Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Slow on bootup and sound device keeps getting removed

Started by sandstore , Nov 25 2010 05:41 AM

  • Please log in to reply

#1
sandstore
Posted 25 November 2010 - 05:41 AM

sandstore

    New Member

  • Member
  • Pip
  • 9 posts
There is no malware, virus or rootkit that I am aware of. i.e. always have used symantic endpoint protection, have run mbam and ccleaner. This looks like the proper place to start. As I boot, the boot process takes a long time, perhaps 3-5 minutes (used to be much quicker). Sometimes I get this error, upon boot - Generic Host Process for Win32 fails. Another issue I'm having is that the on board sound was getting disabled when the computer was in use, I would re-install the device drivers and it would work for a short while only. So, I installed a sound card and now the sound card is starting to get disabled. Here is the OTL log file, please let me know if you need more information:

OTL Extras logfile created on: 11/25/2010 4:06:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2280 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.46 Gb Total Space | 20.25 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive F: | 43.58 Gb Total Space | 16.17 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

Computer Name: SANDSTORE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nomad VPN Client\Extranet.exe" = C:\Program Files\Nomad VPN Client\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3FC0833E-073C-4D5D-A046-74BC32358CB3}" = GroupWise Messenger
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{49C27FB0-CEEF-4A11-8114-0BFE336D3884}" = Symantec Endpoint Protection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{60bd8fdd-270a-4126-bd2e-272bfbb2670b}" = Nero 9
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Support
"{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}" = 2d3 SteadyMove for Adobe Premiere Pro
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9A93A85-1997-4381-8979-4B0BB28AEBC7}" = GroupWise
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF846FB-AEA4-49AC-94DA-7333EA4B846C}" = Broadcom NetXtreme II Driver Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nomad 2.1 VPN Client
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-5)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F7DCA96F-03F2-4274-B11D-C307B070F15B}" = NetIdentity 1.2.1
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"Barbie® Digital Makeover™" = Barbie® Digital Makeover™
"Barbie™ Beauty Boutique™ CD-ROM" = Barbie™ Beauty Boutique™ CD-ROM
"Barbie™ Fashion Show™ CD-ROM" = Barbie™ Fashion Show™ CD-ROM
"Canon MP460 User Registration" = Canon MP460 User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Clue" = Clue
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creatures 2" = Creatures 2 Deluxe
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney Toontown Online" = Disney Toontown Online
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"FLV Player" = FLV Player 2.0 (build 25)
"GWMLTO" = GroupWise Internet Browser Mail Integration
"HijackThis" = HijackThis 2.0.2
"Hollywood FX" = Pinnacle Hollywood FX
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"IntMgmt" = Insight Management Agent
"Jimmy Neutron vs. Jimmy Negatron" = Jimmy Neutron vs. Jimmy Negatron
"lightdog.com 5.00" = lightdog.com 5.00
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MB912dem" = Math Blaster Ages 9-12 Demo
"MBMdemo" = Math Blaster Mystery Demo
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Office Live Meeting" = Microsoft Office Live Meeting
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpDKey" = Operation
"Oregon Trail II" = Oregon Trail II
"Picasa 3" = Picasa 3
"RB9_12" = Reading Blaster Ages 9-12
"RealVNC_is1" = VNC Free Edition 4.1.3
"Secret Agent™ Barbie™" = Secret Agent™ Barbie™
"Tux Paint_is1" = Tux Paint 0.9.19
"Videora iPod Converter" = Videora iPod Converter 4.01
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.01
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"Zoo Tycoon 2" = Zoo Tycoon 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"Let's Just Play Challenge Tracker" = Let's Just Play Challenge Tracker
"Move Media Player" = Move Media Player
"mpowerplayer" = mpowerplayer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2010 6:41:00 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (2100) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:00 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (2100) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:10 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3556) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:10 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3556) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:20 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3556) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:20 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3556) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:30 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3252) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:30 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3252) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:40 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3252) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:40 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3252) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 11/23/2010 9:08:08 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL ShldDrv

Error - 11/23/2010 9:52:46 PM | Computer Name = SANDSTORE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/24/2010 3:45:52 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 11/24/2010 3:47:19 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 11/24/2010 7:03:06 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 11/25/2010 1:45:22 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7000
Description = The DVC 150B service failed to start due to the following error: %%1058

Error - 11/25/2010 1:46:43 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL ShldDrv

Error - 11/25/2010 6:31:33 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 11/25/2010 6:34:56 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 11/25/2010 6:44:03 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >
  • 0

Advertisements

#2
sandstore
Posted 28 November 2010 - 10:11 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Is this the correct place to post this issue for assistance? Let me know if it not? Do you see anything in log file that is suspect?

Thanks,
  • 0

#3
kahdah
Posted 29 November 2010 - 01:15 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi can you post the OTL.txt and your gmer (antirootkit) log.
Thank you.
  • 0

#4
sandstore
Posted 29 November 2010 - 06:33 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Repost - Here is the OTL log file, please let me know if you need more information:

OTL Extras logfile created on: 11/25/2010 4:06:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2280 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.46 Gb Total Space | 20.25 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive F: | 43.58 Gb Total Space | 16.17 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

Computer Name: SANDSTORE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nomad VPN Client\Extranet.exe" = C:\Program Files\Nomad VPN Client\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3FC0833E-073C-4D5D-A046-74BC32358CB3}" = GroupWise Messenger
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{49C27FB0-CEEF-4A11-8114-0BFE336D3884}" = Symantec Endpoint Protection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{60bd8fdd-270a-4126-bd2e-272bfbb2670b}" = Nero 9
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Support
"{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}" = 2d3 SteadyMove for Adobe Premiere Pro
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B67624DE-75CE-4FAD-9F29-5C115773CE61}" = Studio 9 Content CD/DVD
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9A93A85-1997-4381-8979-4B0BB28AEBC7}" = GroupWise
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}" = HP Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF846FB-AEA4-49AC-94DA-7333EA4B846C}" = Broadcom NetXtreme II Driver Installer
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nomad 2.1 VPN Client
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.4-5)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F7DCA96F-03F2-4274-B11D-C307B070F15B}" = NetIdentity 1.2.1
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"Barbie® Digital Makeover™" = Barbie® Digital Makeover™
"Barbie™ Beauty Boutique™ CD-ROM" = Barbie™ Beauty Boutique™ CD-ROM
"Barbie™ Fashion Show™ CD-ROM" = Barbie™ Fashion Show™ CD-ROM
"Canon MP460 User Registration" = Canon MP460 User Registration
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Clue" = Clue
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creatures 2" = Creatures 2 Deluxe
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney Toontown Online" = Disney Toontown Online
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"FLV Player" = FLV Player 2.0 (build 25)
"GWMLTO" = GroupWise Internet Browser Mail Integration
"HijackThis" = HijackThis 2.0.2
"Hollywood FX" = Pinnacle Hollywood FX
"Hollywood FX 5.5 Additional Effects" = Hollywood FX 5.5 Additional Effects
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}" = Soccer Mania
"IntMgmt" = Insight Management Agent
"Jimmy Neutron vs. Jimmy Negatron" = Jimmy Neutron vs. Jimmy Negatron
"lightdog.com 5.00" = lightdog.com 5.00
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MB912dem" = Math Blaster Ages 9-12 Demo
"MBMdemo" = Math Blaster Mystery Demo
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Office Live Meeting" = Microsoft Office Live Meeting
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpDKey" = Operation
"Oregon Trail II" = Oregon Trail II
"Picasa 3" = Picasa 3
"RB9_12" = Reading Blaster Ages 9-12
"RealVNC_is1" = VNC Free Edition 4.1.3
"Secret Agent™ Barbie™" = Secret Agent™ Barbie™
"Tux Paint_is1" = Tux Paint 0.9.19
"Videora iPod Converter" = Videora iPod Converter 4.01
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader App" = YouTube Downloader App 1.01
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"Zoo Tycoon 2" = Zoo Tycoon 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"Let's Just Play Challenge Tracker" = Let's Just Play Challenge Tracker
"Move Media Player" = Move Media Player
"mpowerplayer" = mpowerplayer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2010 6:41:00 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (2100) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:00 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (2100) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:10 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3556) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:10 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3556) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:20 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3556) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:20 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3556) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:30 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3252) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:30 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3252) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 11/25/2010 6:41:40 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 489
Description = wuauclt (3252) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 11/25/2010 6:41:40 AM | Computer Name = SANDSTORE | Source = ESENT | ID = 455
Description = wuaueng.dll (3252) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 11/23/2010 9:08:08 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL ShldDrv

Error - 11/23/2010 9:52:46 PM | Computer Name = SANDSTORE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 11/24/2010 3:45:52 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 11/24/2010 3:47:19 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 11/24/2010 7:03:06 PM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 11/25/2010 1:45:22 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7000
Description = The DVC 150B service failed to start due to the following error: %%1058

Error - 11/25/2010 1:46:43 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL ShldDrv

Error - 11/25/2010 6:31:33 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 11/25/2010 6:34:56 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 11/25/2010 6:44:03 AM | Computer Name = SANDSTORE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >
  • 0

#5
sandstore
Posted 29 November 2010 - 06:39 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
gmer (rootkit) log, I see the Panda software (still lingers)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-29 17:36:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.8.01
Running: ri8p3jwe.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgrdrpob.sys


---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

---- EOF - GMER 1.0.15 ----
  • 0

#6
kahdah
Posted 29 November 2010 - 07:28 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi what you posted its the extra's.txt I mean that here is a text file next to the extras text here > C:\Downloads\OTL.txt.
I need to see the other one :D
  • 0

#7
sandstore
Posted 01 December 2010 - 07:01 AM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL logfile created on: 11/25/2010 4:06:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2280 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.46 Gb Total Space | 20.25 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive F: | 43.58 Gb Total Space | 16.17 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

Computer Name: SANDSTORE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/25 04:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/10/30 17:31:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/30 17:31:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/26 09:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/22 10:12:16 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/22 10:12:16 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/09/22 10:12:16 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/22 10:12:16 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/03/21 18:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003/12/17 14:50:22 | 000,040,960 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe
PRC - [2003/10/14 16:38:28 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\Novell\xtagent.exe
PRC - [2003/08/22 13:01:30 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\COMPAQ\Compaq Management Agents\Chkadmin.exe
PRC - [2003/08/22 12:59:06 | 000,512,000 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/05/08 10:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/04/07 16:38:56 | 000,090,112 | ---- | M] (Compaq) -- C:\Compaq\EAKDRV\EAUSBKBD.exe
PRC - [2003/04/03 19:29:04 | 000,434,176 | ---- | M] (HP Company) -- C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe
PRC - [2003/04/01 21:50:14 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\BttnServ.exe
PRC - [2003/02/13 15:11:32 | 000,212,992 | ---- | M] () -- C:\Program Files\COMPAQ\Easy Access Button Support\CpqEAKSystemTray.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/04/11 11:33:46 | 000,215,552 | ---- | M] (Intel) -- C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe


========== Modules (SafeList) ==========

MOD - [2010/11/25 04:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2003/10/03 13:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (TPSrv)
SRV - File not found [Disabled | Stopped] -- -- (PSIMSVC)
SRV - File not found [Disabled | Stopped] -- -- (PNMSRV)
SRV - File not found [Disabled | Stopped] -- -- (PAVSRV)
SRV - File not found [Disabled | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (PAVFNSVR)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/09/22 10:12:16 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/22 10:12:16 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/22 10:12:16 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2003/10/14 16:38:28 | 000,061,440 | ---- | M] (Novell, Inc.) [On_Demand | Running] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent)
SRV - [2003/08/22 13:01:38 | 000,020,480 | ---- | M] (Compaq Computer Corporation) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi)
SRV - [2003/08/22 12:59:06 | 000,512,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe -- (CPQALERT)
SRV - [2003/08/11 01:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/04/11 11:33:46 | 000,215,552 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\C.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010/09/28 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101124.051\navex15.sys -- (NAVEX15)
DRV - [2010/09/28 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101124.051\naveng.sys -- (NAVENG)
DRV - [2010/06/10 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/15 13:35:18 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/12/06 15:18:19 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/22 10:12:18 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/09/22 10:12:18 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/09/22 10:12:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/22 10:12:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/09/22 10:12:14 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/09/22 10:12:14 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/10/14 17:13:08 | 000,111,360 | ---- | M] (Panda Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2005/10/06 12:27:36 | 000,040,064 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2005/10/06 12:26:58 | 000,027,264 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2005/09/30 09:29:20 | 000,017,664 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2005/09/21 18:08:44 | 000,009,984 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2005/09/21 18:08:06 | 000,164,480 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2005/09/21 18:07:50 | 000,029,824 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2005/08/29 14:23:30 | 000,026,752 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/14 14:22:04 | 000,008,832 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2005/06/13 16:51:40 | 000,071,424 | ---- | M] (Panda Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/04 13:12:10 | 000,379,488 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 09:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/03/29 04:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/11 14:49:44 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004/01/08 08:54:32 | 000,163,856 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2003/11/14 11:50:28 | 000,031,924 | ---- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DVC150B.sys -- (DVC150)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/03 15:23:44 | 000,055,960 | ---- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt)
DRV - [2002/08/28 16:00:54 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2002/04/30 23:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2002/04/30 23:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2002/04/22 14:50:14 | 000,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:38 | 000,128,000 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n100325.sys -- (N100)
DRV - [2001/08/17 13:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 12:13:14 | 000,046,108 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5)
DRV - [2001/08/17 05:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [1999/10/30 05:35:08 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.sys -- (EAWDMFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CMozillaFirebird-0.7%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 17:31:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 17:31:10 | 000,000,000 | ---D | M]

[2010/04/26 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/11/24 21:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions
[2010/04/29 21:59:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 04:09:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/14 04:09:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/19 06:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\[email protected]
[2010/11/24 21:42:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 09:37:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/28 09:37:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/02/19 13:42:24 | 000,289,675 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9978 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ChkAdmin] C:\Program Files\COMPAQ\Compaq Management Agents\Chkadmin.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe (Compaq Computer Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.goldenram...detect.cab?5944 (PCPitstop Utility)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwlc.ops.pl...quicksilver.cab (Quicksilver Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1272491893307 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7869.9798032407 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\nim {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll (Novell, Inc.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - avldr.dll (Panda Software)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\System32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/27 08:04:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\Shell\AutoRun\command - "" = G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\Shell\open\command - "" = G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/25 03:43:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/25 03:38:16 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/25 03:38:16 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/25 01:29:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500UA.job
[2010/11/24 23:06:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500Core1cb8165d97dd260.job
[2010/11/24 23:05:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/24 22:43:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 22:28:05 | 000,001,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/11/24 07:25:34 | 000,000,089 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2010/11/23 23:15:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/21 22:30:24 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ServicePracticumPaper.doc
[2010/11/21 22:12:34 | 000,018,568 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_Adia.odt
[2010/11/21 22:12:10 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_newest_doc.odt
[2010/11/20 17:59:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/18 08:44:35 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nieto_Chapter5-8 QUIZ.doc
[2010/11/17 16:40:26 | 000,036,542 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Novell on Novell.odp
[2010/11/17 15:54:42 | 001,455,375 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_science_paper.odt
[2010/11/10 18:06:35 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 17:49:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/09 08:03:40 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Algonquian Indians Oral Report Hannah's.doc
[2010/11/08 07:30:54 | 000,075,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Contract_Justine_Sanders.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 07:38:45 | 000,001,736 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/11/21 22:12:34 | 000,018,568 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_Adia.odt
[2010/11/21 22:12:10 | 000,018,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_newest_doc.odt
[2010/11/18 09:36:45 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ServicePracticumPaper.doc
[2010/11/18 08:11:42 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nieto_Chapter5-8 QUIZ.doc
[2010/11/17 16:40:25 | 000,036,542 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Novell on Novell.odp
[2010/11/17 15:54:41 | 001,455,375 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_science_paper.odt
[2010/11/10 23:01:15 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500Core1cb8165d97dd260.job
[2010/11/08 07:30:54 | 000,075,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Contract_Justine_Sanders.pdf
[2010/11/01 20:22:44 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Algonquian Indians Oral Report Hannah's.doc
[2010/04/26 05:21:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/20 11:13:55 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/06/20 11:13:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2009/06/20 11:00:28 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/02/08 20:14:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/12 21:07:52 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\.mpid
[2008/02/18 20:13:57 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/02/18 20:13:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/10/16 16:45:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/05/30 07:06:18 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2007/04/12 14:56:19 | 000,004,699 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/28 21:23:55 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/16 16:49:52 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/06 15:48:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/17 19:39:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/12/09 11:20:13 | 000,107,456 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.DLL
[2006/11/23 13:31:36 | 000,002,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/18 23:34:55 | 000,001,023 | ---- | C] () -- C:\WINDOWS\opera.ini
[2006/06/13 17:04:58 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2006/06/13 15:21:05 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2006/06/13 14:37:19 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2005/11/24 10:54:21 | 000,026,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\ShldDrv.sys
[2005/04/17 17:48:49 | 000,000,788 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/28 23:42:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/03/12 22:12:20 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/10 18:01:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/21 18:46:00 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PodUtil Preferences
[2005/02/20 22:20:50 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/02/20 22:16:23 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/20 22:00:28 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005/02/12 11:50:49 | 000,000,515 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/01/22 11:24:31 | 000,000,442 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/11/18 11:06:12 | 000,020,736 | ---- | C] () -- C:\WINDOWS\shgrsdrv.dll
[2004/11/11 12:51:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/11 12:08:31 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2004/11/09 14:34:29 | 000,000,089 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2004/07/09 09:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/04/15 05:59:50 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/28 12:53:16 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ikey.ini
[2004/01/28 12:53:15 | 000,040,960 | R--- | C] () -- C:\WINDOWS\LoadDll.dll
[2004/01/28 12:52:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/01/14 23:37:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\sversion.ini
[2003/08/02 11:45:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/28 18:04:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/03/26 09:47:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003/03/24 23:39:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/24 15:25:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/04 14:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[1999/08/07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2010/04/19 19:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2010/10/24 08:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2004/01/28 13:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/06/16 08:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007/10/05 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LEGO Media
[2010/08/09 19:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Let's Just Play Challenge Tracker
[2010/04/28 16:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009/07/24 17:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2007/01/06 15:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2010/04/12 16:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUpMedia
[2008/03/18 07:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuxPaint
[2010/04/23 15:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/04/28 14:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wireshark
[2007/06/28 16:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
[2007/01/06 15:44:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/07 07:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2005/02/20 20:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/06 15:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/10/14 13:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/29 13:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2005/12/17 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2010/04/20 20:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/23 16:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 18:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/15 07:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/12 09:32:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#8
kahdah
Posted 01 December 2010 - 07:21 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I assume that you have tried to remove Panda software?

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#9
sandstore
Posted 01 December 2010 - 08:10 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yes, I thought the Panda annoying software was gone. I thought with the uninstall it would be completely gone, guess not.

Here's the report file from the TDSSKiller. Nothing bad was found and no reboot was necessary.

2010/12/01 19:06:35.0448 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 19:06:35.0448 ================================================================================
2010/12/01 19:06:35.0448 SystemInfo:
2010/12/01 19:06:35.0448
2010/12/01 19:06:35.0448 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/01 19:06:35.0448 Product type: Workstation
2010/12/01 19:06:35.0448 ComputerName: SANDSTORE
2010/12/01 19:06:35.0448 UserName: Administrator
2010/12/01 19:06:35.0448 Windows directory: C:\WINDOWS
2010/12/01 19:06:35.0448 System windows directory: C:\WINDOWS
2010/12/01 19:06:35.0448 Processor architecture: Intel x86
2010/12/01 19:06:35.0448 Number of processors: 1
2010/12/01 19:06:35.0448 Page size: 0x1000
2010/12/01 19:06:35.0448 Boot type: Normal boot
2010/12/01 19:06:35.0448 ================================================================================
2010/12/01 19:06:35.0678 Initialize success
2010/12/01 19:06:43.0480 ================================================================================
2010/12/01 19:06:43.0480 Scan started
2010/12/01 19:06:43.0480 Mode: Manual;
2010/12/01 19:06:43.0480 ================================================================================
2010/12/01 19:06:45.0282 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/01 19:06:45.0543 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/01 19:06:45.0793 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/01 19:06:46.0184 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/01 19:06:46.0434 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/01 19:06:46.0694 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/01 19:06:46.0935 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/01 19:06:47.0175 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/12/01 19:06:47.0405 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/01 19:06:47.0646 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/01 19:06:47.0886 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/01 19:06:48.0116 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/01 19:06:48.0267 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/01 19:06:48.0507 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/01 19:06:48.0747 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/01 19:06:48.0988 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/01 19:06:49.0218 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/01 19:06:49.0448 APPFLT (b609722a483b09be2b7fad2db15100e2) C:\WINDOWS\system32\Drivers\APPFLT.SYS
2010/12/01 19:06:49.0689 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
2010/12/01 19:06:49.0909 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/01 19:06:50.0139 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/01 19:06:50.0390 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/01 19:06:50.0630 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/01 19:06:50.0900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/01 19:06:51.0281 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys
2010/12/01 19:06:51.0531 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/01 19:06:51.0762 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/01 19:06:52.0122 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/01 19:06:52.0382 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/01 19:06:52.0763 CBEN5 (9060fa1f3ee5c1100ab1d358c3b0996b) C:\WINDOWS\system32\DRIVERS\cben5.sys
2010/12/01 19:06:53.0023 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/01 19:06:53.0294 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/01 19:06:53.0494 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/01 19:06:53.0634 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/01 19:06:53.0865 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/01 19:06:54.0115 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/01 19:06:54.0485 ClntMgmt (b8473d9aaead1704fe94fe6e6de3594b) C:\WINDOWS\system32\Drivers\ClntMgmt.sys
2010/12/01 19:06:54.0716 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/01 19:06:54.0966 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/01 19:06:55.0166 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/12/01 19:06:55.0397 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/01 19:06:55.0657 cpoint (263fde4feea292b5586389afb2858506) C:\WINDOWS\system32\Drivers\cpoint.sys
2010/12/01 19:06:55.0827 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/01 19:06:56.0088 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/01 19:06:56.0338 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/01 19:06:56.0558 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/01 19:06:56.0809 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/01 19:06:57.0059 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/01 19:06:57.0299 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/01 19:06:57.0530 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/01 19:06:57.0800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/01 19:06:58.0001 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/01 19:06:58.0241 DSAFLT (44ea9a62f441dd01ee2cd68b9084bb45) C:\WINDOWS\system32\Drivers\DSAFLT.SYS
2010/12/01 19:06:58.0521 DVC150 (f7c4761d0dad6199adc69948cb645771) C:\WINDOWS\system32\Drivers\dvc150b.sys
2010/12/01 19:06:58.0762 Eacfilt (fefe6fb7b7d3b5a1261269078101ae9e) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
2010/12/01 19:06:59.0012 eaps2kbd (53ce0799c9384cac99942ff032285f21) C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
2010/12/01 19:06:59.0252 EAWDMFD (e54e3a335b3a03ad0252e50bb92a633c) C:\WINDOWS\system32\drivers\EAWDMFD.sys
2010/12/01 19:06:59.0352 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/01 19:06:59.0593 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
2010/12/01 19:06:59.0683 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/01 19:06:59.0923 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
2010/12/01 19:07:00.0194 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/01 19:07:00.0444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/01 19:07:00.0684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/01 19:07:00.0935 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/01 19:07:01.0195 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/01 19:07:01.0435 FNETMON (98395341037b33f5f2af14a1c18602f6) C:\WINDOWS\system32\Drivers\fnetmon.SYS
2010/12/01 19:07:01.0696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/01 19:07:01.0896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/01 19:07:02.0036 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/01 19:07:02.0277 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/01 19:07:02.0557 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/01 19:07:02.0817 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/01 19:07:03.0098 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/01 19:07:03.0308 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/01 19:07:03.0528 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/01 19:07:03.0779 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/01 19:07:04.0029 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/01 19:07:04.0280 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/01 19:07:04.0540 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/01 19:07:04.0780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/01 19:07:05.0071 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/01 19:07:05.0331 IDSFLT (050001a7f0028abe00261308fa45bc4d) C:\WINDOWS\system32\Drivers\IDSFLT.SYS
2010/12/01 19:07:05.0601 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/12/01 19:07:05.0852 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/01 19:07:06.0102 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/01 19:07:06.0353 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/01 19:07:06.0603 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/01 19:07:06.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/01 19:07:07.0084 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/01 19:07:07.0334 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/01 19:07:07.0574 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/01 19:07:07.0805 IPSECEXT (b066c94f0d447d01fe39df8cbff4d4c3) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2010/12/01 19:07:07.0825 IPSECSHM (b066c94f0d447d01fe39df8cbff4d4c3) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
2010/12/01 19:07:08.0095 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/01 19:07:08.0365 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/01 19:07:08.0646 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/01 19:07:08.0876 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/01 19:07:09.0137 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/01 19:07:09.0367 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/01 19:07:09.0747 Maestro (65fef13327d25bc33af78178365c1412) C:\WINDOWS\system32\drivers\essm2e.sys
2010/12/01 19:07:10.0008 MarvinBus (1ff75994bab460c9b809260dba779cfd) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2010/12/01 19:07:10.0378 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/01 19:07:10.0649 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/01 19:07:10.0839 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/01 19:07:11.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/01 19:07:11.0650 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/01 19:07:11.0911 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/01 19:07:12.0181 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/01 19:07:12.0451 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/01 19:07:12.0722 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/01 19:07:12.0962 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/01 19:07:13.0212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/01 19:07:13.0463 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/01 19:07:13.0733 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/01 19:07:14.0024 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/01 19:07:14.0294 N100 (c7eb926899ff4575b630087ea4c7af61) C:\WINDOWS\system32\DRIVERS\n100325.sys
2010/12/01 19:07:14.0464 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101201.025\NAVENG.SYS
2010/12/01 19:07:14.0614 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101201.025\NAVEX15.SYS
2010/12/01 19:07:14.0885 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/01 19:07:15.0125 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/01 19:07:15.0375 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/01 19:07:15.0606 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/01 19:07:15.0846 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/01 19:07:16.0117 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/01 19:07:16.0387 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/01 19:07:16.0657 netflt (65028a76d18d477d8aedc70956f1924d) C:\WINDOWS\system32\Drivers\NETFLT.SYS
2010/12/01 19:07:16.0908 NETFLTDI (30e9a8726a55bee973cf2d5e87491518) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
2010/12/01 19:07:17.0188 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/12/01 19:07:17.0418 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
2010/12/01 19:07:17.0659 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/01 19:07:17.0929 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/01 19:07:18.0180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/01 19:07:18.0430 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/01 19:07:18.0670 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/01 19:07:18.0911 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/01 19:07:19.0141 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/01 19:07:19.0391 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/01 19:07:19.0642 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/01 19:07:19.0902 PAVDRV (c6957773f1fcf560aa148eaa2c94467c) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
2010/12/01 19:07:20.0192 PavProc (977800242080495ec78c42900e18be14) C:\WINDOWS\system32\DRIVERS\PavProc.sys
2010/12/01 19:07:20.0413 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2010/12/01 19:07:20.0663 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/01 19:07:21.0004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/01 19:07:21.0274 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\System32\drivers\pclepci.sys
2010/12/01 19:07:21.0514 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/01 19:07:22.0396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/01 19:07:22.0626 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/01 19:07:22.0886 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
2010/12/01 19:07:23.0197 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/12/01 19:07:23.0457 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/01 19:07:23.0707 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/01 19:07:23.0948 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/01 19:07:24.0208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/01 19:07:24.0449 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/01 19:07:24.0689 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/01 19:07:24.0909 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/01 19:07:25.0150 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/01 19:07:25.0390 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/01 19:07:25.0640 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/01 19:07:25.0871 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/01 19:07:26.0121 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/01 19:07:26.0381 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/01 19:07:26.0622 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/01 19:07:26.0862 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/01 19:07:27.0102 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/01 19:07:27.0363 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/01 19:07:27.0633 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/01 19:07:27.0863 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/01 19:07:28.0234 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/01 19:07:28.0464 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/01 19:07:28.0885 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/01 19:07:29.0125 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/01 19:07:29.0366 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/01 19:07:29.0626 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/01 19:07:29.0896 ShldDrv (70a9d614174996bbb59afd614d1de943) C:\WINDOWS\system32\drivers\ShldDrv.sys
2010/12/01 19:07:30.0247 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/01 19:07:30.0507 SMSFLT (c1713a69ab995376d1dc5075dac02028) C:\WINDOWS\system32\Drivers\SMSFLT.SYS
2010/12/01 19:07:30.0768 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/01 19:07:31.0038 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/01 19:07:31.0158 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/01 19:07:31.0409 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/01 19:07:31.0669 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/01 19:07:31.0929 SRTSP (5e4985a84f13abf5727bed3c50bd7031) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/12/01 19:07:32.0180 SRTSPL (8117dca2cdf9d11c441c473dc9631655) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/12/01 19:07:32.0430 SRTSPX (5e89104af0dc94b659ea8ec3e66c3eeb) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/12/01 19:07:32.0680 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/01 19:07:32.0921 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/01 19:07:33.0161 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/01 19:07:33.0411 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/01 19:07:33.0662 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/01 19:07:33.0902 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/01 19:07:34.0152 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/01 19:07:34.0393 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/01 19:07:34.0643 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/01 19:07:34.0874 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/01 19:07:35.0124 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/01 19:07:35.0394 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/01 19:07:35.0645 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/01 19:07:35.0895 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/01 19:07:36.0135 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/01 19:07:36.0516 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/01 19:07:36.0776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/01 19:07:37.0017 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/01 19:07:37.0277 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/01 19:07:37.0527 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/01 19:07:37.0728 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/01 19:07:37.0958 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/01 19:07:38.0218 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/01 19:07:38.0459 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/01 19:07:38.0699 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/01 19:07:38.0949 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/01 19:07:39.0200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/01 19:07:39.0440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/01 19:07:39.0690 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/01 19:07:39.0921 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/01 19:07:40.0151 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/01 19:07:40.0391 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/01 19:07:40.0652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/01 19:07:40.0922 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/01 19:07:41.0273 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/01 19:07:41.0523 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
2010/12/01 19:07:41.0844 WNMFLT (048bae2312165a1a6808bcf8e4c8f8ce) C:\WINDOWS\system32\Drivers\WNMFLT.SYS
2010/12/01 19:07:42.0084 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/01 19:07:42.0314 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/01 19:07:42.0565 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/01 19:07:42.0785 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/01 19:07:43.0045 zumbus (763ac56e714907e9d420b9ab694f7b18) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2010/12/01 19:07:43.0276 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/12/01 19:07:43.0506 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/12/01 19:07:43.0646 ================================================================================
2010/12/01 19:07:43.0646 Scan finished
2010/12/01 19:07:43.0646 ================================================================================
  • 0

#10
kahdah
Posted 01 December 2010 - 08:23 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok let's see if we can get rid of Panda then.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
DRV - [2005/10/14 17:13:08 | 000,111,360 | ---- | M] (Panda Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2005/10/06 12:27:36 | 000,040,064 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2005/10/06 12:26:58 | 000,027,264 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2005/09/30 09:29:20 | 000,017,664 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2005/09/21 18:08:44 | 000,009,984 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2005/09/21 18:08:06 | 000,164,480 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2005/09/21 18:07:50 | 000,029,824 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2005/08/29 14:23:30 | 000,026,752 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/14 14:22:04 | 000,008,832 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2005/06/13 16:51:40 | 000,071,424 | ---- | M] (Panda Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [UserFaultCheck] File not found
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - avldr.dll (Panda Software)
O33 - MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\Shell\AutoRun\command - "" = G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found
O33 - MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\Shell\open\command - "" = G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe -- File not found


:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

Advertisements

#11
sandstore
Posted 02 December 2010 - 08:45 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here are the results of the Run Fix with OTL...pretty powerful program.

ll processes killed
========== OTL ==========
Error: Unable to stop service netflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netflt deleted successfully.
C:\WINDOWS\system32\drivers\netflt.sys moved successfully.
Error: Unable to stop service APPFLT!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APPFLT deleted successfully.
C:\WINDOWS\system32\drivers\APPFLT.SYS moved successfully.
Error: Unable to stop service NETFLTDI!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NETFLTDI deleted successfully.
C:\WINDOWS\system32\drivers\netfltdi.sys moved successfully.
Service SMSFLT stopped successfully!
Service SMSFLT deleted successfully!
C:\WINDOWS\system32\drivers\smsflt.sys moved successfully.
Service WNMFLT stopped successfully!
Service WNMFLT deleted successfully!
C:\WINDOWS\system32\drivers\wnmflt.sys moved successfully.
Service IDSFLT stopped successfully!
Service IDSFLT deleted successfully!
C:\WINDOWS\system32\drivers\idsflt.sys moved successfully.
Service DSAFLT stopped successfully!
Service DSAFLT deleted successfully!
C:\WINDOWS\system32\drivers\dsaflt.sys moved successfully.
Service ShldDrv stopped successfully!
Service ShldDrv deleted successfully!
C:\WINDOWS\system32\drivers\ShldDrv.sys moved successfully.
Service cpoint stopped successfully!
Service cpoint deleted successfully!
C:\WINDOWS\system32\drivers\cpoint.sys moved successfully.
Error: Unable to stop service FNETMON!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FNETMON deleted successfully.
C:\WINDOWS\system32\drivers\fnetmon.sys moved successfully.
Error: Unable to stop service PAVDRV!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PAVDRV deleted successfully.
C:\WINDOWS\system32\drivers\pavdrv51.sys moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr\ deleted successfully.
C:\WINDOWS\System32\avldr.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c46f06b-0e67-11de-939e-444553544200}\ not found.
File G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c46f06b-0e67-11de-939e-444553544200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c46f06b-0e67-11de-939e-444553544200}\ not found.
File G:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 166083323 bytes
->Temporary Internet Files folder emptied: 155941863 bytes
->Java cache emptied: 3024475 bytes
->FireFox cache emptied: 100793460 bytes
->Google Chrome cache emptied: 16925372 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3640336 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: New Folder

User: New Folder (2)

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9952181 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2267824166 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 51151 bytes
RecycleBin emptied: 1875872332 bytes

Total Files Cleaned = 4,388.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12022010_191944

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_400.dat not found!

Registry entries deleted on Reboot...
  • 0

#12
kahdah
Posted 03 December 2010 - 06:15 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes it is. :D

Open OTL once more and click on Run scan at the top.
Post the new OTL log that pens and let me know if it is running any better?
  • 0

#13
sandstore
Posted 03 December 2010 - 07:44 AM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It is still slow on bootup and the something still interferes with the sound drivers. Seems to happen when the kids play java based web hosted games on the computer, such as Wizard's 101. Here's the latest OTL.txt file. Thanks again for your time and support.

OTL logfile created on: 12/3/2010 6:34:32 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2280 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.46 Gb Total Space | 23.21 Gb Free Space | 22.01% Space Free | Partition Type: NTFS
Drive F: | 43.58 Gb Total Space | 16.17 Gb Free Space | 37.11% Space Free | Partition Type: NTFS

Computer Name: SANDSTORE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/25 04:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/10/30 17:31:02 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/30 17:31:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/26 09:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/22 10:12:16 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/22 10:12:16 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/09/22 10:12:16 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/22 10:12:16 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/03/21 18:30:00 | 001,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2003/12/17 14:50:22 | 000,040,960 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe
PRC - [2003/10/14 16:38:28 | 000,061,440 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\Novell\xtagent.exe
PRC - [2003/08/22 13:01:30 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\COMPAQ\Compaq Management Agents\Chkadmin.exe
PRC - [2003/08/22 12:59:06 | 000,512,000 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe
PRC - [2003/06/25 11:24:48 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/05/08 10:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2003/04/07 16:38:56 | 000,090,112 | ---- | M] (Compaq) -- C:\Compaq\EAKDRV\EAUSBKBD.exe
PRC - [2003/04/03 19:29:04 | 000,434,176 | ---- | M] (HP Company) -- C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe
PRC - [2003/04/01 21:50:14 | 000,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\BttnServ.exe
PRC - [2003/02/13 15:11:32 | 000,212,992 | ---- | M] () -- C:\Program Files\COMPAQ\Easy Access Button Support\CpqEAKSystemTray.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/04/11 11:33:46 | 000,215,552 | ---- | M] (Intel) -- C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe


========== Modules (SafeList) ==========

MOD - [2010/11/25 04:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2003/10/03 13:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (TPSrv)
SRV - File not found [Disabled | Stopped] -- -- (PSIMSVC)
SRV - File not found [Disabled | Stopped] -- -- (PNMSRV)
SRV - File not found [Disabled | Stopped] -- -- (PAVSRV)
SRV - File not found [Disabled | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (PAVFNSVR)
SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/09/22 10:12:16 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/22 10:12:16 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/22 10:12:16 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/09/22 10:12:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2003/10/14 16:38:28 | 000,061,440 | ---- | M] (Novell, Inc.) [On_Demand | Running] -- C:\WINDOWS\system32\Novell\xtagent.exe -- (XTAgent)
SRV - [2003/08/22 13:01:38 | 000,020,480 | ---- | M] (Compaq Computer Corporation) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi)
SRV - [2003/08/22 12:59:06 | 000,512,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\COMPAQ\Compaq Management Agents\Cpqalert.exe -- (CPQALERT)
SRV - [2003/08/11 01:07:38 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/04/11 11:33:46 | 000,215,552 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -- (TMPassthruMP)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\C.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010/09/28 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101202.048\navex15.sys -- (NAVEX15)
DRV - [2010/09/28 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101202.048\naveng.sys -- (NAVENG)
DRV - [2010/06/10 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/26 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/15 13:35:18 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/10/20 11:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/12/06 15:18:19 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/22 10:12:18 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/09/22 10:12:18 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/09/22 10:12:18 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/22 10:12:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/09/22 10:12:14 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/09/22 10:12:14 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/06/04 13:12:10 | 000,379,488 | R--- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/05/20 09:46:42 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2004/03/29 04:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/11 14:49:44 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004/01/08 08:54:32 | 000,163,856 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2003/11/14 11:50:28 | 000,031,924 | ---- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DVC150B.sys -- (DVC150)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/03 15:23:44 | 000,055,960 | ---- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt)
DRV - [2002/08/28 16:00:54 | 000,137,088 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\essm2e.sys -- (Maestro) ESS Maestro2E Audio Driver (WDM)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2002/04/30 23:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2002/04/30 23:16:52 | 000,114,016 | ---- | M] (Nortel Networks) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2002/04/22 14:50:14 | 000,009,161 | R--- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:38 | 000,128,000 | ---- | M] (Compaq Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n100325.sys -- (N100)
DRV - [2001/08/17 13:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 12:13:14 | 000,046,108 | ---- | M] (Xircom, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cben5.sys -- (CBEN5)
DRV - [2001/08/17 05:48:56 | 000,289,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpab.sys -- (atimpab)
DRV - [1999/10/30 05:35:08 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.sys -- (EAWDMFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgram%20Files%5CMozillaFirebird-0.7%5Csearchplugins%5Cgoogle.src"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 17:31:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 17:31:10 | 000,000,000 | ---D | M]

[2010/04/26 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/12/01 19:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions
[2010/04/29 21:59:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 04:09:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/14 04:09:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/19 06:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xg71iisp.default\extensions\[email protected]
[2010/12/01 19:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 09:37:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/28 09:37:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/02/19 13:42:24 | 000,289,675 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9978 more lines...
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ChkAdmin] C:\Program Files\COMPAQ\Compaq Management Agents\Chkadmin.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe (Compaq Computer Corporation)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.goldenram...detect.cab?5944 (PCPitstop Utility)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwlc.ops.pl...quicksilver.cab (Quicksilver Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ontent/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1272491893307 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7869.9798032407 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...5/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\nim {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll (Novell, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\System32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/27 08:04:45 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{270147ba-2b7b-11de-939f-444553544200}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/02 19:19:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/22 18:30:46 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2010/11/22 18:30:46 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/11/22 18:30:12 | 000,040,832 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2010/11/22 18:30:12 | 000,040,832 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010/11/12 11:46:58 | 004,280,320 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/03 06:29:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500UA.job
[2010/12/03 03:19:32 | 000,441,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/03 03:19:32 | 000,071,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/02 23:06:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500Core1cb8165d97dd260.job
[2010/12/02 19:39:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/02 19:35:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/01 05:58:36 | 000,001,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/11/30 19:24:13 | 000,000,089 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2010/11/29 15:21:54 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/28 21:05:34 | 000,300,469 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cassie_football_picture.odt
[2010/11/27 17:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/23 23:15:12 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/21 22:30:24 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ServicePracticumPaper.doc
[2010/11/21 22:12:34 | 000,018,568 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_Adia.odt
[2010/11/21 22:12:10 | 000,018,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_newest_doc.odt
[2010/11/18 08:44:35 | 000,173,056 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nieto_Chapter5-8 QUIZ.doc
[2010/11/17 16:40:26 | 000,036,542 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Novell on Novell.odp
[2010/11/17 15:54:42 | 001,455,375 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_science_paper.odt
[2010/11/12 11:46:58 | 004,280,320 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/11/10 18:06:35 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/10 17:49:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/09 08:03:40 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Algonquian Indians Oral Report Hannah's.doc
[2010/11/08 07:30:54 | 000,075,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Contract_Justine_Sanders.pdf
[3 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 21:05:33 | 000,300,469 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cassie_football_picture.odt
[2010/11/24 07:38:45 | 000,001,736 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/11/21 22:12:34 | 000,018,568 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_Adia.odt
[2010/11/21 22:12:10 | 000,018,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_newest_doc.odt
[2010/11/18 09:36:45 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ServicePracticumPaper.doc
[2010/11/18 08:11:42 | 000,173,056 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nieto_Chapter5-8 QUIZ.doc
[2010/11/17 16:40:25 | 000,036,542 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Novell on Novell.odp
[2010/11/17 15:54:41 | 001,455,375 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Cassie_science_paper.odt
[2010/11/10 23:01:15 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2512828683-2750084866-171971703-500Core1cb8165d97dd260.job
[2010/11/08 07:30:54 | 000,075,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Contract_Justine_Sanders.pdf
[2010/04/26 05:21:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2009/10/20 11:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/20 11:13:55 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2009/06/20 11:13:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\downloads.m3u
[2009/06/20 11:00:28 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/02/08 20:14:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/12 21:07:52 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\.mpid
[2008/02/18 20:13:57 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/02/18 20:13:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/10/16 16:45:50 | 000,000,075 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/05/30 07:06:18 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2007/04/12 14:56:19 | 000,004,699 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/03/28 21:23:55 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/16 16:49:52 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/01/06 15:48:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/17 19:39:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/12/09 11:20:13 | 000,107,456 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.DLL
[2006/11/23 13:31:36 | 000,002,656 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/07/18 23:34:55 | 000,001,023 | ---- | C] () -- C:\WINDOWS\opera.ini
[2006/06/13 17:04:58 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2006/06/13 15:21:05 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2006/06/13 14:37:19 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2005/04/17 17:48:49 | 000,000,788 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/28 23:42:07 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/03/12 22:12:20 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/03/10 18:01:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/21 18:46:00 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PodUtil Preferences
[2005/02/20 22:20:50 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2005/02/20 22:16:23 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/20 22:00:28 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2005/02/12 11:50:49 | 000,000,515 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/01/22 11:24:31 | 000,000,442 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/11/18 11:06:12 | 000,020,736 | ---- | C] () -- C:\WINDOWS\shgrsdrv.dll
[2004/11/11 12:51:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/11/11 12:08:31 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2004/11/09 14:34:29 | 000,000,089 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2004/07/09 09:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004/04/15 05:59:50 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\master.dll
[2004/03/18 08:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/28 12:53:16 | 000,000,470 | ---- | C] () -- C:\WINDOWS\ikey.ini
[2004/01/28 12:53:15 | 000,040,960 | R--- | C] () -- C:\WINDOWS\LoadDll.dll
[2004/01/28 12:52:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/01/14 23:37:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\sversion.ini
[2003/08/02 11:45:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/28 18:04:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2003/03/26 09:47:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2003/03/24 23:39:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/24 15:25:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/10/04 14:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[1999/08/07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/11/10 15:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

#14
kahdah
Posted 03 December 2010 - 01:21 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok does it only happen with Java based games or overall?
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
SRV - File not found [Disabled | Stopped] -- -- (TPSrv)
SRV - File not found [Disabled | Stopped] -- -- (PSIMSVC)
SRV - File not found [Disabled | Stopped] -- -- (PNMSRV)
SRV - File not found [Disabled | Stopped] -- -- (PAVSRV)
SRV - File not found [Disabled | Stopped] -- -- (PavPrSrv)
SRV - File not found [Disabled | Stopped] -- -- (PAVFNSVR)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2004/01/08 08:54:32 | 000,163,856 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.

You are welcome :D
  • 0

#15
sandstore
Posted 03 December 2010 - 06:08 PM

sandstore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I really don't know if it's the java based games only that kills that sound drivers. What I did to try overcome this issue, is I added a sound card to avoid the onboard sound. Thanks again for your help.

========== OTL ==========
Service TPSrv stopped successfully!
Service TPSrv deleted successfully!
Service PSIMSVC stopped successfully!
Service PSIMSVC deleted successfully!
Service PNMSRV stopped successfully!
Service PNMSRV deleted successfully!
Service PAVSRV stopped successfully!
Service PAVSRV deleted successfully!
Service PavPrSrv stopped successfully!
Service PavPrSrv deleted successfully!
Service PAVFNSVR stopped successfully!
Service PAVFNSVR deleted successfully!
Service AvFlt stopped successfully!
Service AvFlt deleted successfully!
File C:\WINDOWS\System32\drivers\av5flt.sys not found.
Error: Unable to stop service PavProc!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc deleted successfully.
C:\WINDOWS\system32\drivers\PavProc.sys moved successfully.

OTL by OldTimer - Version 3.2.17.3 log created on 12032010_170252
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP