamp 40ec7add, debug? 0, fault
address 0x00002302.
Error - 1/18/2010 4:37:50 PM | Computer Name = SBURKE1733 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winproj.exe, version 11.3.2009.1108, stamp 4968495f,
faulting module x5500pcl.dll, version 1.0.0.18, stamp 40ec7add, debug? 0, fault
address 0x00002302.
Error - 1/19/2010 1:40:58 PM | Computer Name = SBURKE1733 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 1/21/2010 4:46:27 PM | Computer Name = SBURKE1733 | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Software Installation failed
to execute. Please look for any errors reported earlier by that extension.
Error - 1/21/2010 4:47:15 PM | Computer Name = SBURKE1733 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 1/21/2010 5:19:19 PM | Computer Name = SBURKE1733 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 1/21/2010 5:20:40 PM | Computer Name = SBURKE1733 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
Error - 1/22/2010 11:21:40 AM | Computer Name = SBURKE1733 | Source = MsiInstaller | ID = 11306
Description = Product: Crystal Reports 10 -- Error 1306. Another application has
exclusive access to the file 'C:\program files\common files\crystal decisions\2.5\bin\crexcel_en.xla'.
Please shut down all other applications, then click Retry.
[ System Events ]
Error - 1/22/2010 5:34:38 PM | Computer Name = SBURKE1733 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).
Error - 1/22/2010 7:56:10 PM | Computer Name = SBURKE1733 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
iaStor
Error - 1/23/2010 8:52:24 AM | Computer Name = SBURKE1733 | Source = TermServDevices | ID = 1111
Description = Driver HP LaserJet 2300 Series PCL 5e required for printer West_HPLJ2300
is unknown. Contact the administrator to install the driver before you log in again.
Error - 1/23/2010 8:52:24 AM | Computer Name = SBURKE1733 | Source = TermServDevices | ID = 1111
Description = Driver HP Officejet Pro K550 Series required for printer HP Officejet
Pro K550 Series is unknown. Contact the administrator to install the driver before
you log in again.
Error - 1/23/2010 8:52:24 AM | Computer Name = SBURKE1733 | Source = TermServDevices | ID = 1111
Description = Driver HP Photosmart C3100 series required for printer HP Photosmart
C3100 series is unknown. Contact the administrator to install the driver before
you log in again.
Error - 1/23/2010 8:52:47 AM | Computer Name = SBURKE1733 | Source = TermServDevices | ID = 1111
Description = Driver PDFCreator required for printer PDFCreator is unknown. Contact
the administrator to install the driver before you log in again.
Error - 1/23/2010 8:53:46 AM | Computer Name = SBURKE1733 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000004, parameter2 0000001c, parameter3
00000001, parameter4 80502386.
Error - 1/23/2010 8:54:13 AM | Computer Name = SBURKE1733 | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\printserver\Sales
Color,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error
5.
Error - 1/23/2010 8:54:19 AM | Computer Name = SBURKE1733 | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\printserver\Finance,LocalOnly
driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 5.
Error - 1/23/2010 8:54:19 AM | Computer Name = SBURKE1733 | Source = Print | ID = 22
Description = Failed to ugrade printer settings for printer \\printserver\Copy Room,LocalOnly
driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 5.
< End of report >
OTL logfile created on: 1/23/2010 8:03:10 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = O:\Sales\SBurke\Downloads\Geeks
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.41 Gb Total Space | 32.33 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 273.40 Gb Total Space | 165.71 Gb Free Space | 60.61% Space Free | Partition Type: NTFS
Drive O: | 543.88 Gb Total Space | 169.24 Gb Free Space | 31.12% Space Free | Partition Type: NTFS
Computer Name: SBURKE1733
Current User Name: sburke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - File not found -- C:\WINDOWS\System32\sgvrfy32.exe
PRC - [2010/01/23 07:57:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- O:\Sales\SBurke\Downloads\Geeks\OTL.exe
PRC - [2010/01/21 11:59:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/18 08:05:43 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/29 20:58:54 | 00,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2009/06/02 15:54:44 | 00,935,208 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
PRC - [2009/05/22 16:14:52 | 01,325,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
PRC - [2009/05/22 16:12:44 | 01,262,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
PRC - [2009/03/10 20:06:38 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
PRC - [2009/03/10 20:05:06 | 00,685,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
PRC - [2008/04/13 19:12:43 | 00,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 19:12:32 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/20 03:42:23 | 00,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2007/01/23 02:58:04 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
========== Modules (SafeList) ==========
MOD - File not found -- C:\WINDOWS\System32\svrltmgr.dll
MOD - [2010/01/23 07:57:45 | 00,547,328 | ---- | M] (OldTimer Tools) -- O:\Sales\SBurke\Downloads\Geeks\OTL.exe
MOD - [2008/04/13 19:12:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 19:12:02 | 00,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 19:12:02 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 19:12:02 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 19:12:01 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 19:12:01 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 19:11:52 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 19:11:51 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- -- (System Event Dispatcher)
SRV - [2010/01/21 11:59:51 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/22 16:14:52 | 01,325,128 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/05/22 16:12:44 | 01,262,888 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/03/10 20:06:38 | 00,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw)
SRV - [2009/03/10 20:05:06 | 00,685,320 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/06/02 11:02:37 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/07/11 08:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/01/23 02:58:04 | 00,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2006/07/27 16:16:54 | 00,579,072 | ---- | M] (Numara Software, Inc.) [Disabled | Stopped] -- C:\WINDOWS\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
SRV - [2006/07/27 16:05:18 | 00,311,374 | ---- | M] (Intuit Track-It!) [Disabled | Stopped] -- C:\WINDOWS\TIREMOTE\wuser32.exe -- (TIRmtCtl)
SRV - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2004/08/11 16:11:27 | 00,295,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2004/02/10 09:40:14 | 00,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2004/02/10 09:40:10 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080525
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\SBurke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1212089889000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://sbs2003/viewe...tivexviewer.cab (Crystal Report Viewer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://epicortraini...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.2 192.168.16.45
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Mid-StateMachine.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: Ipxadgif - {CE03C942-6B65-40D4-BD24-475C44720870} - C:\WINDOWS\System32\vdorctrl.dll File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/SBurke/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 16:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 14 Days ==========
File not found -- C:\WINDOWS\System32\wzodlg32.dll
File not found -- C:\WINDOWS\System32\vdorctrl.dll
File not found -- C:\WINDOWS\System32\svrltwp.dll
File not found -- C:\WINDOWS\System32\svrltmgr.dll
File not found -- C:\WINDOWS\System32\sgvrfy32.exe
File not found -- C:\WINDOWS\System32\cmproxfr.dll
[2010/01/22 16:42:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/22 16:39:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/22 08:09:07 | 00,000,000 | ---D | C] -- O:\Sales\SBurke\Misc backup 012209
[2010/01/21 15:31:48 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\SBurke\Recent
[2010/01/21 13:10:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/21 13:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/21 12:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/01/21 10:44:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/22 02:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/02 11:12:19 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2004/08/11 16:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
File not found -- C:\WINDOWS\System32\wzodlg32.dll
File not found -- C:\WINDOWS\System32\vdorctrl.dll
File not found -- C:\WINDOWS\System32\svrltwp.dll
File not found -- C:\WINDOWS\System32\svrltmgr.dll
File not found -- C:\WINDOWS\System32\sgvrfy32.exe
File not found -- C:\WINDOWS\System32\cmproxfr.dll
[2010/01/23 07:52:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 07:22:05 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-143763752-3781861490-4224076503-1269UA.job
[2010/01/23 05:14:52 | 00,015,107 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/01/23 03:22:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-143763752-3781861490-4224076503-1269Core.job
[2010/01/22 18:55:04 | 00,000,031 | ---- | M] () -- C:\tmuninst.ini
[2010/01/22 18:54:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 18:54:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 16:40:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\NTREGOPT.lnk
[2010/01/22 16:40:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\ERUNT.lnk
[2010/01/22 16:18:59 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\SBurke\NTUSER.DAT
[2010/01/22 16:18:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\SBurke\ntuser.ini
[2010/01/22 10:28:32 | 00,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/22 10:21:45 | 00,007,161 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Services
[2010/01/22 10:16:24 | 00,004,354 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/22 10:16:23 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/01/22 08:41:49 | 00,863,418 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\DWG D-HC-13210-C03 Rev 2.pdf
[2010/01/21 16:12:52 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/21 16:12:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/21 16:12:52 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2010/01/21 15:44:23 | 00,000,836 | ---- | M] () -- O:\Sales\SBurke\cc_20100121_153928.reg
[2010/01/21 15:37:07 | 00,003,862 | ---- | M] () -- O:\Sales\SBurke\cc_20100121_153212.reg
[2010/01/20 16:57:26 | 00,294,912 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSJ Inner Support Ring_1_20_10.mpp
[2010/01/20 10:07:09 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_20_10 rings_qty 64_PSJ.mpp
[2010/01/19 18:35:08 | 00,160,256 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_19_09rings_qty64.mpp
[2010/01/19 15:12:32 | 00,161,280 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_18_09rings.mpp
[2010/01/19 12:53:52 | 04,700,584 | -H-- | M] () -- C:\Documents and Settings\SBurke\Local Settings\Application Data\IconCache.db
[2010/01/18 12:48:12 | 00,000,310 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\Quote report.url
[2010/01/18 11:06:31 | 00,278,528 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_18_09bar.mpp
[2010/01/18 10:17:38 | 00,161,280 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_13_09rings.mpp
[2010/01/18 10:17:37 | 00,209,920 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_13_09.mpp
[2010/01/15 13:55:48 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\13-10 Body rework charges_MSM_1_15_10_NOV.xls
[2010/01/15 13:34:12 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\13-10 Body welding charges_MSM_1_15_10_SB.xls
[2010/01/13 07:37:06 | 00,174,592 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings_1_13_10.mpp
[2010/01/12 21:09:21 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\Attachment A - Cameron Mid-State Machine Shop RFQ 12022009_ref8774.xls
[2010/01/12 12:42:33 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSJ SUB.xls
[2010/01/11 18:22:31 | 00,000,185 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\Customer Supplied Material Not Received.url
[2010/01/11 18:22:21 | 00,048,128 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\PSJ open orders_1_11_10.xls
[2010/01/11 17:32:12 | 00,000,292 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\Open orders.url
[2010/01/11 13:59:12 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\Mid-State additional charges as of 12_08_09_PSJ Stators_DEC needs (6).xls
[2010/01/11 11:50:33 | 00,082,463 | ---- | M] () -- C:\Documents and Settings\SBurke\Desktop\test.xps
========== Files Created - No Company Name ==========
[2010/01/22 16:40:51 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\NTREGOPT.lnk
[2010/01/22 16:40:51 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\ERUNT.lnk
[2010/01/22 08:41:49 | 00,863,418 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\DWG D-HC-13210-C03 Rev 2.pdf
[2010/01/21 15:41:32 | 00,000,836 | ---- | C] () -- O:\Sales\SBurke\cc_20100121_153928.reg
[2010/01/21 15:32:35 | 00,003,862 | ---- | C] () -- O:\Sales\SBurke\cc_20100121_153212.reg
[2010/01/20 16:14:02 | 00,294,912 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSJ Inner Support Ring_1_20_10.mpp
[2010/01/20 09:46:05 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_20_10 rings_qty 64_PSJ.mpp
[2010/01/19 18:35:08 | 00,160,256 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_19_09rings_qty64.mpp
[2010/01/18 10:18:02 | 00,278,528 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_18_09bar.mpp
[2010/01/18 10:17:48 | 00,161,280 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_18_09rings.mpp
[2010/01/18 10:17:37 | 00,209,920 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_13_09.mpp
[2010/01/18 10:17:37 | 00,161,280 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings 1_13_09rings.mpp
[2010/01/15 13:52:15 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\13-10 Body rework charges_MSM_1_15_10_NOV.xls
[2010/01/15 13:28:36 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\13-10 Body welding charges_MSM_1_15_10_SB.xls
[2010/01/13 07:19:26 | 00,174,592 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSM Hook Rings_1_13_10.mpp
[2010/01/13 03:17:11 | 00,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/12 21:08:05 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\Attachment A - Cameron Mid-State Machine Shop RFQ 12022009_ref8774.xls
[2010/01/12 12:42:33 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSJ SUB.xls
[2010/01/11 17:33:07 | 00,048,128 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\PSJ open orders_1_11_10.xls
[2010/01/11 13:59:12 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\Mid-State additional charges as of 12_08_09_PSJ Stators_DEC needs (6).xls
[2010/01/11 11:50:23 | 00,082,463 | ---- | C] () -- C:\Documents and Settings\SBurke\Desktop\test.xps
[2009/10/13 14:58:27 | 00,005,735 | ---- | C] () -- C:\WINDOWS\cfgspyrt.ini
[2009/10/13 14:58:25 | 00,006,619 | ---- | C] () -- C:\WINDOWS\cfgrt.ini
[2009/03/09 17:43:40 | 00,005,832 | ---- | C] () -- C:\WINDOWS\cfgspyps.ini
[2009/03/09 17:43:39 | 00,006,684 | ---- | C] () -- C:\WINDOWS\cfgps.ini
[2009/01/27 09:24:22 | 00,000,225 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/01/23 16:33:16 | 00,000,078 | ---- | C] () -- C:\WINDOWS\FXEZQJV.INI
[2008/07/21 11:31:23 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\nmcpusym.dll
[2008/06/24 16:00:17 | 00,006,559 | ---- | C] () -- C:\Documents and Settings\SBurke\Application Data\PrimoPDFSet.xml
[2008/06/24 16:00:16 | 00,000,224 | ---- | C] () -- C:\Documents and Settings\SBurke\Application Data\APUSet.xml
[2008/06/24 15:59:15 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/06/02 15:54:59 | 00,003,865 | ---- | C] () -- C:\WINDOWS\cfgrt_ex.ini
[2008/06/02 12:24:04 | 00,015,107 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/06/02 11:12:19 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\dwlGina2.dll
[2008/06/02 11:12:17 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2008/06/02 11:07:14 | 00,309,248 | ---- | C] () -- C:\WINDOWS\System32\erramchk.dll
[2008/06/02 11:02:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/06/02 10:59:18 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/06/02 10:42:32 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/02 10:42:31 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/06/02 10:42:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008/05/30 08:26:57 | 00,000,151 | ---- | C] () -- C:\WINDOWS\System32\IC32.INI
[2008/05/25 15:36:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/25 15:34:27 | 00,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/25 15:16:13 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/05/25 15:15:15 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/28 04:03:32 | 00,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll
[2007/01/23 02:45:40 | 00,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2004/08/11 16:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/20 12:25:36 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2008/06/30 07:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/07/10 11:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epicor
[2008/12/17 13:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/06/02 12:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\DassaultSystemes
[2008/06/17 13:36:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\DWGeditor
[2008/06/17 14:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\Fuji Xerox
[2008/06/02 12:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\InterTrust
[2009/11/25 10:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\SmartDraw
[2009/09/04 12:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SBurke\Application Data\webex
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2001/05/24 11:59:30 | 00,127,472 | ---- | M] () -- C:\UNWISE.EXE
< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/30 11:20:39 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/30 11:20:39 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\System32\drivers\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/30 11:20:39 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/30 11:20:39 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 01:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 20:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2007/12/03 20:11:04 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\drivers\storage\R173412\IaStor.sys
[2007/12/03 20:11:04 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\i386\iaStor.sys
[2007/12/03 20:11:04 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\WINDOWS\System32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
File not found Unable to obtain MD5 -- C:\WINDOWS\System32\cmproxfr.dll
[2010/01/05 05:00:20 | 00,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/01/05 05:00:21 | 00,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/01/05 05:00:24 | 00,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
File not found Unable to obtain MD5 -- C:\WINDOWS\System32\svrltmgr.dll
File not found Unable to obtain MD5 -- C:\WINDOWS\System32\svrltwp.dll
File not found Unable to obtain MD5 -- C:\WINDOWS\System32\vdorctrl.dll
File not found Unable to obtain MD5 -- C:\WINDOWS\System32\wzodlg32.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >