Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit Infection MBR:\\.\PhysicalDrive0 F

Started by dslackman , Mar 30 2011 01:15 PM

  • This topic is locked This topic is locked

#1
dslackman
Posted 30 March 2011 - 01:15 PM

dslackman

    New Member

  • Member
  • Pip
  • 7 posts
Hi all,
We inadvertently clicked on a bad web site & picked up a virus. I ran Avast Bootscan several times & MalwareBytes to cleanup the system. The last run of Avast found no infections, but the problem persists.

Svchost.exe is still accumulating memory usage & using a lot of CPU. Occasionally, I am seeing a message from Avast: Malicious URL Blocked 199.80.55.19/go.php?uid=31573&suid=544_50939&data=NPyAmJVV

System eventually runs slow then locks up.

Here is my OTL log:

OTL logfile created on: 3/30/2011 1:57:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lynn Slackman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 26.12 Gb Free Space | 37.41% Space Free | Partition Type: NTFS

Computer Name: LYNNSPC | User Name: Lynn Slackman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
PRC - [2011/03/26 20:37:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 09:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/09 15:22:45 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/08/28 20:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/18 14:46:30 | 000,481,792 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2006/09/18 14:46:30 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/08/15 02:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/16 21:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (srv654)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 09:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/20 17:26:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/12/19 09:50:32 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Lynn Slackman\Application Data\Mikogo\B-Service.exe -- (B-Service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/19 15:10:13 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/04/30 17:56:30 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/10/13 22:23:41 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/15 02:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 36 23 30 17 EA C9 01 [binary data]
IE - HKCU\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
IE - HKCU\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ff6bdc07-eed6-4815-ad95-d7938b673ab5}:1.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/27 08:32:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 20:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 20:37:07 | 000,000,000 | ---D | M]

[2010/12/18 08:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Extensions
[2010/12/18 08:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Extensions\[email protected]
[2011/03/29 09:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions
[2011/01/30 19:01:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/01/13 12:38:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/22 17:08:22 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/07 17:20:33 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/21 13:57:38 | 000,000,000 | ---D | M] (SEOpen) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5}
[2011/02/06 09:40:13 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\[email protected]
[2009/06/09 11:00:47 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\searchplugins\live-search.xml
[2011/03/29 09:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 12:52:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 16:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 17:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/01 10:13:10 | 000,219,136 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSetup] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adobe.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/LYNNSL~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lynn Slackman\My Documents\My Pictures\ohgBack10x7.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lynn Slackman\My Documents\My Pictures\ohgBack10x7.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/28 11:58:50 | 000,000,266 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1be986de-0a60-11e0-b7d8-0013722f80a3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{20fa992d-640c-11de-80f6-00038a000015}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{20fa992d-640c-11de-80f6-00038a000015}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 13:56:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
[2011/03/29 18:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/29 07:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/28 17:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/28 17:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 14:00:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
[2011/03/30 13:15:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 11:15:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 11:06:24 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/30 11:04:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 11:03:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 09:15:35 | 1541,918,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/29 13:20:06 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/29 12:59:39 | 000,061,085 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\.recently-used.xbel
[2011/03/29 07:45:12 | 000,779,264 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Lynn.pst
[2011/03/28 18:00:03 | 000,009,774 | -HS- | M] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\kw41485oixq685008av44ki478b5yx
[2011/03/28 18:00:03 | 000,009,774 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kw41485oixq685008av44ki478b5yx
[2011/03/28 17:47:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 11:58:51 | 000,000,266 | RHS- | M] () -- C:\Documents and Settings\Lynn Slackman\My Documents\autorun.inf
[2011/03/28 11:58:50 | 000,000,266 | RHS- | M] () -- C:\autorun.inf
[2011/03/16 03:01:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 10:21:08 | 000,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 10:21:08 | 000,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 14:26:13 | 000,685,874 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\downloadPDF.pdf
[2011/03/12 14:19:05 | 000,212,144 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\statement.pdf
[2011/03/11 16:05:52 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/03/11 15:37:28 | 000,412,172 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\pib_locations.jpg
[2011/03/11 15:33:58 | 000,410,205 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\FireShot capture #073 - 'People In Business - Google pib.jpg
[2011/03/01 16:56:03 | 000,017,456 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Open_House_2011.PDF
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/29 12:59:39 | 000,061,085 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\.recently-used.xbel
[2011/03/28 17:50:46 | 1541,918,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/28 17:47:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 12:10:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/28 11:58:50 | 000,000,266 | RHS- | C] () -- C:\Documents and Settings\Lynn Slackman\My Documents\autorun.inf
[2011/03/28 11:58:49 | 000,000,266 | RHS- | C] () -- C:\autorun.inf
[2011/03/28 11:58:41 | 000,009,774 | -HS- | C] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\kw41485oixq685008av44ki478b5yx
[2011/03/28 11:58:41 | 000,009,774 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kw41485oixq685008av44ki478b5yx
[2011/03/12 14:26:11 | 000,685,874 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\downloadPDF.pdf
[2011/03/12 14:19:03 | 000,212,144 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\statement.pdf
[2011/03/11 16:05:52 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/03/11 15:37:25 | 000,412,172 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\pib_locations.jpg
[2011/03/11 15:33:54 | 000,410,205 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\FireShot capture #073 - 'People In Business - Google pib.jpg
[2011/03/01 16:56:02 | 000,017,456 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Open_House_2011.PDF
[2010/02/07 10:42:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/01/27 08:31:36 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/07/09 15:33:25 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/12 09:22:12 | 000,059,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/05 15:20:52 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\dvd.bmk
[2009/05/26 07:15:59 | 000,119,913 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/10/17 18:45:46 | 000,107,370 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
[2008/09/23 08:39:23 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\winscp.rnd
[2008/07/14 19:14:38 | 000,019,487 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/05 20:34:51 | 000,001,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/11 21:24:48 | 000,144,003 | ---- | C] () -- C:\WINDOWS\hpoins16.dat
[2007/11/11 21:24:48 | 000,005,279 | ---- | C] () -- C:\WINDOWS\hpomdl16.dat
[2007/10/10 07:57:59 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 17:12:16 | 000,005,352 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/05 09:19:24 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\wklnhst.dat
[2007/03/19 13:22:30 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2007/03/19 13:22:11 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2007/03/19 13:22:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2007/03/19 13:22:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2007/03/19 13:22:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2007/03/05 14:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/23 22:02:11 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/10/22 08:47:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/20 18:14:00 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/20 18:14:00 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\AE2B0D6EDD.sys
[2006/10/18 18:41:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\fusioncache.dat
[2006/10/13 22:40:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/13 22:34:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/13 22:30:01 | 000,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/13 22:25:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/13 22:22:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/13 21:58:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/10/13 21:58:36 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/13 21:58:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/13 21:58:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/13 21:58:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/13 21:58:34 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/13 21:58:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/13 21:58:34 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/13 21:58:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/13 21:58:32 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/13 21:58:32 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/13 21:58:31 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/13 21:57:23 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,466,744 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,079,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/23 07:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/10/19 20:42:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/11 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/07/03 19:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/02/11 19:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/07 18:51:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2010/12/18 08:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/01/15 19:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/12 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/11 19:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\DriverCure
[2010/03/27 19:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Facebook
[2010/05/04 07:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\FireShot
[2011/03/29 12:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\gtk-2.0
[2009/04/14 07:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Helios
[2007/07/04 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Leadertech
[2008/12/19 09:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Mikogo
[2010/08/21 06:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\NingNetworkArchiver.2B73A1547EF96D57B907C9B2120B5D7FE98E19B1.1
[2007/11/22 21:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Nvu
[2010/07/07 13:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Template
[2010/12/18 08:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\TomTom
[2009/07/05 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2007/01/15 19:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Viewpoint
[2009/06/30 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\W Photo Studio
[2010/01/04 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\W Photo Studio Viewer
[2009/04/07 06:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Windows Desktop Search
[2009/06/10 17:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Windows Search
[2009/10/27 07:50:24 | 000,000,796 | ---- | M] () -- C:\WINDOWS\Tasks\daily backup.job

========== Purity Check ==========



< End of report >

Thanks,

Dick Slackman
  • 0

Advertisements

#2
dslackman
Posted 30 March 2011 - 01:26 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I forgot to mention OTL "locked-up" a couple of times. I hit RETRY twice but it would not work, so I hit CONTINUE. Let me know if I need to re-run OTL.

Thanks
  • 0

#3
dslackman
Posted 30 March 2011 - 01:48 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry to post again, but I found this extras.txt file which looked like OTL stuff also..


OTL Extras logfile created on: 3/30/2011 1:57:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lynn Slackman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 26.12 Gb Free Space | 37.41% Space Free | Partition Type: NTFS

Computer Name: LYNNSPC | User Name: Lynn Slackman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\AOL\1161526194\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1161526194\ee\aolsoftware.exe:*:Enabled:AOL Services
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{47253C9A-7269-4be7-8BFE-50470F6897FE}" = HP Photosmart Printer Software 9.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EFF92ED-6DF2-4730-9E13-8BA87559C232}" = Web-Based Email Tools
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{691D27E1-6626-3890-96E0-9CAF90B8FE2D}" = NingNetworkArchiver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73B72B3B-AD7D-EC96-26BA-03A80B98882A}" = FlipShare
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation)
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}" = PENTAX USB DISK Device
"{AF1778C9-CC16-4aad-AF43-9A57429E7114}" = PS_SF_02_Software
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_min
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E797E7D2-D68C-4cb1-80D2-16049A8FBFB8}" = D5300_Help
"{E7C08429-18BB-4760-8596-6327C7267431}" = D5300
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EADBDC6F-8171-4be2-8505-652D6C87A5EB}" = D5300_doccd
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB52D14B-505F-4e32-89FF-1234233301D2}" = PS_SF_02_ProductContext
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"avast" = avast! Internet Security
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}" = iPod for Windows 2005-11-17
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Password Safe" = Password Safe
"Password Safe 1.71" = Password Safe 1.71
"RealPlayer 6.0" = RealPlayer Basic
"Screenshot Studio" = Screenshot Studio
"SearchAssist" = SearchAssist
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.1.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/4/2009 7:03:24 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/4/2009 10:28:55 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/8/2009 12:17:53 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 9:03:23 AM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/12/2009 4:13:20 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/13/2009 2:29:25 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/16/2009 8:39:39 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/21/2009 3:56:29 PM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

Error - 11/22/2009 8:21:29 AM | Computer Name = LYNNSPC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/28/2011 3:06:14 PM | Computer Name = LYNNSPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/28/2011 3:06:44 PM | Computer Name = LYNNSPC | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 3/28/2011 3:06:44 PM | Computer Name = LYNNSPC | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\events\lcedisp.cpp(131),
hr = 80040206: Failed to CoCreate EventSystem objec

Error - 3/28/2011 3:23:37 PM | Computer Name = LYNNSPC | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 3/28/2011 3:26:31 PM | Computer Name = LYNNSPC | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 3/28/2011 4:00:58 PM | Computer Name = LYNNSPC | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 3/28/2011 8:29:17 PM | Computer Name = LYNNSPC | Source = Application Error | ID = 1000
Description = Faulting application mbam.com, version 1.50.1.3, faulting module ntdll.dll,
version 5.1.2600.6055, fault address 0x0001245f.

Error - 3/28/2011 8:36:20 PM | Computer Name = LYNNSPC | Source = Application Error | ID = 1001
Description = Fault bucket -1920751638.

Error - 3/29/2011 3:49:15 AM | Computer Name = LYNNSPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10l.ocx, version 10.1.102.64, fault address 0x00393f7a.

Error - 3/29/2011 7:48:23 AM | Computer Name = LYNNSPC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module dirapi.dll, version 11.5.7.609, fault address 0x0003ef51.

[ OSession Events ]
Error - 9/22/2008 12:59:31 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/17/2009 3:49:24 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 1148 seconds with 420 seconds of active time. This session ended with a
crash.

Error - 2/22/2009 4:38:29 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 7366 seconds with 4860 seconds of active time. This session ended with a
crash.

Error - 5/8/2009 10:39:06 AM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 4625 seconds with 1920 seconds of active time. This session ended with a
crash.

Error - 7/10/2009 5:30:33 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 419 seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/10/2009 5:30:44 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2009 8:42:59 AM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 951 seconds with 780 seconds of active time. This session ended with a crash.

Error - 9/16/2009 8:35:29 AM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 435 seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/31/2009 4:09:36 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2905 seconds with 1560 seconds of active time. This session ended with a
crash.

Error - 2/15/2010 1:27:18 PM | Computer Name = LYNNSPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1126 seconds with 600 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 3/29/2011 8:18:19 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/29/2011 8:23:32 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7023
Description = The srv654 service terminated with the following error: %%126

Error - 3/29/2011 8:24:58 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/29/2011 8:24:58 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/29/2011 10:56:49 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7023
Description = The srv654 service terminated with the following error: %%126

Error - 3/29/2011 10:58:14 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/30/2011 12:25:58 AM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7023
Description = The srv654 service terminated with the following error: %%126

Error - 3/30/2011 12:27:21 AM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/30/2011 12:04:38 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7023
Description = The srv654 service terminated with the following error: %%126

Error - 3/30/2011 12:05:58 PM | Computer Name = LYNNSPC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >
  • 0

#4
Essexboy
Posted 30 March 2011 - 02:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there does Avast still report the MBR problem ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- -- (srv654)
    IE - HKCU\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    [2011/03/28 18:00:03 | 000,009,774 | -HS- | M] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\kw41485oixq685008av44ki478b5yx
    [2011/03/28 18:00:03 | 000,009,774 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kw41485oixq685008av44ki478b5yx
    [2011/03/28 11:58:51 | 000,000,266 | RHS- | M] () -- C:\Documents and Settings\Lynn Slackman\My Documents\autorun.inf
    [2011/03/28 11:58:50 | 000,000,266 | RHS- | M] () -- C:\autorun.inf

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan


Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#5
dslackman
Posted 30 March 2011 - 07:35 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Yes, the problem is still occurring.
fyi. The system did not come down cleanly after the OTL scan. I waited 5 hours hoping it would come down & finally had to force it down.

OTL logfile created on: 3/30/2011 8:22:29 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Lynn Slackman\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 28.63 Gb Free Space | 41.00% Space Free | Partition Type: NTFS

Computer Name: LYNNSPC | User Name: Lynn Slackman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
PRC - [2011/02/23 09:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 09:04:17 | 000,121,000 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/07/09 15:22:45 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/08/28 20:34:14 | 013,145,448 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/18 14:46:30 | 000,481,792 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2006/09/18 14:46:30 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/09/18 14:46:30 | 000,008,192 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe
PRC - [2006/08/15 02:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/16 21:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
MOD - [2011/02/23 09:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/23 09:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 09:04:17 | 000,121,000 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/20 17:26:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/17 15:59:44 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2008/12/19 09:50:32 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Lynn Slackman\Application Data\Mikogo\B-Service.exe -- (B-Service)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 08:57:38 | 000,101,976 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/02/23 08:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 08:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 08:56:41 | 000,192,728 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/02/23 08:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 08:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 08:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 08:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 08:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/19 15:10:13 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/04/30 17:56:30 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 21:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/10/13 22:23:41 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/15 02:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1061013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 36 23 30 17 EA C9 01 [binary data]
IE - HKCU\..\URLSearchHook: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ff6bdc07-eed6-4815-ad95-d7938b673ab5}:1.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.live.c...?FORM=IEFM1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/27 08:32:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/26 20:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 20:37:07 | 000,000,000 | ---D | M]

[2010/12/18 08:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Extensions
[2010/12/18 08:42:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Extensions\[email protected]
[2011/03/30 14:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions
[2011/01/30 19:01:09 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/01/13 12:38:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/22 17:08:22 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/07 17:20:33 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/21 13:57:38 | 000,000,000 | ---D | M] (SEOpen) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\{ff6bdc07-eed6-4815-ad95-d7938b673ab5}
[2011/02/06 09:40:13 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\extensions\[email protected]
[2009/06/09 11:00:47 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Application Data\Mozilla\Firefox\Profiles\vygy42iy.default\searchplugins\live-search.xml
[2011/03/30 14:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/04 12:52:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 16:34:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 17:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/01 10:13:10 | 000,219,136 | ---- | M] (Starfield Technology, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwbe.dll

O1 HOSTS File: ([2011/03/30 15:42:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\CyberDefender\cdmyidd.dll (CyberDefender Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOLDialer] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [LogitechSetup] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: adobe.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphot.../HPSWUpdate.ocx (CUpdateCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/LYNNSL~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Lynn Slackman\My Documents\My Pictures\ohgBack10x7.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lynn Slackman\My Documents\My Pictures\ohgBack10x7.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1be986de-0a60-11e0-b7d8-0013722f80a3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{20fa992d-640c-11de-80f6-00038a000015}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{20fa992d-640c-11de-80f6-00038a000015}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 15:42:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/30 13:56:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
[2011/03/29 18:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/29 07:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/03/28 18:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/28 17:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/28 17:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2011/03/30 20:20:47 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/30 20:20:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/30 20:19:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 20:19:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/30 20:19:19 | 1541,918,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/30 15:42:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/30 15:29:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/30 15:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 13:56:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lynn Slackman\Desktop\OTL.exe
[2011/03/29 13:20:06 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/29 12:59:39 | 000,061,085 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\.recently-used.xbel
[2011/03/29 07:45:12 | 000,779,264 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Lynn.pst
[2011/03/28 17:47:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/16 03:01:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/15 10:21:08 | 000,466,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 10:21:08 | 000,079,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 14:26:13 | 000,685,874 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\downloadPDF.pdf
[2011/03/12 14:19:05 | 000,212,144 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\statement.pdf
[2011/03/11 16:05:52 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/03/11 15:37:28 | 000,412,172 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\pib_locations.jpg
[2011/03/11 15:33:58 | 000,410,205 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\FireShot capture #073 - 'People In Business - Google pib.jpg
[2011/03/01 16:56:03 | 000,017,456 | ---- | M] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Open_House_2011.PDF

========== Files Created - No Company Name ==========

[2011/03/29 12:59:39 | 000,061,085 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\.recently-used.xbel
[2011/03/28 17:50:46 | 1541,918,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/28 17:47:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/28 12:10:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/12 14:26:11 | 000,685,874 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\downloadPDF.pdf
[2011/03/12 14:19:03 | 000,212,144 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\statement.pdf
[2011/03/11 16:05:52 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2011/03/11 15:37:25 | 000,412,172 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\pib_locations.jpg
[2011/03/11 15:33:54 | 000,410,205 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\FireShot capture #073 - 'People In Business - Google pib.jpg
[2011/03/01 16:56:02 | 000,017,456 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Desktop\Open_House_2011.PDF
[2010/02/07 10:42:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/01/27 08:31:36 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/07/09 15:33:25 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/12 09:22:12 | 000,059,012 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/05 15:20:52 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\dvd.bmk
[2009/05/26 07:15:59 | 000,119,913 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/10/17 18:45:46 | 000,107,370 | ---- | C] () -- C:\WINDOWS\hpqins13.dat.temp
[2008/09/23 08:39:23 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\winscp.rnd
[2008/07/14 19:14:38 | 000,019,487 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/12/05 20:34:51 | 000,001,349 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/11 21:24:48 | 000,144,003 | ---- | C] () -- C:\WINDOWS\hpoins16.dat
[2007/11/11 21:24:48 | 000,005,279 | ---- | C] () -- C:\WINDOWS\hpomdl16.dat
[2007/10/10 07:57:59 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/06 17:12:16 | 000,005,352 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/05 09:19:24 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Application Data\wklnhst.dat
[2007/03/19 13:22:30 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2007/03/19 13:22:11 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\Sslsvc.dll
[2007/03/19 13:22:11 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2007/03/19 13:22:11 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2007/03/19 13:22:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2007/03/05 14:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/23 22:02:11 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2006/10/22 08:47:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/20 18:14:00 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/20 18:14:00 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\AE2B0D6EDD.sys
[2006/10/18 18:41:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\fusioncache.dat
[2006/10/13 22:40:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/13 22:34:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/13 22:30:01 | 000,000,188 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/13 22:25:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/10/13 22:22:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/13 21:58:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2006/10/13 21:58:36 | 001,617,920 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/13 21:58:35 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/13 21:58:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/13 21:58:35 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/13 21:58:34 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/13 21:58:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/13 21:58:34 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/13 21:58:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/13 21:58:32 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/13 21:58:32 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/13 21:58:31 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/13 21:57:23 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,466,744 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,079,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/23 07:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/10/19 20:42:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/11 19:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/07/03 19:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/02/11 19:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/07/07 18:51:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2010/12/18 08:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/01/15 19:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 07:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/12 16:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/11 19:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\DriverCure
[2010/03/27 19:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Facebook
[2010/05/04 07:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\FireShot
[2011/03/29 12:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\gtk-2.0
[2009/04/14 07:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Helios
[2007/07/04 19:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Leadertech
[2008/12/19 09:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Mikogo
[2010/08/21 06:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\NingNetworkArchiver.2B73A1547EF96D57B907C9B2120B5D7FE98E19B1.1
[2007/11/22 21:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Nvu
[2010/07/07 13:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Template
[2010/12/18 08:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\TomTom
[2009/07/05 19:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2007/01/15 19:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Viewpoint
[2009/06/30 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\W Photo Studio
[2010/01/04 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\W Photo Studio Viewer
[2009/04/07 06:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Windows Desktop Search
[2009/06/10 17:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lynn Slackman\Application Data\Windows Search
[2009/10/27 07:50:24 | 000,000,796 | ---- | M] () -- C:\WINDOWS\Tasks\daily backup.job

========== Purity Check ==========



< End of report >


aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-30 20:29:21
-----------------------------
20:29:21.156 OS Version: Windows 5.1.2600 Service Pack 3
20:29:21.156 Number of processors: 1 586 0x4F02
20:29:21.156 ComputerName: LYNNSPC UserName:
20:29:21.843 Initialize success
20:29:24.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
20:29:24.984 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
20:29:24.984 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3808110AS_____________________________3.ADH___#5&1c6638a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:29:24.984 Device \Driver\atapi -> DriverStartIo 89fb841f
20:29:27.000 Disk 0 MBR read successfully
20:29:27.000 Disk 0 MBR scan
20:29:27.000 Disk 0 TDL4@MBR code has been found
20:29:27.000 Disk 0 MBR hidden
20:29:27.000 Disk 0 MBR [TDL4] **ROOTKIT**
20:29:27.000 Disk 0 trace - called modules:
20:29:27.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89fb85d9]<<
20:29:27.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a189ab8]
20:29:27.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a0952a8]
20:29:27.000 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a12b940]
20:29:27.453 \Driver\atapi[0x8a0a86f0] -> IRP_MJ_CREATE -> 0x89fb85d9
20:29:27.453 Scan finished successfully
  • 0

#6
dslackman
Posted 30 March 2011 - 08:00 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Brought the PC down completely (it came down correctly this time) and brought it back up to see if the problem recurred.

Received Avast messages:

MBR:\\.\PhysicalDrive0 F

\\.\PhysicalDrive0 MBR:TDL4

Blocked 199.80.55.19/go.php?uid=31573&suid=544_50939&data=NPyAmJVV

svchost.exe still accumulating memory & running with high CPU

Thanks,
Dick Slackman
  • 0

#7
Essexboy
Posted 31 March 2011 - 10:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK Avast will now clear it for you... At the moment there is no way to incorporate this into the main AV, just in case you wondered. In addition to the aswMBR log I would like you to also run MBAM for any waifs and strays

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button


Posted Image



Save the log as before and post in your next reply

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#8
dslackman
Posted 31 March 2011 - 01:49 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Eureka! The system is clean.
Logs below.

Thanks so much for the excellent support,
Dick Slackman

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-30 20:29:21
-----------------------------
20:29:21.156 OS Version: Windows 5.1.2600 Service Pack 3
20:29:21.156 Number of processors: 1 586 0x4F02
20:29:21.156 ComputerName: LYNNSPC UserName:
20:29:21.843 Initialize success
20:29:24.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
20:29:24.984 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
20:29:24.984 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3808110AS_____________________________3.ADH___#5&1c6638a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:29:24.984 Device \Driver\atapi -> DriverStartIo 89fb841f
20:29:27.000 Disk 0 MBR read successfully
20:29:27.000 Disk 0 MBR scan
20:29:27.000 Disk 0 TDL4@MBR code has been found
20:29:27.000 Disk 0 MBR hidden
20:29:27.000 Disk 0 MBR [TDL4] **ROOTKIT**
20:29:27.000 Disk 0 trace - called modules:
20:29:27.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89fb85d9]<<
20:29:27.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a189ab8]
20:29:27.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a0952a8]
20:29:27.000 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a12b940]
20:29:27.453 \Driver\atapi[0x8a0a86f0] -> IRP_MJ_CREATE -> 0x89fb85d9
20:29:27.453 Scan finished successfully
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-31 12:57:03
-----------------------------
12:57:03.937 OS Version: Windows 5.1.2600 Service Pack 3
12:57:03.937 Number of processors: 1 586 0x4F02
12:57:03.937 ComputerName: LYNNSPC UserName:
12:57:22.640 Initialize success
12:57:42.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
12:57:42.593 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
12:57:42.593 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3808110AS_____________________________3.ADH___#5&1c6638a1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
12:57:42.609 Device \Driver\atapi -> DriverStartIo 89fb841f
12:57:44.687 Disk 0 MBR read successfully
12:57:44.687 Disk 0 MBR scan
12:57:44.687 Disk 0 TDL4@MBR code has been found
12:57:44.687 Disk 0 MBR hidden
12:57:44.687 Disk 0 MBR [TDL4] **ROOTKIT**
12:57:44.687 Disk 0 trace - called modules:
12:57:44.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89fb85d9]<<
12:57:44.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a189ab8]
12:57:44.687 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a0952a8]
12:57:44.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a12b940]
12:57:45.109 \Driver\atapi[0x8a0a86f0] -> IRP_MJ_CREATE -> 0x89fb85d9
12:57:45.109 Scan finished successfully
12:57:57.171 Disk 0 fixing MBR
12:58:07.281 Disk 0 MBR restored successfully
12:58:07.281 Infection fixed successfully - please reboot ASAP


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6228

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/31/2011 1:11:55 PM
mbam-log-2011-03-31 (13-11-55).txt

Scan type: Quick scan
Objects scanned: 174810
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\ndj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\ndj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Lynn Slackman\Local Settings\Application Data\ndj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#9
Essexboy
Posted 31 March 2011 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nice what problems are remaining - any anomolies ?
  • 0

#10
dslackman
Posted 31 March 2011 - 02:09 PM

dslackman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I've been watching it & the PC seems to be running nicely, but will continue to monitor.

Thanks much,
Dick Slackman
  • 0

#11
Essexboy
Posted 31 March 2011 - 02:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know in about 24 hours and I will then remove my tools and tidy you up if you are happy :D
  • 0

#12
Essexboy
Posted 03 April 2011 - 08:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP