Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

backdoor.tidserv.I!inf help remove

Started by tammy4dj , Oct 21 2010 08:02 AM

  • Please log in to reply

#1
tammy4dj
Posted 21 October 2010 - 08:02 AM

tammy4dj

    New Member

  • Member
  • Pip
  • 8 posts
Please help me remove. Norton has detected but repair failed, quarantine failed and access denied. I have 2 infections showing when I scan.

Edited by tammy4dj, 21 October 2010 - 08:03 AM.

  • 0

Advertisements

#2
RKinner
Posted 21 October 2010 - 09:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.



If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
tammy4dj
Posted 21 October 2010 - 12:03 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4904

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/21/2010 1:32:49 PM
mbam-log-2010-10-21 (13-32-49).txt

Scan type: Quick scan
Objects scanned: 167083
Time elapsed: 42 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Tammy\Local Settings\Temp\Muwa.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tammy\Local Settings\Temp\esentutl64.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tammy\Local Settings\Temp\mschrt20ex.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
  • 0

#4
tammy4dj
Posted 21 October 2010 - 12:09 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
When I used the first gmer link listed, my computer went to a blue screen when I clicked scan. I turned it off and back on and I got this Microsoft error.


The system has recovered from a serious error.


Error signature
BCCode : 1000007f BCP1 : 0000000D BCP2 : 00000000 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1


technical information
The following will be included in the error report.
C:\DOCUME~1\Tammy\LOCALS~1\Temp\WER08c6.dir00\Mini102110-01.dmp
C:\DOCUME~1\Tammy\LOCALS~1\Temp\WER08c6.dir00\sysdata.xml

Edited by tammy4dj, 21 October 2010 - 12:11 PM.

  • 0

#5
tammy4dj
Posted 21 October 2010 - 12:10 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I went back to the webpage and used the second link, and it is scanning now.
  • 0

#6
tammy4dj
Posted 21 October 2010 - 12:47 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-21 14:45:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Tammy\LOCALS~1\Temp\pxroapoc.sys


---- System - GMER 1.0.15 ----

SSDT 82E0E090 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF89B3760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8049F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE[1044] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 027455A0
.text C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE[1044] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 027452B0
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009555A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1316] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 009552B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00B255A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1456] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00B252B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 0351885E C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 03518818 C:\Program Files\STOPzilla!\SZIEBHO.dll (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35272E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3526F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35263B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E352675 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352769 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352944 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 036D55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2284] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 036D52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[2784] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00AD55A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\WINDOWS\System32\alg.exe[2784] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00AD52B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3072] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 017655A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3072] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 017652B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3496] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02D355A0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3496] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02D352B0 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL (STOPzilla Support Library/iS3, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#7
tammy4dj
Posted 21 October 2010 - 01:01 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL logfile created on: 10/21/2010 2:49:28 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Tammy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.63 Gb Total Space | 14.78 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: D17S1P71 | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 14:47:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
PRC - [2008/11/20 17:22:46 | 000,157,120 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2008/10/23 11:03:42 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2008/09/19 18:45:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/11 17:22:14 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2008/02/11 17:22:14 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2008/02/11 17:22:14 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/23 12:13:40 | 000,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
PRC - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2004/10/14 20:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/10/21 14:47:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/10/23 11:03:42 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2008/09/19 18:45:08 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (automatic liveupdate scheduler)
SRV - [2008/02/21 18:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (liveupdate)
SRV - [2008/02/11 17:22:14 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2008/02/11 17:22:14 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/23 12:13:40 | 000,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/12/19 20:41:56 | 000,198,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/11/03 20:06:21 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e8052beb.sys -- (e8052beb)
DRV - [2010/09/29 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101021.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101021.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/15 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/04 07:53:51 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/03/11 20:15:27 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/08 14:27:30 | 000,049,664 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2008/09/19 18:24:50 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/09/12 03:33:21 | 000,250,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20090311.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/10/01 14:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/01 14:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/01 14:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/01 14:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/01 14:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/01 14:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/04/09 20:44:52 | 000,391,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/03 17:35:36 | 000,013,824 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2006/02/14 13:00:00 | 002,392,224 | ---- | M] (HAURI, Inc. 1998-2003) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vrcore.sys -- (VRcore)
DRV - [2005/12/19 20:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 20:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/06/07 20:39:04 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/11/14 12:00:00 | 000,058,880 | ---- | M] (HAURI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vrfil.sys -- (VRFIL)
DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/16 04:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 05:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 05:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 05:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2007/09/22 18:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/12/23 10:06:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2007/09/22 18:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/12/23 10:06:34 | 000,000,000 | ---D | M]

[2005/07/15 18:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\ttz4n40w.default\extensions
[2005/07/15 18:55:24 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\ttz4n40w.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/06 08:13:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/22 17:51:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2007/09/22 17:51:25 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/15 18:26:00 | 000,041,573 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2005/09/15 18:26:00 | 000,048,223 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2005/09/15 18:26:00 | 000,160,871 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2005/03/01 07:10:00 | 000,832,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2005/09/15 18:26:00 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2005/09/15 18:26:00 | 000,000,735 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2005/09/15 18:26:00 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2005/09/15 18:26:00 | 000,000,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2005/09/15 18:26:00 | 000,000,557 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.png
[2005/09/15 18:26:00 | 000,000,692 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dictionary.src
[2005/09/15 18:26:00 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2005/09/15 18:26:00 | 000,001,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2005/09/15 18:26:00 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2005/09/15 18:26:00 | 000,000,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2005/09/15 18:26:00 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2005/09/15 18:26:00 | 000,001,098 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2007/09/22 16:56:44 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O2 - BHO: () - {38E77F01-89FC-44f5-B3AB-11DDEB791947} - C:\Program Files\FrontierSH\SrchHelp\frSrcAs.dll (Frontier)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (FrontierBA BHO) - {A93A3CC1-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll (Frontier)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (&Frontier Browser Assistant) - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll (Frontier)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Frontier Browser Assistant) - {A93A3CC9-BA23-4D0D-9440-6A0148362B7E} - C:\Program Files\FrontierBA\BrowserAssistant\fbabar.dll (Frontier)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NAV CfgWiz] C:\Program Files\Norton AntiVirus\CfgWiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [NetscapeClient] File not found
O4 - HKLM..\Run: [OSCD_Creator] c:\dell\MEDIAEXE\PreODM.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\RunOnce: [OSCD_Creator] c:\Dell\MediaExe\PreODM.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll (iS3 & AVG Exploit Prevention Labs, Inc.)
O15 - HKCU\..Trusted Domains: frontier.com ([webmail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3c9d-426d-81df-aab636fa4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://ssl.mhplasti...a.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://ssl.mhplasticsusa.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://ssl.mhplasti...a.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...8.59/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tammy\Desktop\Bears.png
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55182706186649600)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/21 14:47:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/10/21 13:50:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/21 12:28:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/21 12:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/11 08:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\I SPY - Treasure Hunt
[2010/10/06 11:26:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Zuzu
[2010/10/05 13:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/10/05 13:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Twisted Lands - Shadow Town Collector's Edition
[2010/10/05 12:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mystic Gateways - The Celestial Quest
[2010/10/04 15:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\FlyWheelGames
[2010/10/04 15:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Incredible Adventures of my Mom
[2010/10/03 14:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Artifex Mundi
[2010/09/30 14:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Vogat Interactive
[2010/09/29 15:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Floodlight Games
[2010/09/29 15:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/09/29 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\James Patterson Women's Murder Club - Little Black Lies
[2010/09/20 13:36:37 | 000,000,000 | ---D | C] -- C:\bin
[2010/09/20 13:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/20 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/09/15 12:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery P.I. - Stolen in San Francisco
[2010/09/14 13:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Gamers Digital
[2010/09/14 13:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/09/13 13:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Ten Heavens
[2010/09/12 08:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\license_files
[2010/09/09 13:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\TOMI2.THE GATES OF FATE
[2010/09/08 11:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\Attorney
[2010/09/07 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\I Spy Spooky Mansion Deluxe
[2010/09/07 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\I Spy Fantasy
[2010/09/07 12:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Escape from Frankensteins Castle
[2010/09/07 10:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/09/05 11:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\quickclick
[2010/08/31 12:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\YoudaGames
[2010/08/30 09:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Elephant Games
[2010/08/30 09:07:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lost in the City - Post Scriptum
[2010/08/29 14:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Application Data\Specialbit
[2010/08/26 13:54:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\Football
[2010/08/24 09:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammy\Desktop\resume
[2010/08/15 18:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\Jewel Quest Heritage
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/21 14:47:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tammy\Desktop\OTL.exe
[2010/10/21 13:53:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 13:50:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 13:33:45 | 000,001,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/10/21 12:27:43 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\NTREGOPT.lnk
[2010/10/21 12:27:43 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\ERUNT.lnk
[2010/10/21 10:52:58 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.doc
[2010/10/20 13:23:29 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Breakdown.doc
[2010/10/18 14:46:17 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Service Advisor RV job.doc
[2010/10/18 12:16:21 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Fax coversheet.doc
[2010/10/17 15:26:44 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\jobs.doc
[2010/10/15 09:48:02 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 15:56:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/11 08:44:09 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play I SPY - Treasure Hunt.lnk
[2010/10/11 07:55:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/10 14:36:19 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Microsoft Word.lnk
[2010/10/09 13:59:13 | 000,161,847 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\PT housekeeping.pdf
[2010/10/07 10:38:21 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 10:38:21 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 15:11:33 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Incredible Adventures of my Mom.lnk
[2010/10/01 21:06:24 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Tammy.job
[2010/09/29 14:46:00 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play James Patterson Women's Murder Club - Little Black Lies.lnk
[2010/09/26 12:10:59 | 000,532,561 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\lcps.pdf
[2010/09/22 08:54:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/09/20 13:47:50 | 000,117,088 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2010/09/20 13:36:44 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2010/09/20 13:34:41 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2010/09/20 13:32:24 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/20 13:31:49 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2010/09/20 13:31:24 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/09/18 12:11:16 | 000,302,940 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\verizon.pdf
[2010/09/15 12:29:43 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery P.I. - Stolen in San Francisco.lnk
[2010/09/15 12:10:50 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/09/15 12:10:50 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/09/14 09:32:22 | 000,075,291 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\fed gov salary.pdf
[2010/09/13 11:15:17 | 000,175,485 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\2010 General Schedule (GS) Locality Pay Tables.mht
[2010/09/12 15:13:40 | 000,110,413 | ---- | M] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/09/09 09:41:59 | 000,083,755 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.pdf
[2010/09/07 13:23:33 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play I Spy Spooky Mansion Deluxe.lnk
[2010/09/07 13:00:33 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play I Spy Fantasy.lnk
[2010/09/01 19:59:46 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\ROBERT YOKLEY WC INFO.doc
[2010/08/27 09:21:12 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tammy\Desktop\~$mmy Yokley.doc
[2010/08/27 09:16:06 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Tammy\Desktop\~$jobs.doc
[2010/08/26 15:06:31 | 000,012,622 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.jpg
[2010/08/26 15:03:00 | 000,011,578 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\us.jpg
[2010/08/23 10:15:26 | 000,130,142 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Bears.png
[2010/08/19 08:48:21 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley 2.doc
[2010/08/17 12:34:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\interview questions.doc
[2010/08/17 12:01:32 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\Tammy\Desktop\jobs1.doc
[2010/08/15 18:37:39 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Jewel Quest Heritage.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\Tammy\Desktop\*.tmp files -> C:\Documents and Settings\Tammy\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 12:27:43 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\NTREGOPT.lnk
[2010/10/21 12:27:43 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\ERUNT.lnk
[2010/10/18 14:46:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Service Advisor RV job.doc
[2010/10/11 08:44:09 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play I SPY - Treasure Hunt.lnk
[2010/10/09 13:59:12 | 000,161,847 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\PT housekeeping.pdf
[2010/10/07 11:26:21 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Breakdown.doc
[2010/10/04 15:11:33 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Incredible Adventures of my Mom.lnk
[2010/09/29 14:46:00 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play James Patterson Women's Murder Club - Little Black Lies.lnk
[2010/09/26 12:10:58 | 000,532,561 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\lcps.pdf
[2010/09/22 08:54:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/09/22 08:22:18 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Fax coversheet.doc
[2010/09/20 13:36:44 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2010/09/20 13:34:41 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2010/09/20 13:32:24 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/09/20 13:31:49 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Express.lnk
[2010/09/20 13:31:24 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/09/20 13:14:45 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/09/18 12:11:16 | 000,302,940 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\verizon.pdf
[2010/09/15 12:29:43 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Mystery P.I. - Stolen in San Francisco.lnk
[2010/09/15 12:10:50 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/09/15 12:10:50 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Manager.lnk
[2010/09/14 09:32:22 | 000,075,291 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\fed gov salary.pdf
[2010/09/13 11:15:13 | 000,175,485 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\2010 General Schedule (GS) Locality Pay Tables.mht
[2010/09/12 15:08:57 | 000,117,088 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/09/09 09:41:59 | 000,083,755 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.pdf
[2010/09/07 13:23:33 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play I Spy Spooky Mansion Deluxe.lnk
[2010/09/07 13:00:24 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play I Spy Fantasy.lnk
[2010/08/27 09:21:12 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tammy\Desktop\~$mmy Yokley.doc
[2010/08/27 09:16:06 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Tammy\Desktop\~$jobs.doc
[2010/08/26 15:06:31 | 000,012,622 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.jpg
[2010/08/26 15:03:20 | 000,011,578 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\us.jpg
[2010/08/23 10:15:39 | 000,130,142 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Bears.png
[2010/08/19 08:48:19 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley 2.doc
[2010/08/17 12:34:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\interview questions.doc
[2010/08/17 12:01:40 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\jobs.doc
[2010/08/17 12:01:31 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\jobs1.doc
[2010/08/16 18:02:49 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Tammy\Desktop\Tammy Yokley.doc
[2010/08/15 18:37:39 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Jewel Quest Heritage.lnk
[2010/01/20 22:12:58 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/11 20:03:09 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/31 19:35:20 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\PFP120JPR.{PB
[2009/01/31 19:35:20 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Tammy\Application Data\PFP120JCM.{PB
[2008/10/16 17:43:32 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/09/28 14:37:03 | 001,042,116 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/09/19 18:21:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Unsetup.INI
[2008/04/06 16:22:21 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/13 09:38:06 | 000,000,059 | ---- | C] () -- C:\WINDOWS\sview.ini
[2007/12/29 12:54:34 | 000,018,545 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/29 12:54:24 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/01/16 11:00:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/05 15:07:23 | 000,000,382 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/06/16 19:18:10 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tammy\Local Settings\Application Data\fusioncache.dat
[2005/06/16 18:52:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/12 17:51:58 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2005/06/11 16:28:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/06/11 16:23:03 | 000,000,675 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2005/06/11 15:45:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/06/07 20:50:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/07 20:13:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/06/07 20:13:16 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:51:35 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 13:51:35 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 13:51:35 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 13:51:35 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 13:51:35 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/03 23:59:44 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/06/30 00:57:28 | 000,125,472 | ---- | C] () -- C:\WINDOWS\System32\hpf9xdr0.drv
[1999/01/04 14:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 03:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2010/10/05 13:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/01/28 09:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2010/01/31 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2010/09/29 15:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2010/09/14 13:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital
[2010/08/30 10:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/01/23 17:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Green Clover Games
[2010/01/02 21:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intenium
[2010/02/24 09:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/02/19 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/12/22 20:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/02/27 19:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/09/07 12:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/03/28 16:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2007/03/18 16:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/05/19 16:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/01/10 19:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit
[2009/04/07 16:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/21 14:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/31 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/14 12:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/03 16:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Mirror Mysteries
[2008/02/01 12:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/29 14:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2010/02/07 12:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\2monkeys
[2010/10/03 14:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Artifex Mundi
[2010/03/30 16:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Artogon
[2009/01/28 09:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Ascentive
[2010/06/05 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\AzuazGames
[2010/01/31 14:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\BanzaiInteractive
[2008/08/04 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\BloodTies
[2010/08/31 07:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Boomzap
[2010/01/01 20:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\BrokenHearts
[2009/03/31 17:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Coyotes Tale
[2010/08/30 09:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Elephant Games
[2010/02/27 19:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\ERS G-Studio
[2010/09/29 15:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Floodlight Games
[2010/10/04 15:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\FlyWheelGames
[2010/02/27 19:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Frogwares
[2010/06/12 18:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Fugazo
[2009/10/17 11:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\funkitron
[2010/09/14 13:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Gamers Digital
[2010/01/23 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Gold Casual Games
[2010/01/23 17:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Green Clover Games
[2010/03/07 16:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\HdO Adventure
[2009/01/01 19:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\IOMediaSupport6SZZ001s
[2009/01/21 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\iWin
[2009/12/31 16:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Jetsetter
[2009/11/01 11:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\KlickTock
[2010/02/13 11:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\LaJangada
[2010/06/05 18:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\LegacyInteractive
[2010/02/08 20:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\MA
[2010/02/19 12:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Merscom
[2010/03/04 16:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\MysteryStudio
[2007/09/22 18:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Netscape
[2010/01/09 10:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Orneon
[2010/09/07 12:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PlayFirst
[2010/03/28 16:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\PoBros
[2010/06/05 16:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\QB9
[2010/09/05 11:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\quickclick
[2007/06/18 16:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\SBTT
[2010/10/11 09:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Scholastic
[2007/04/15 14:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\School Zone Preferences
[2008/10/25 18:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\SecretIslandEng
[2010/08/29 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Specialbit
[2009/01/01 19:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Spinapse
[2009/01/04 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Suspects and Clues Players
[2009/01/01 19:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Suspects and Clues Prefs
[2010/09/13 13:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Ten Heavens
[2010/01/17 18:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\TheFixerUpper
[2008/08/02 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\TheScruffs
[2010/09/09 13:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\TOMI2.THE GATES OF FATE
[2010/02/20 18:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\TripleHippo
[2010/02/08 19:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Virtual Prophecy
[2010/09/30 14:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Vogat Interactive
[2007/06/24 15:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Wildfire
[2009/03/16 19:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Yahoov1005
[2010/08/31 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\YoudaGames
[2010/10/07 09:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammy\Application Data\Zuzu

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/01 16:10:07 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.bak
[2008/02/01 16:10:07 | 000,000,786 | ---- | M] () -- C:\administrativeInfo.dbf
[2008/02/01 16:10:07 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.bak
[2008/02/01 16:10:07 | 000,007,680 | ---- | M] () -- C:\albumImagesTable.cdx
[2008/02/01 16:10:07 | 000,000,424 | ---- | M] () -- C:\albumImagesTable.dbf
[2008/02/01 16:10:07 | 000,000,584 | ---- | M] () -- C:\albumTable.bak
[2008/02/01 16:10:07 | 000,004,608 | ---- | M] () -- C:\albumTable.cdx
[2008/02/01 16:10:07 | 000,000,584 | ---- | M] () -- C:\albumTable.dbf
[2006/04/06 07:53:26 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/04/06 07:53:26 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/11 07:55:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/02/20 19:09:01 | 000,000,000 | ---- | M] () -- C:\CB_Server_Errors.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/06/07 20:17:42 | 000,004,914 | RH-- | M] () -- C:\dell.sdr
[2008/02/01 16:10:07 | 000,000,488 | ---- | M] () -- C:\EXIFTable.bak
[2008/02/01 16:10:07 | 000,003,072 | ---- | M] () -- C:\EXIFTable.cdx
[2008/02/01 16:10:07 | 000,000,488 | ---- | M] () -- C:\EXIFTable.dbf
[2010/09/10 09:05:53 | 000,000,049 | RHS- | M] () -- C:\HBEPGUID.TXT
[2008/02/01 16:10:07 | 000,000,936 | ---- | M] () -- C:\imageTable.bak
[2008/02/01 16:10:07 | 000,009,216 | ---- | M] () -- C:\imageTable.cdx
[2008/02/01 16:10:07 | 000,000,936 | ---- | M] () -- C:\imageTable.dbf
[2008/02/01 16:10:07 | 000,000,512 | ---- | M] () -- C:\imageTable.fpk
[2008/02/01 16:10:07 | 000,000,512 | ---- | M] () -- C:\imageTable.fpt
[2005/06/16 19:23:41 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/03/11 20:51:33 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2008/02/13 09:02:25 | 000,002,703 | -H-- | M] () -- C:\IPH.PH
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.bak
[2008/02/01 16:10:07 | 000,006,144 | ---- | M] () -- C:\keywordImagesTable.cdx
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\keywordImagesTable.dbf
[2008/02/01 16:10:07 | 000,000,456 | ---- | M] () -- C:\keywordTable.bak
[2008/02/01 16:10:07 | 000,004,608 | ---- | M] () -- C:\keywordTable.cdx
[2008/02/01 16:10:07 | 000,000,456 | ---- | M] () -- C:\keywordTable.dbf
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\managedFolderTable.bak
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\managedFolderTable.dbf
[2010/06/06 20:55:27 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/14 11:31:03 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2005/06/07 20:11:42 | 000,000,016 | -H-- | M] () -- C:\osinfo.ENG
[2010/10/21 13:49:51 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/02/01 16:10:07 | 000,000,424 | ---- | M] () -- C:\pathnameTable.bak
[2008/02/01 16:10:07 | 000,004,608 | ---- | M] () -- C:\pathnameTable.cdx
[2008/02/01 16:10:07 | 000,000,424 | ---- | M] () -- C:\pathnameTable.dbf
[2008/02/01 16:10:07 | 000,000,456 | ---- | M] () -- C:\propertiesTable.bak
[2008/02/01 16:10:07 | 000,003,072 | ---- | M] () -- C:\propertiesTable.cdx
[2008/02/01 16:10:07 | 000,000,456 | ---- | M] () -- C:\propertiesTable.dbf
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.bak
[2008/02/01 16:10:07 | 000,006,144 | ---- | M] () -- C:\ROFImagesTable.cdx
[2008/02/01 16:10:07 | 000,000,360 | ---- | M] () -- C:\ROFImagesTable.dbf
[2008/02/01 16:10:07 | 000,000,392 | ---- | M] () -- C:\ROFTable.bak
[2008/02/01 16:10:07 | 000,003,072 | ---- | M] () -- C:\ROFTable.cdx
[2008/02/01 16:10:07 | 000,000,392 | ---- | M] () -- C:\ROFTable.dbf
[2007/05/28 17:24:00 | 000,007,923 | ---- | M] () -- C:\SSPPPoE.log
[2008/09/28 16:07:28 | 074,164,970 | ---- | M] () -- C:\SYM_REGISTRY_BACKUP.reg
[2005/06/07 20:39:35 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/09/08 12:38:09 | 000,000,835 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 19:56:59

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A504B9
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35FAD15D
@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E17A249
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D86EE01
@Alternate Data Stream - 232 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8F070C2
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3B5F2D1
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD83DC4
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBCB4421
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29063FF
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B4B9596
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48A983C
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AF262FC
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7BF72D
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:054F0F17
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9AC04F
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0ABC3
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1181620C
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0588E665
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:700B9342
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57176330
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5080697C
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FA72FF8
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C5EC3CD
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36FFA2FB
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FBC1F9
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8CB831A
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC6A54A8
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71004506
@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B64F7263
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90B52091
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C678471
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5F85065
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:817F0659
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2865730
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2512FA90
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D9D48F
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE9F4320
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55BB2521
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29629382
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1EEB23AD
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F41E22A9
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC3B090
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:117CB2DF
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:548AE60C
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1316EAD4
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54D5DB8A
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49D185
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51E1A4D8
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CBB9ED6
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5707532
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A7527E8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:386B39C3
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:689E7F7D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C73962F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1786630
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0757AAB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E176731
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6D6E537
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:848CC150
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C186F20B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C039C6AC
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3196E8D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DF54B62
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9EE6560D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91DEEE71
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC8FFA4E
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F14D1F80
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95198126

< End of report >
  • 0

#8
tammy4dj
Posted 21 October 2010 - 01:02 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 10/21/2010 2:49:28 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Tammy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.63 Gb Total Space | 14.78 Gb Free Space | 43.94% Space Free | Partition Type: NTFS

Computer Name: D17S1P71 | User Name: Tammy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\GameHouse\Solitaire\Solitaire.exe" = C:\Program Files\GameHouse\Solitaire\Solitaire.exe:*:Enabled:Super Solitaire -- File not found
"C:\DOCUME~1\Tammy\LOCALS~1\Temp\4_pinnew.exe" = C:\DOCUME~1\Tammy\LOCALS~1\Temp\4_pinnew.exe:*:Enabled:Enabled -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{14374623-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier: Accountant Edition 2005
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{19829DF7-0187-4945-9DD7-21F1E9D0847D}" = Cuddevision
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4231B6F3-DB31-499F-9B58-4241CD0E0B1B}" = STOPzilla
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49D2596B-BE78-4A41-9A1E-AF6E4222D06E}" = Frontier Browser Assistant
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C4A977B-EA9B-47B3-AD4C-4EDE7ADECB30}" = Frontier Search Helper
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{e80f62ff-5d3c-4a19-8409-9721f2928206}" = LiveUpdate (Symantec Corporation)
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F325CF11-27CE-4872-8022-6E9EB27DF24F}" = NAVShortcut
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FECAB720-D996-4479-A9DB-21C25ECA8A54}" = SymNet
"Accelerated" = PeoplePC Accelerated
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"BFG-3 Cards to Dead Time" = 3 Cards to Dead Time
"BFG-Annie's Millions" = Annie's Millions
"BFG-Apparitions - Kotsmine Hills" = Apparitions: Kotsmine Hills
"BFGC" = Big Fish Games: Game Manager
"BFG-Hidden Identity - Chicago Blackout" = Hidden Identity: Chicago Blackout
"BFG-I SPY - Treasure Hunt" = I SPY: Treasure Hunt
"BFG-I Spy Fantasy" = I Spy Fantasy
"BFG-I Spy Mystery" = I SPY ™ Mystery
"BFG-I Spy Spooky Mansion Deluxe" = I SPY ™ Spooky Mansion Deluxe
"BFG-Incredible Adventures of my Mom" = Incredible Adventures of my Mom
"BFG-James Patterson Women's Murder Club - Little Black Lies" = James Patterson Women's Murder Club: Little Black Lies
"BFG-Jewel Quest Heritage" = Jewel Quest Heritage
"BFG-Mystery P.I. - Stolen in San Francisco" = Mystery P.I.: Stolen in San Francisco
"BFG-The Lost Cases of 221B Baker St" = The Lost Cases of 221B Baker St.
"BFG-Time Riddles - The Mansion" = Time Riddles: The Mansion
"BFG-Treasure Seekers - Follow the Ghosts" = Treasure Seekers: Follow the Ghosts
"BFG-Twisted Lands - Shadow Town Collector's Edition" = Twisted Lands: Shadow Town Collector's Edition
"BFG-World Mosaics 3 - Fairy Tales" = World Mosaics 3 - Fairy Tales
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Disney's Toontown Online" = Disney's Toontown Online
"EfntSSDSL" = Siemens SpeedStream DSL
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Magic Ball 2 Spring Time" = Magic Ball 2 Spring Time (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (1.0.7)" = Mozilla Firefox (1.0.7)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"psuedoliveupdate" = LiveUpdate (Symantec Corporation)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Snail Mail" = Snail Mail
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006 (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 11:01:05 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/19/2010 11:01:20 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/19/2010 11:01:20 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/19/2010 11:01:20 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/19/2010 11:01:21 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/19/2010 11:01:21 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/19/2010 11:01:21 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/19/2010 11:01:21 AM | Computer Name = D17S1P71 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/20/2010 10:56:34 AM | Computer Name = D17S1P71 | Source = Application Error | ID = 1000
Description = Faulting application msmsgs.exe, version 4.7.0.3001, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 10/21/2010 1:58:34 PM | Computer Name = D17S1P71 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17091, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/21/2010 1:12:14 PM | Computer Name = D17S1P71 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 10/21/2010 1:12:16 PM | Computer Name = D17S1P71 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the liveupdate service to
connect.

Error - 10/21/2010 1:38:08 PM | Computer Name = D17S1P71 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 10/21/2010 1:43:47 PM | Computer Name = D17S1P71 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 10/21/2010 1:43:51 PM | Computer Name = D17S1P71 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the liveupdate service to
connect.

Error - 10/21/2010 1:51:53 PM | Computer Name = D17S1P71 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 10/21/2010 1:53:52 PM | Computer Name = D17S1P71 | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 10/21/2010 2:07:50 PM | Computer Name = D17S1P71 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/21/2010 2:07:53 PM | Computer Name = D17S1P71 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 10/21/2010 2:31:20 PM | Computer Name = D17S1P71 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
  • 0

#9
tammy4dj
Posted 21 October 2010 - 01:07 PM

tammy4dj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, Ron, for taking the time to help me, I have tried everything that I know to do.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP