Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Check/ Hard drive virus

Started by northernbird , Feb 01 2012 11:43 PM

  • Please log in to reply

#1
northernbird
Posted 01 February 2012 - 11:43 PM

northernbird

    Member

  • Member
  • PipPip
  • 21 posts
Hey,

My wife's computer went bonkers today. She opened an email 'from' fedex about a package that failed to be delivered and proceeded to infect her computer. A window titled 'System Check' opened and claims to want to 'Scan PC for errors' but you cant close it and cant open task manager. Along with this, there is a pop-up titled 'Windows detected a hard disk problem' with a message stating 'A potential disk failure may cause loss of files... its highly recommended to scan and solve the HDD problems before continue using this PC' two buttons are available 'scan and fix', 'cancel and reboot'. In addition there are about 20 pop-ups that keep coming back after closing them.. they all state 'failed to save all the components for the file \\system32\000006e6a. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.' (the hex code is different in all the pop-ups but the rest of the message is the same). Lastly theres a 'Files Indexation Process Failed' pop-up.. which also comes back pretty much as soon as its closed.

I've unplugged the network cable on her PC, thinking that whatever has infected her PC wont be able to transfer anything else off or copy anything else on. I downloaded OTL, ran the quick scan and have posted the log below.

Any help that can be provided would be greatly appreciated!


OTL logfile created on: 2/1/2012 10:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arlie Norwood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.51% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 5.77 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 197.68 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 3.19 Gb Free Space | 84.47% Space Free | Partition Type: FAT32
Drive H: | 2048.00 Gb Total Space | 1434.65 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 14.10 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 2030.59 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive P: | 232.88 Gb Total Space | 0.27 Gb Free Space | 0.12% Space Free | Partition Type: NTFS

Computer Name: DC0XMBC1 | User Name: Arlie Norwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 22:48:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
PRC - [2012/02/01 18:18:58 | 000,361,472 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg.exe
PRC - [2012/02/01 11:25:26 | 000,451,584 | -H-- | M] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\cYmlANnOemt.exe
PRC - [2011/11/11 14:36:56 | 000,045,056 | -H-- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/05/30 20:16:12 | 000,032,849 | -H-- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/07 09:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/08/04 16:25:00 | 000,057,344 | -H-- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2010/07/13 12:43:50 | 000,720,896 | -H-- | M] (Data Robotics, Inc.) -- C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe
PRC - [2008/07/17 16:12:24 | 000,161,064 | -H-- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/17 16:12:04 | 000,177,448 | -H-- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/26 14:34:00 | 000,185,896 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/12/04 02:07:00 | 000,061,440 | RH-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
PRC - [2007/09/05 13:06:56 | 000,057,344 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe
PRC - [2007/08/27 10:36:34 | 000,111,912 | -H-- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | -H-- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 06:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/13 15:51:29 | 000,679,936 | -H-- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/12/05 15:21:48 | 000,073,728 | -H-- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/11/12 01:05:00 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/07/01 02:05:00 | 000,074,752 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S10IC2.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/01 16:57:50 | 001,697,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12020101\algo.dll
MOD - [2011/07/15 00:09:29 | 000,212,992 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2011/07/15 00:09:27 | 007,867,392 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011/07/15 00:09:21 | 011,485,184 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010/09/07 09:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2009/02/26 00:39:00 | 000,065,536 | RH-- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2007/04/15 20:56:10 | 000,389,120 | -H-- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll
MOD - [2005/10/05 03:12:00 | 000,094,208 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/08/24 11:50:32 | 000,217,157 | -H-- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll
MOD - [2003/12/05 15:28:52 | 000,118,784 | -H-- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBRsvc.dll
MOD - [2003/12/05 15:28:24 | 000,274,432 | -H-- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll
MOD - [2003/12/05 15:21:48 | 000,073,728 | -H-- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
MOD - [2001/10/28 15:42:30 | 000,116,224 | -H-- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/11 14:36:56 | 000,045,056 | -H-- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/05/30 20:16:13 | 000,028,762 | -H-- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 09:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/08/04 16:25:00 | 000,057,344 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2010/07/13 12:43:50 | 000,720,896 | -H-- | M] (Data Robotics, Inc.) [Auto | Running] -- C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe -- (DDService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/05/28 09:19:36 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/17 16:12:24 | 000,161,064 | -H-- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/27 10:36:34 | 000,111,912 | -H-- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/07/06 05:00:46 | 002,988,888 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006/07/06 07:14:30 | 000,090,112 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/03/03 21:03:10 | 000,069,632 | -H-- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 06:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/02/28 06:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/02/28 06:00:00 | 000,015,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/09/23 07:01:16 | 002,799,808 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/07/13 15:51:29 | 000,679,936 | -H-- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/12/05 15:21:48 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/11/12 01:05:00 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 08:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 08:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 08:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/28 14:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/08/25 14:10:52 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/26 00:29:58 | 001,142,272 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2008/02/14 17:50:04 | 000,038,656 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2006/12/18 18:01:20 | 000,012,672 | -H-- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/07/24 10:20:00 | 001,156,648 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/11 16:14:40 | 000,014,416 | -H-- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/27 18:25:00 | 000,031,896 | -H-- | M] (DemoForge, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/09/23 02:42:00 | 000,054,464 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys -- (VSPerfDrv)
DRV - [2005/09/08 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/10 04:15:30 | 000,106,496 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 04:15:24 | 000,138,752 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/15 07:54:56 | 000,044,344 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i1display.sys -- (i1display)
DRV - [2004/05/07 12:02:08 | 000,044,344 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EyeOneDp.sys -- (eyeonedp)
DRV - [2004/03/08 12:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/02 15:30:16 | 000,033,024 | -H-- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
DRV - [2001/12/19 10:45:00 | 000,008,576 | -H-- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom)
DRV - [2001/04/09 14:45:00 | 000,008,138 | -H-- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=6070104"
FF - prefs.js..extensions.mywebsearch.prevKwdURL: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..keyword.URL: "http://search.mywebs...732&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Maija Norwood\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\3.bin [2011/10/28 11:48:21 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/03 19:55:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/03 19:55:42 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 12:48:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 12:48:36 | 000,000,000 | -H-D | M]

[2009/03/09 17:50:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Extensions
[2011/10/28 11:48:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions
[2009/03/31 19:10:53 | 000,000,000 | -H-D | M] (FireFTP) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008/04/19 09:29:15 | 000,000,000 | -H-D | M] (Dimdim Web Meeting Publisher) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2011/10/28 11:48:22 | 000,000,000 | -H-D | M] (My Web Search) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2009/03/31 19:10:55 | 000,000,000 | -H-D | M] (RedShift V3) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2010/09/07 20:50:57 | 000,010,017 | -H-- | M] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\searchplugins\mywebsearch.xml
[2012/01/29 19:22:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/24 17:51:22 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/14 19:34:14 | 000,090,112 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2007/03/05 12:59:06 | 000,645,504 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | -H-- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [cYmlANnOemt.exe] C:\Documents and Settings\All Users\Application Data\cYmlANnOemt.exe (Microsoft Corp)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [unYHREDALK.exe] C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Documents and Settings\Arlie Norwood\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O8 - Extra context menu item: &Search - http://edits.mywebse...1w&n=2010040114 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/28 19:55:13 | 000,000,062 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0cda8aa2-92cb-11dc-8d92-0019d1033d05}\Shell\AutoRun\command - "" = "I:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{9a4ea692-5c6f-11df-8e35-0019d1033d05}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL splash.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 23:20:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Arlie Norwood\Recent
[2012/02/01 22:50:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
[2012/02/01 18:19:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Arlie Norwood\Start Menu\Programs\System Check
[2012/02/01 18:18:58 | 000,361,472 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg.exe
[2012/02/01 11:28:32 | 000,451,584 | -H-- | C] (Microsoft Corp) -- C:\Documents and Settings\All Users\Application Data\cYmlANnOemt.exe
[2012/01/20 13:58:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tax Forms Helper 2011
[2012/01/06 10:06:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Eye-One Match 3
[2011/06/01 20:00:32 | 000,065,536 | RH-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2008/03/25 11:53:15 | 000,115,712 | -H-- | C] (Macrovision) -- C:\Program Files\eZsuite.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/01 22:48:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
[2012/02/01 22:45:23 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 20:55:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/01 20:40:07 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/01 18:19:26 | 000,000,416 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg
[2012/02/01 18:19:13 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/01 18:19:13 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk
[2012/02/01 18:15:01 | 000,039,472 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/01 18:14:34 | 000,013,668 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/01 18:14:32 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 16:56:30 | 000,000,527 | -H-- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/02/01 16:54:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/01 16:54:50 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/01 14:00:04 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/01 13:12:18 | 000,000,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F
[2012/02/01 13:10:06 | 000,340,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe
[2012/02/01 12:47:43 | 000,431,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe
[2012/02/01 10:10:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/01/28 21:34:15 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/19 22:23:22 | 000,000,090 | -H-- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/01/06 10:05:35 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\AutoRun.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 18:19:13 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/01 18:19:13 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk
[2012/02/01 18:19:09 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg
[2012/02/01 13:10:30 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F
[2012/02/01 13:10:06 | 000,340,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe
[2012/02/01 12:47:46 | 000,431,240 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe
[2011/12/22 14:44:33 | 000,294,256 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/15 00:51:14 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/06/15 20:24:49 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/14 12:09:55 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/01 20:00:32 | 000,053,248 | RH-- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2011/06/01 20:00:31 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\P17.dll
[2011/05/31 18:03:05 | 000,000,527 | -H-- | C] () -- C:\WINDOWS\System32\tablet.dat
[2011/05/31 18:02:59 | 000,015,744 | -H-- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2011/02/04 10:25:36 | 000,004,943 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\pyknfeyt.slj
[2009/11/24 13:44:19 | 000,000,704 | -H-- | C] () -- C:\Program Files\FOXUSER.FPT
[2009/11/24 13:44:19 | 000,000,665 | -H-- | C] () -- C:\Program Files\FOXUSER.DBF
[2009/08/17 21:14:07 | 000,005,663 | -H-- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/04/16 22:08:31 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/03/29 21:29:24 | 000,126,976 | -H-- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/03/29 21:29:24 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/03/29 21:29:24 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/02/20 11:40:18 | 000,000,125 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/14 14:37:06 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\fusioncache.dat
[2008/05/02 00:59:42 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/10 21:32:27 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/10 10:18:31 | 000,044,344 | -H-- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2008/04/10 10:05:06 | 000,000,197 | -H-- | C] () -- C:\WINDOWS\i1Share.ini
[2008/04/10 10:00:17 | 000,044,344 | -H-- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2008/04/10 09:58:03 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\AutoRun.ini
[2008/03/25 11:53:15 | 000,040,721 | -H-- | C] () -- C:\Program Files\lax.jar
[2008/03/25 11:53:15 | 000,004,098 | -H-- | C] () -- C:\Program Files\eZsuite.lax
[2008/03/25 11:53:15 | 000,002,066 | -H-- | C] () -- C:\Program Files\Launcher.jar
[2007/05/03 01:04:50 | 000,765,952 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/03 01:04:49 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/26 22:31:21 | 000,117,005 | -H-- | C] () -- C:\WINDOWS\HPHins10.dat
[2007/04/26 22:31:21 | 000,002,314 | -H-- | C] () -- C:\WINDOWS\hphmdl10.dat
[2007/04/26 22:22:25 | 000,116,979 | -H-- | C] () -- C:\WINDOWS\HPHins10.dat.temp
[2007/04/26 22:22:25 | 000,002,314 | -H-- | C] () -- C:\WINDOWS\hphmdl10.dat.temp
[2007/04/18 11:55:56 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/04/03 20:07:52 | 000,044,344 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Seqcal.sys
[2007/03/02 22:05:05 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/19 14:42:21 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/19 14:27:23 | 000,000,201 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/02/19 14:24:20 | 000,290,919 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2007/02/19 14:24:20 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007/02/19 14:23:02 | 000,096,768 | -H-- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/02/19 14:23:02 | 000,003,136 | -H-- | C] () -- C:\WINDOWS\Ade001.bin
[2007/02/19 14:23:02 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/02/19 14:20:48 | 000,000,196 | -H-- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2007/01/19 14:34:26 | 000,003,920 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/19 14:34:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CFF56F9C53.sys
[2007/01/15 01:25:03 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/01/15 01:25:03 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/01/15 01:24:43 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/01/15 01:24:43 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/01/15 01:24:41 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/01/12 16:00:14 | 000,162,943 | -H-- | C] () -- C:\WINDOWS\FotoFusion Uninstaller.exe
[2007/01/09 23:35:00 | 000,003,774 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/09 22:52:05 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\13.sys
[2007/01/09 21:23:24 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/01/09 21:19:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/04 07:39:48 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/04 07:35:36 | 000,000,654 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/04 07:31:45 | 000,000,126 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/04 07:10:46 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/01/04 07:10:44 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/04 07:09:55 | 000,000,301 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/28 06:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/11/10 01:56:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/08 00:17:08 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,023,348 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 002,233,840 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:20 | 000,610,114 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,133,896 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/08/23 22:56:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/04/24 23:51:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/04/16 14:59:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/09/08 15:18:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Drobo
[2011/06/22 11:25:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LumaPix
[2011/07/15 00:52:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/12/22 15:31:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2007/01/13 10:30:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2011/02/01 11:13:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2008/09/28 19:54:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/05/02 00:59:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2011/07/28 10:25:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/02/01 12:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/09 00:59:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/05/21 22:32:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Azureus
[2007/02/13 20:34:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\CoffeeCup Software
[2008/04/19 11:29:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Dimdim
[2007/02/28 22:16:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\EPSON
[2008/01/07 20:19:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Imagenomic
[2007/01/08 22:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Leadertech
[2007/01/16 20:50:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\LumaPix
[2007/11/16 19:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Netscape
[2007/06/21 22:43:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\OLYMPUS
[2007/06/09 21:58:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Arlie Norwood\Application Data\Opera
[2012/02/01 10:10:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/02/01 20:40:07 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/02/01 20:55:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/02/01 14:00:04 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E74F5F70

< End of report >


Here is the extras.txt file that was also created.


OTL Extras logfile created on: 2/1/2012 10:51:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arlie Norwood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.51% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 5.77 Gb Free Space | 3.95% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 197.68 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 3.19 Gb Free Space | 84.47% Space Free | Partition Type: FAT32
Drive H: | 2048.00 Gb Total Space | 1434.65 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 14.10 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 2030.59 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive P: | 232.88 Gb Total Space | 0.27 Gb Free Space | 0.12% Space Free | Partition Type: NTFS

Computer Name: DC0XMBC1 | User Name: Arlie Norwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe" = C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe" = C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe:*:Enabled:Drobo Dashboard Service -- (Data Robotics, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Documents and Settings\Maija Norwood\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Maija Norwood\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}" = Image Trends' ShineOff Plug-In 1.0.2
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D7D276-46D2-42F5-BC90-0906C330746E}" = Microsoft Windows Vista Client Headers and Libraries (6001.16533.121)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0C8EE4CE-981E-4E7C-A2B5-2EA68A645589}" = D4100_Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AFB6EA5-DBD0-43A4-AA56-4D1EBF8E39D8}" = HP Deskjet 3000 J310 series Basic Device Software
"{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{20B8FD81-A71D-42ea-B887-07A616069E63}" = D4100
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}" = hph_readme
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{235674B0-A35F-4811-8A8F-E8F42A919EA3}" = PhotoPresets with One-Click WOW!
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{2928F0D5-DABC-4637-A6B3-740629075555}" = RocketFish 5.1 PCI Sound Card
"{2B2BEF9D-BF66-4BCF-B3DE-8C23DC516317}" = Basic Date Picker v1.3
"{2E572661-94BA-829F-80B0-0776F4832B09}" = The Photographer's Ephemeris
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{333B10B5-5DD1-44C0-891C-9738FDE14CC1}" = Drobo Dashboard
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36E7A382-E7DF-4C07-9CCA-9415C1E208AF}" = SNAP 3.0.1 Downloader
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3CD2DC4F-F3F6-4E62-B22B-773CA9D784EB}" = Image Trends' PearlyWhites Plug-In 2.0.2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{554EB98C-D995-471F-8874-D2BA7BF5EB3E}" = Noiseware Professional Edition
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5821459E-A8E1-42D1-A8B5-34AB19A75E79}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5.1.1
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DE0220D-1A71-3C1B-9BE1-DF8D3D392BC4}" = Microsoft Document Explorer 2008
"{5DEDD928-2CBE-35E9-B002-85232EDB120A}" = Microsoft .NET Framework 2.0 Service Pack 1
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6297F8EC-D821-4B33-B845-8A8D1A0DF472}" = Lightroom
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68CE30BC-365D-4BC6-A8F4-520899B6FECD}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.16533.121)
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F684F0C-D0AB-4C6F-9D87-1B285D1566EF}" = Image Trends' PearlyWhites Plug-In 1.0.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8CD05946-4102-3560-B475-9EA2C5B22388}" = Microsoft Device Emulator version 3.0 - ENU
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{930A590D-29F8-4554-8DC8-27B8A17DD637}" = Microsoft Windows Vista Client Utilities for Win32 Development (6001.16533.121)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}" = HP Photosmart and Deskjet 7.0 Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A5BB0E8C-6BCE-3486-A705-82F5707C5059}" = Windows SDK .Net Tools
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}" = DB VGA Cam
"{A919EFA5-ADD6-42CB-AE11-EE5DAAB686D5}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{A922F4CD-6129-4B8A-A00D-C6185C1A39B2}" = Microsoft Windows Vista Client Common Utilities (6001.16533.121)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B6CB9E38-ED2F-33C6-9A58-11A37F4F5C96}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}" = hph_software_req
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C76AA8ED-44F5-41B1-BAE6-A2E43C1CAA4F}" = Image Trends' ShineOff Plug-In 2.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECCAEF3-D37A-48D5-8E39-8D0727C8C6E2}" = ACH Origination Application
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}" = hph_software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE1A361F-31DC-4AC5-ABBA-2323BC505880}" = LexarMedia ImageRescue Software
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E3B039DD-C2DD-4765-800A-3572BC75458D}" = SNAP 3.0.1
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9B4A5F2-CAF7-4727-BB22-1939FD659019}" = HP Deskjet 3000 J310 series Product Improvement Study
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE174FE1-2276-46E9-8C54-9E8C51D528CB}" = ACHFORPC
"{F0BD17B0-086B-11DD-BD0B-0800200C9A66}" = Dimdim Web Meeting Publisher For IE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958F15A-4CE2-44E7-8179-97BBDCAF401A}" = OLYMPUS Master 2
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"avast5" = avast! Internet Security
"CCleaner" = CCleaner
"ColorChecker Passport_is1" = ColorChecker Passport 1.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EPSON Photo Print" = EPSON Photo Print
"EPSON Printer and Utilities" = EPSON Printer Software
"Eye-One Match_is1" = Eye-One Match 3.6.1
"Eye-One Share" = Eye-One Share
"eZsports" = eZsports
"eZsuite" = eZsuite
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"FotoFusion" = FotoFusion
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo Creations" = HP Photo Creations
"i1ColorPoint 1.0" = i1ColorPoint 1.0
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"MyPublisher" = MyPublisher
"MyWebSearch bar Uninstall" = My Web Search
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIA Drivers" = NVIDIA Drivers
"Photodex Presenter" = Photodex Presenter
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"ReNamer_is1" = ReNamer
"SearchAssist" = SearchAssist
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"Tax Forms Helper 2009_is1" = Tax Forms Helper 2009 9.0
"Tax Forms Helper 2010_is1" = Tax Forms Helper 2010 9.5
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"VISPROR" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/28/2010 10:47:42 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:42 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:43 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:43 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 4/3/2010 10:24:53 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 5/13/2010 4:06:00 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2/1/2012 5:16:01 PM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 2/1/2012 5:16:01 PM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB958481'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB958481_20120201_211601265-Msi0.txt.

Error - 2/1/2012 5:16:01 PM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 2/1/2012 5:16:06 PM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft visual studio 2008-kb952241,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.30612.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/1/2012 5:16:14 PM | Computer Name = DC0XMBC1 | Source = NativeWrapper | ID = 5000
Description =

Error - 2/1/2012 5:16:25 PM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 2/1/2012 5:16:26 PM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20120201_211625421-Msi0.txt.

Error - 2/1/2012 5:16:26 PM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 2/1/2012 7:02:07 PM | Computer Name = DC0XMBC1 | Source = Ci | ID = 4127
Description = Content index on c:\documents and settings\all users\application data\microsoft\visio\catalog.wci
could not be initialized. Error 2147942405.

Error - 2/1/2012 7:02:07 PM | Computer Name = DC0XMBC1 | Source = Ci | ID = 4127
Description = Content index on c:\documents and settings\all users\application data\microsoft\visio\catalog.wci
could not be initialized. Error 2147942405.

[ OSession Events ]
Error - 1/14/2009 1:51:56 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 7211
seconds with 480 seconds of active time. This session ended with a crash.

Error - 10/28/2009 9:49:16 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 74103
seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/16/2009 2:09:18 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 289
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 12:19:55 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/7/2010 12:34:59 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 267663
seconds with 5880 seconds of active time. This session ended with a crash.

Error - 10/17/2010 8:27:17 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 144307
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 10/1/2010 1:24:56 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2011 10:13:49 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 832559
seconds with 14820 seconds of active time. This session ended with a crash.

Error - 2/9/2011 11:23:23 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 220163
seconds with 8640 seconds of active time. This session ended with a crash.

Error - 12/16/2011 4:06:36 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 367017
seconds with 8760 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/1/2012 10:20:10 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 10:20:13 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 10:20:16 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 10:20:19 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:33 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:36 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:39 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:42 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:45 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/1/2012 11:39:48 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 02 February 2012 - 01:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [cYmlANnOemt.exe] C:\Documents and Settings\All Users\Application Data\cYmlANnOemt.exe (Microsoft Corp)
O4 - HKLM..\Run: [unYHREDALK.exe] C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe ()
O8 - Extra context menu item: &Search - http://edits.mywebse...1w&n=2010040114 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O32 - AutoRun File - [2008/09/28 19:55:13 | 000,000,062 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0cda8aa2-92cb-11dc-8d92-0019d1033d05}\Shell\AutoRun\command - "" = "I:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{9a4ea692-5c6f-11df-8e35-0019d1033d05}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL splash.hta
[2012/02/01 22:45:23 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 20:55:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/01 20:40:07 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/01 18:19:26 | 000,000,416 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg
[2012/02/01 18:19:13 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/01 18:19:13 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk
[2012/02/01 18:14:32 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/01 14:00:04 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/01 13:12:18 | 000,000,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F
[2012/02/01 13:10:06 | 000,340,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe
[2012/02/01 12:47:43 | 000,431,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe
[2012/02/01 10:10:00 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/01 18:19:13 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/01 18:19:13 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk
[2012/02/01 18:19:09 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg
[2012/02/01 13:10:30 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F
[2012/02/01 13:10:06 | 000,340,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe
[2012/02/01 12:47:46 | 000,431,240 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\WINDOWS\tasks\At*.job
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download, Save and Run unhide.exe
http://download.blee...nler/unhide.exe

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix:
Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registry key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
northernbird
Posted 02 February 2012 - 01:48 AM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey - thanks for the response. I cant find the Additional Protections or anything about AutoSandbox, I'm running Avast Internet Security, not the free version.. not sure if that makes a difference or not.
  • 0

#4
northernbird
Posted 02 February 2012 - 02:33 AM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I ran OTL, pasted in the fix script you provided, and ran it. After the reboot this is the log that was open.


========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\BAE\BAE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cYmlANnOemt.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\cYmlANnOemt.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\unYHREDALK.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
F:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0cda8aa2-92cb-11dc-8d92-0019d1033d05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cda8aa2-92cb-11dc-8d92-0019d1033d05}\ not found.
File "I:\Install FreeAgent Tools.exe" /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a4ea692-5c6f-11df-8e35-0019d1033d05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a4ea692-5c6f-11df-8e35-0019d1033d05}\ not found.
File E:\InstallSeagateManager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL splash.hta not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg moved successfully.
C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F moved successfully.
C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
File C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
File C:\Documents and Settings\Arlie Norwood\Desktop\System Check.lnk not found.
C:\Documents and Settings\All Users\Application Data\ji0oVjv2ohKbsg.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F not found.
File C:\Documents and Settings\All Users\Application Data\zoNkJHJwME917F.exe not found.
File C:\Documents and Settings\All Users\Application Data\unYHREDALK.exe not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\CS2.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Microsoft Office Excel 2007.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Microsoft Office Outlook.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Microsoft Office Visio 2007.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Microsoft Office Word 2007.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Microsoft Visual Studio 2008 Beta 2.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Mozilla Firefox.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\My Computer.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\SQL Server Management Studio.lnk
C:\DOCUME~1\ARLIEN~1\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
12 File(s) copied
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Arlie Norwood\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Arlie Norwood
->Java cache emptied: 4687458 bytes

User: DC0XMBC1

User: Default User

User: Jordan
->Java cache emptied: 1663071 bytes

User: LocalService

User: Maija Norwood
->Java cache emptied: 54109828 bytes

User: NetworkService

User: Sydney

Total Java Files Cleaned = 58.00 mb


[EMPTYFLASH]

User: All Users

User: Arlie Norwood
->Flash cache emptied: 2694012 bytes

User: DC0XMBC1

User: Default User
->Flash cache emptied: 56504 bytes

User: Jordan
->Flash cache emptied: 200823 bytes

User: LocalService

User: Maija Norwood
->Flash cache emptied: 4829020 bytes

User: NetworkService

User: Sydney
->Flash cache emptied: 102126 bytes

Total Flash Files Cleaned = 8.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02022012_020001

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


I'm running unhide.exe right now.. been running for a bit but I'll just wait it out and continue with your instructions when its done.
  • 0

#5
northernbird
Posted 02 February 2012 - 12:03 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
unhide.exe completed overnight, things are starting to look at least somewhat normal.

downloaded/updated malwarebytes, and started ruunning it.. it looks to have hung up after about 4 minutes and finding 120 infections.. Came back a couple hours later and there was a 'registry restored from backup' message on my login screen... after logging back in malwarebytes was still hung up.. and then my pc restarted. Currently CHKDSK is running on my drives after the reboot.

the the chkdsk finishes I'll continue past malware bytes and come back to run it later..
  • 0

#6
northernbird
Posted 02 February 2012 - 02:52 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Chkdsk completed. Downloaded and am running combofix. It took me a bit to get it to run as administrator as the administrator acount didnt have a password. My start menu is missing alot of things, so it took me awhile to remember how to get to manage computer with out anything in administrative tools...

Finally got combofix to run, and It prompted me to download and install a restore something or other,which I allowed it to do.. its still running. Will post the log when it completes.
  • 0

#7
RKinner
Posted 02 February 2012 - 03:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Sorry about the run as admin business. I must have given you the Vista/Win 7 instructions by mistake. Double clicking is usually good enough for XP.
  • 0

#8
northernbird
Posted 02 February 2012 - 04:27 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It actually wouldn't run as me, even though I'm in the admin group. It just flashed up a command window and died. The recovery stuff finally completed and the malwae scan portion of combofix is now running.
  • 0

#9
northernbird
Posted 02 February 2012 - 05:48 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok, heres the combofix log..


ComboFix 12-02-02.02 - Administrator 02/02/2012 16:31:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1497 [GMT -6:00]
Running from: c:\documents and settings\Arlie Norwood\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\13.sys
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Arlie Norwood\Start Menu\Programs\System Check
c:\documents and settings\Arlie Norwood\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Arlie Norwood\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Maija Norwood\g2mdlhlpx.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\3.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\3.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\3.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\3.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\3.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\3.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\3.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\3.bin\M3FFTBPR.DLL
c:\program files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\3.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\3.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\3.bin\M3PATCH.DLL
c:\program files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\3.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\3.bin\M3UNPAT.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\001001D6.exe
c:\program files\MyWebSearch\bar\Cache\01494FF4.bin
c:\program files\MyWebSearch\bar\Cache\014950CF.bin
c:\program files\MyWebSearch\bar\Cache\0149515B.bin
c:\program files\MyWebSearch\bar\Cache\014951E8.bin
c:\program files\MyWebSearch\bar\Cache\05AF9D44
c:\program files\MyWebSearch\bar\Cache\05AFA003
c:\program files\MyWebSearch\bar\Cache\07394729
c:\program files\MyWebSearch\bar\Cache\07394B01.bin
c:\program files\MyWebSearch\bar\Cache\07394E8B.bin
c:\program files\MyWebSearch\bar\Cache\07394F66.bin
c:\program files\MyWebSearch\bar\Cache\073950FC.bin
c:\program files\MyWebSearch\bar\Cache\10258304.bmp
c:\program files\MyWebSearch\bar\Cache\19B4051B
c:\program files\MyWebSearch\bar\Cache\19B40961
c:\program files\MyWebSearch\bar\Cache\19B40AB9
c:\program files\MyWebSearch\bar\Cache\19B40BE1
c:\program files\MyWebSearch\bar\Cache\218F6547.bin
c:\program files\MyWebSearch\bar\Cache\218F6612.bin
c:\program files\MyWebSearch\bar\Cache\218F66BE.bin
c:\program files\MyWebSearch\bar\Cache\218F674A.bin
c:\program files\MyWebSearch\bar\Cache\2237ED61.bin
c:\program files\MyWebSearch\bar\Cache\2237EE0D.bin
c:\program files\MyWebSearch\bar\Cache\2237EE3C.bin
c:\program files\MyWebSearch\bar\Cache\2237EE6B.bin
c:\program files\MyWebSearch\bar\Cache\27DA9D81.bmp
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\Thumbs.db
c:\windows\AutoRun.ini
c:\windows\settings.reg
c:\windows\system\oeminfo.ini
c:\windows\system32\bszip.dll
c:\windows\system32\Cache
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Thumbs.db
F:\Autorun.inf
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_DDService
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 19:57 . 2012-02-02 19:57 -------- d-----w- c:\documents and settings\Administrator
2012-02-02 15:05 . 2012-02-02 17:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-02 15:05 . 2012-02-02 15:05 -------- d-----w- c:\documents and settings\Arlie Norwood\Application Data\Malwarebytes
2012-02-02 15:04 . 2012-02-02 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-02 15:04 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 15:04 . 2012-02-02 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-02 08:00 . 2012-02-02 08:00 -------- dc----w- C:\_OTL
2012-01-06 16:06 . 2012-01-06 16:36 -------- d-----w- c:\program files\Eye-One Match 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-08-24 04:56 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-05-02 06:04 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2010-08-24 05:07 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:52 . 2008-05-02 06:04 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-05-02 06:04 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2008-05-02 06:04 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:48 . 2008-05-02 06:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2008-03-25 17:53 . 2008-03-25 17:53 115712 ----a-w- c:\program files\eZsuite.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2010-09-07 15:13 81072 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-05 461584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-25 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 61440]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-26 185896]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
"EPSON Stylus Photo 2200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-07-13 611712]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"CTSysVol"="c:\program files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]
"P17Helper"="P17.dll" [2009-02-26 65536]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
c:\documents and settings\Arlie Norwood\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-8 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Drobo\\Drobo Dashboard\\Support\\DDService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/23/2010 11:06 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [8/23/2010 11:07 PM 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [8/23/2010 11:07 PM 99792]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/23/2010 11:07 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2008 12:04 AM 165584]
R1 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [4/19/2008 9:29 AM 31896]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [10/3/2007 7:54 PM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2008 12:04 AM 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [8/23/2010 11:06 PM 119200]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/17/2008 4:12 PM 161064]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/10/2008 10:00 AM 14416]
R3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [4/10/2008 10:18 AM 44344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2010 1:50 PM 135664]
S3 eyeonedp;eye-one display;c:\windows\system32\drivers\EyeOneDp.sys [4/10/2008 10:00 AM 44344]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2010 1:50 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/2/2012 9:05 AM 40776]
S3 SQTECH9051;DB VGA Cam;c:\windows\system32\drivers\Capt9051.sys [1/7/2010 1:30 PM 38656]
S3 VSPerfDrv;Performance Tools Driver;c:\program files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [9/23/2005 2:42 AM 54464]
S4 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 10:12 PM 202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [3/3/2007 10:09 PM 17264]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=pL_KcoFJgQxHxCSE6CYs1w&psa=&ind=2010040114&ptnrS=ZUfox000&si=&st=kwd&n=77cec732&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: My Web Search: [email protected] - %profile%\extensions\[email protected]
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 17:23
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\tabhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\astsrv.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2012-02-02 17:30:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 23:30
.
Pre-Run: 5,627,179,008 bytes free
Post-Run: 6,771,277,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D673A78521A29F52CCBF63AB7C2A6438
  • 0

#10
northernbird
Posted 02 February 2012 - 05:49 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I ran TDSKiller as well, and heres its log...


17:37:22.0140 3248 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
17:37:22.0437 3248 ============================================================
17:37:22.0437 3248 Current date / time: 2012/02/02 17:37:22.0437
17:37:22.0437 3248 SystemInfo:
17:37:22.0437 3248
17:37:22.0437 3248 OS Version: 5.1.2600 ServicePack: 2.0
17:37:22.0437 3248 Product type: Workstation
17:37:22.0437 3248 ComputerName: DC0XMBC1
17:37:22.0437 3248 UserName: Arlie Norwood
17:37:22.0437 3248 Windows directory: C:\WINDOWS
17:37:22.0437 3248 System windows directory: C:\WINDOWS
17:37:22.0437 3248 Processor architecture: Intel x86
17:37:22.0437 3248 Number of processors: 2
17:37:22.0437 3248 Page size: 0x1000
17:37:22.0437 3248 Boot type: Normal boot
17:37:22.0437 3248 ============================================================
17:37:22.0656 3248 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:22.0671 3248 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:37:22.0671 3248 Drive \Device\Harddisk2\DR6 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:22.0718 3248 Drive \Device\Harddisk10\DR22 - Size: 0xF2300000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:22.0734 3248 Drive \Device\Harddisk7\DR12 - Size: 0x1FFFFFEF000 (2048.00 Gb), SectorSize: 0x200, Cylinders: 0x41455, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:23.0406 3248 Drive \Device\Harddisk8\DR13 - Size: 0x1FFFFFEF000 (2048.00 Gb), SectorSize: 0x200, Cylinders: 0x41455, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:24.0093 3248 Drive \Device\Harddisk9\DR20 - Size: 0x3A38B2E200 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:37:24.0093 3248 \Device\Harddisk0\DR0:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x123B5260
17:37:24.0109 3248 \Device\Harddisk1\DR1:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:37:24.0109 3248 \Device\Harddisk2\DR6:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk2\DR6\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
17:37:24.0109 3248 \Device\Harddisk10\DR22:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk10\DR22\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x78F880
17:37:24.0109 3248 \Device\Harddisk7\DR12:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk7\DR12\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFFE9D6
17:37:24.0109 3248 \Device\Harddisk8\DR13:
17:37:24.0109 3248 MBR used
17:37:24.0109 3248 \Device\Harddisk8\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFFE9D6
17:37:24.0109 3248 \Device\Harddisk9\DR20:
17:37:24.0125 3248 MBR used
17:37:24.0125 3248 \Device\Harddisk9\DR20\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
17:37:25.0515 3248 Initialize success
17:37:25.0515 3248 ============================================================
17:37:44.0000 1040 ============================================================
17:37:44.0000 1040 Scan started
17:37:44.0000 1040 Mode: Manual;
17:37:44.0000 1040 ============================================================
17:37:44.0265 1040 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:37:44.0265 1040 Aavmker4 - ok
17:37:44.0296 1040 Abiosdsk - ok
17:37:44.0328 1040 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:37:44.0328 1040 abp480n5 - ok
17:37:44.0375 1040 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:37:44.0375 1040 ACPI - ok
17:37:44.0406 1040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:37:44.0406 1040 ACPIEC - ok
17:37:44.0453 1040 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
17:37:44.0453 1040 adfs - ok
17:37:44.0484 1040 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:37:44.0484 1040 adpu160m - ok
17:37:44.0562 1040 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:37:44.0562 1040 aec - ok
17:37:44.0640 1040 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:37:44.0640 1040 AFD - ok
17:37:44.0671 1040 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:37:44.0671 1040 agp440 - ok
17:37:44.0687 1040 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:37:44.0687 1040 agpCPQ - ok
17:37:44.0718 1040 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:37:44.0718 1040 Aha154x - ok
17:37:44.0734 1040 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:37:44.0734 1040 aic78u2 - ok
17:37:44.0765 1040 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:37:44.0765 1040 aic78xx - ok
17:37:44.0781 1040 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:37:44.0781 1040 AliIde - ok
17:37:44.0812 1040 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:37:44.0828 1040 alim1541 - ok
17:37:44.0843 1040 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:37:44.0843 1040 amdagp - ok
17:37:44.0875 1040 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:37:44.0875 1040 amsint - ok
17:37:44.0968 1040 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:37:44.0968 1040 Arp1394 - ok
17:37:45.0015 1040 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:37:45.0015 1040 asc - ok
17:37:45.0031 1040 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:37:45.0031 1040 asc3350p - ok
17:37:45.0062 1040 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:37:45.0062 1040 asc3550 - ok
17:37:45.0109 1040 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:37:45.0109 1040 aswFsBlk - ok
17:37:45.0171 1040 aswFW (25ace55b10046e9e6e9b148fa7abd3b7) C:\WINDOWS\system32\drivers\aswFW.sys
17:37:45.0171 1040 aswFW - ok
17:37:45.0187 1040 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
17:37:45.0187 1040 aswMon2 - ok
17:37:45.0218 1040 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
17:37:45.0218 1040 aswNdis - ok
17:37:45.0234 1040 aswNdis2 (125febcb61d33b358afc20866b8a9842) C:\WINDOWS\system32\drivers\aswNdis2.sys
17:37:45.0250 1040 aswNdis2 - ok
17:37:45.0265 1040 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
17:37:45.0265 1040 aswRdr - ok
17:37:45.0296 1040 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
17:37:45.0296 1040 aswSnx - ok
17:37:45.0343 1040 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
17:37:45.0343 1040 aswSP - ok
17:37:45.0359 1040 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
17:37:45.0359 1040 aswTdi - ok
17:37:45.0406 1040 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:37:45.0406 1040 AsyncMac - ok
17:37:45.0437 1040 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:37:45.0437 1040 atapi - ok
17:37:45.0437 1040 Atdisk - ok
17:37:45.0453 1040 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:37:45.0453 1040 Atmarpc - ok
17:37:45.0468 1040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:37:45.0484 1040 audstub - ok
17:37:45.0515 1040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:37:45.0515 1040 Beep - ok
17:37:45.0562 1040 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:37:45.0562 1040 BVRPMPR5 - ok
17:37:45.0578 1040 catchme - ok
17:37:45.0609 1040 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:37:45.0609 1040 cbidf - ok
17:37:45.0625 1040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:37:45.0625 1040 cbidf2k - ok
17:37:45.0671 1040 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:37:45.0671 1040 CCDECODE - ok
17:37:45.0703 1040 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:37:45.0703 1040 cd20xrnt - ok
17:37:45.0703 1040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:37:45.0718 1040 Cdaudio - ok
17:37:45.0750 1040 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:37:45.0750 1040 Cdfs - ok
17:37:45.0828 1040 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:37:45.0828 1040 cdrbsdrv - ok
17:37:45.0859 1040 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:37:45.0859 1040 Cdrom - ok
17:37:45.0875 1040 Changer - ok
17:37:45.0906 1040 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:37:45.0906 1040 CmdIde - ok
17:37:45.0937 1040 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:37:45.0953 1040 Cpqarray - ok
17:37:46.0031 1040 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:37:46.0031 1040 ctsfm2k - ok
17:37:46.0093 1040 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
17:37:46.0093 1040 cvspydr2 - ok
17:37:46.0140 1040 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:37:46.0140 1040 dac2w2k - ok
17:37:46.0171 1040 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:37:46.0187 1040 dac960nt - ok
17:37:46.0234 1040 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
17:37:46.0234 1040 dfmirage - ok
17:37:46.0250 1040 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:37:46.0250 1040 Disk - ok
17:37:46.0281 1040 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:37:46.0281 1040 DLABOIOM - ok
17:37:46.0296 1040 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:37:46.0296 1040 DLACDBHM - ok
17:37:46.0296 1040 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:37:46.0296 1040 DLADResN - ok
17:37:46.0328 1040 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:37:46.0328 1040 DLAIFS_M - ok
17:37:46.0343 1040 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:37:46.0343 1040 DLAOPIOM - ok
17:37:46.0359 1040 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:37:46.0359 1040 DLAPoolM - ok
17:37:46.0390 1040 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:37:46.0390 1040 DLARTL_N - ok
17:37:46.0437 1040 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:37:46.0437 1040 DLAUDFAM - ok
17:37:46.0468 1040 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:37:46.0468 1040 DLAUDF_M - ok
17:37:46.0500 1040 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:37:46.0546 1040 dmboot - ok
17:37:46.0578 1040 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
17:37:46.0578 1040 dmio - ok
17:37:46.0578 1040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:37:46.0578 1040 dmload - ok
17:37:46.0640 1040 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:37:46.0656 1040 DMusic - ok
17:37:46.0687 1040 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:37:46.0687 1040 dpti2o - ok
17:37:46.0718 1040 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:37:46.0718 1040 drmkaud - ok
17:37:46.0750 1040 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:37:46.0750 1040 DRVMCDB - ok
17:37:46.0765 1040 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:37:46.0765 1040 DRVNDDM - ok
17:37:46.0890 1040 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
17:37:46.0890 1040 DSproct - ok
17:37:46.0968 1040 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:37:46.0968 1040 E100B - ok
17:37:47.0046 1040 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:37:47.0046 1040 e1express - ok
17:37:47.0093 1040 eyeonedp (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\DRIVERS\eyeonedp.sys
17:37:47.0109 1040 eyeonedp - ok
17:37:47.0140 1040 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:37:47.0140 1040 Fastfat - ok
17:37:47.0171 1040 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:37:47.0171 1040 Fdc - ok
17:37:47.0187 1040 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:37:47.0187 1040 Fips - ok
17:37:47.0218 1040 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:37:47.0218 1040 Flpydisk - ok
17:37:47.0265 1040 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:37:47.0281 1040 FltMgr - ok
17:37:47.0296 1040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:37:47.0296 1040 Fs_Rec - ok
17:37:47.0328 1040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:37:47.0328 1040 Ftdisk - ok
17:37:47.0343 1040 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:37:47.0343 1040 Gpc - ok
17:37:47.0406 1040 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:37:47.0406 1040 HDAudBus - ok
17:37:47.0437 1040 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:37:47.0437 1040 HidUsb - ok
17:37:47.0468 1040 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:37:47.0484 1040 hpn - ok
17:37:47.0546 1040 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:37:47.0546 1040 HTTP - ok
17:37:47.0609 1040 i1display (8313a6af9de34a9d24df2329a548b004) C:\WINDOWS\system32\Drivers\i1display.sys
17:37:47.0609 1040 i1display - ok
17:37:47.0625 1040 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:37:47.0625 1040 i2omgmt - ok
17:37:47.0656 1040 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:37:47.0656 1040 i2omp - ok
17:37:47.0671 1040 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:37:47.0671 1040 i8042prt - ok
17:37:47.0734 1040 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
17:37:47.0750 1040 iaStor - ok
17:37:47.0765 1040 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:37:47.0765 1040 Imapi - ok
17:37:47.0796 1040 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:37:47.0812 1040 ini910u - ok
17:37:47.0828 1040 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:37:47.0828 1040 IntelIde - ok
17:37:47.0875 1040 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:37:47.0875 1040 intelppm - ok
17:37:47.0906 1040 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:37:47.0921 1040 Ip6Fw - ok
17:37:47.0937 1040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:37:47.0937 1040 IpFilterDriver - ok
17:37:47.0968 1040 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:37:47.0968 1040 IpInIp - ok
17:37:48.0046 1040 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:37:48.0062 1040 IpNat - ok
17:37:48.0078 1040 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:37:48.0078 1040 IPSec - ok
17:37:48.0093 1040 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:37:48.0093 1040 IRENUM - ok
17:37:48.0156 1040 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:37:48.0156 1040 isapnp - ok
17:37:48.0171 1040 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:37:48.0171 1040 Kbdclass - ok
17:37:48.0187 1040 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:37:48.0187 1040 kbdhid - ok
17:37:48.0250 1040 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:37:48.0250 1040 kmixer - ok
17:37:48.0312 1040 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:37:48.0312 1040 KSecDD - ok
17:37:48.0328 1040 lbrtfdc - ok
17:37:48.0390 1040 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:37:48.0390 1040 MBAMSwissArmy - ok
17:37:48.0421 1040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:37:48.0421 1040 mnmdd - ok
17:37:48.0453 1040 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:37:48.0453 1040 Modem - ok
17:37:48.0484 1040 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:37:48.0484 1040 Mouclass - ok
17:37:48.0515 1040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:37:48.0515 1040 mouhid - ok
17:37:48.0562 1040 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:37:48.0562 1040 MountMgr - ok
17:37:48.0640 1040 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:37:48.0640 1040 mraid35x - ok
17:37:48.0718 1040 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:37:48.0718 1040 MRxDAV - ok
17:37:48.0750 1040 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:37:48.0750 1040 MRxSmb - ok
17:37:48.0796 1040 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:37:48.0796 1040 Msfs - ok
17:37:48.0828 1040 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:37:48.0828 1040 MSKSSRV - ok
17:37:48.0843 1040 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:37:48.0843 1040 MSPCLOCK - ok
17:37:48.0875 1040 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:37:48.0875 1040 MSPQM - ok
17:37:48.0890 1040 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:37:48.0890 1040 mssmbios - ok
17:37:48.0953 1040 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
17:37:48.0953 1040 MSTEE - ok
17:37:48.0984 1040 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:37:48.0984 1040 Mup - ok
17:37:49.0031 1040 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:37:49.0046 1040 NABTSFEC - ok
17:37:49.0078 1040 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:37:49.0078 1040 NDIS - ok
17:37:49.0125 1040 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:37:49.0140 1040 NdisIP - ok
17:37:49.0187 1040 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:37:49.0187 1040 NdisTapi - ok
17:37:49.0218 1040 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:37:49.0218 1040 Ndisuio - ok
17:37:49.0234 1040 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:37:49.0234 1040 NdisWan - ok
17:37:49.0250 1040 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:37:49.0250 1040 NDProxy - ok
17:37:49.0265 1040 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:37:49.0265 1040 NetBIOS - ok
17:37:49.0296 1040 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:37:49.0296 1040 NetBT - ok
17:37:49.0343 1040 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:37:49.0343 1040 NIC1394 - ok
17:37:49.0343 1040 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:37:49.0359 1040 Npfs - ok
17:37:49.0390 1040 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:37:49.0390 1040 Ntfs - ok
17:37:49.0453 1040 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:37:49.0453 1040 NuidFltr - ok
17:37:49.0468 1040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:37:49.0468 1040 Null - ok
17:37:49.0562 1040 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:37:49.0640 1040 nv - ok
17:37:49.0671 1040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:37:49.0671 1040 NwlnkFlt - ok
17:37:49.0718 1040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:37:49.0718 1040 NwlnkFwd - ok
17:37:49.0750 1040 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:37:49.0765 1040 ohci1394 - ok
17:37:49.0828 1040 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:37:49.0828 1040 ossrv - ok
17:37:49.0906 1040 P17 (4988ac8b88c9814ccb0b2f93869af1e0) C:\WINDOWS\system32\drivers\P17.sys
17:37:49.0906 1040 P17 - ok
17:37:49.0953 1040 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
17:37:49.0968 1040 Packet - ok
17:37:49.0984 1040 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:37:49.0984 1040 Parport - ok
17:37:50.0000 1040 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:37:50.0000 1040 PartMgr - ok
17:37:50.0031 1040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:37:50.0031 1040 ParVdm - ok
17:37:50.0046 1040 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:37:50.0046 1040 PCI - ok
17:37:50.0062 1040 PCIDump - ok
17:37:50.0093 1040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:37:50.0093 1040 PCIIde - ok
17:37:50.0140 1040 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:37:50.0140 1040 Pcmcia - ok
17:37:50.0187 1040 PDCOMP - ok
17:37:50.0218 1040 PDFRAME - ok
17:37:50.0265 1040 PDIHWCTL (274fb48dc92e0ec012d4d8d866cfaf8a) C:\WINDOWS\system32\drivers\pdihwctl.sys
17:37:50.0265 1040 PDIHWCTL - ok
17:37:50.0296 1040 PDRELI - ok
17:37:50.0296 1040 PDRFRAME - ok
17:37:50.0328 1040 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\drivers\PenClass.sys
17:37:50.0328 1040 PenClass - ok
17:37:50.0359 1040 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:37:50.0359 1040 perc2 - ok
17:37:50.0390 1040 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:37:50.0390 1040 perc2hib - ok
17:37:50.0468 1040 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
17:37:50.0468 1040 Point32 - ok
17:37:50.0484 1040 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:37:50.0484 1040 PptpMiniport - ok
17:37:50.0500 1040 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:37:50.0500 1040 PSched - ok
17:37:50.0515 1040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:37:50.0515 1040 Ptilink - ok
17:37:50.0609 1040 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:37:50.0609 1040 PxHelp20 - ok
17:37:50.0640 1040 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:37:50.0640 1040 ql1080 - ok
17:37:50.0671 1040 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:37:50.0671 1040 Ql10wnt - ok
17:37:50.0718 1040 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:37:50.0718 1040 ql12160 - ok
17:37:50.0734 1040 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:37:50.0734 1040 ql1240 - ok
17:37:50.0765 1040 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:37:50.0765 1040 ql1280 - ok
17:37:50.0796 1040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:37:50.0796 1040 RasAcd - ok
17:37:50.0859 1040 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:37:50.0859 1040 Rasl2tp - ok
17:37:50.0875 1040 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:37:50.0875 1040 RasPppoe - ok
17:37:50.0890 1040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:37:50.0890 1040 Raspti - ok
17:37:50.0968 1040 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:37:50.0968 1040 Rdbss - ok
17:37:50.0984 1040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:37:51.0000 1040 RDPCDD - ok
17:37:51.0046 1040 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:37:51.0046 1040 rdpdr - ok
17:37:51.0109 1040 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:37:51.0109 1040 RDPWD - ok
17:37:51.0140 1040 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:37:51.0140 1040 redbook - ok
17:37:51.0203 1040 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
17:37:51.0203 1040 sbp2port - ok
17:37:51.0281 1040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:37:51.0281 1040 Secdrv - ok
17:37:51.0296 1040 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:37:51.0296 1040 serenum - ok
17:37:51.0343 1040 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:37:51.0343 1040 Serial - ok
17:37:51.0359 1040 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:37:51.0359 1040 Sfloppy - ok
17:37:51.0359 1040 Simbad - ok
17:37:51.0375 1040 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:37:51.0375 1040 sisagp - ok
17:37:51.0437 1040 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:37:51.0437 1040 SLIP - ok
17:37:51.0468 1040 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:37:51.0468 1040 Sparrow - ok
17:37:51.0531 1040 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:37:51.0531 1040 splitter - ok
17:37:51.0593 1040 SQTECH9051 (1169938f20fa9c7600cdfee1fa408403) C:\WINDOWS\system32\Drivers\Capt9051.sys
17:37:51.0593 1040 SQTECH9051 - ok
17:37:51.0625 1040 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:37:51.0625 1040 sr - ok
17:37:51.0656 1040 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:37:51.0656 1040 Srv - ok
17:37:51.0734 1040 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
17:37:51.0734 1040 STHDA - ok
17:37:51.0781 1040 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:37:51.0781 1040 streamip - ok
17:37:51.0812 1040 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:37:51.0812 1040 swenum - ok
17:37:51.0843 1040 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:37:51.0843 1040 swmidi - ok
17:37:51.0875 1040 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:37:51.0875 1040 symc810 - ok
17:37:51.0906 1040 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:37:51.0906 1040 symc8xx - ok
17:37:51.0937 1040 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:37:51.0953 1040 sym_hi - ok
17:37:52.0000 1040 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:37:52.0000 1040 sym_u3 - ok
17:37:52.0046 1040 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:37:52.0046 1040 sysaudio - ok
17:37:52.0109 1040 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:37:52.0109 1040 Tcpip - ok
17:37:52.0125 1040 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:37:52.0140 1040 TDPIPE - ok
17:37:52.0156 1040 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:37:52.0156 1040 TDTCP - ok
17:37:52.0187 1040 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:37:52.0187 1040 TermDD - ok
17:37:52.0218 1040 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:37:52.0218 1040 TosIde - ok
17:37:52.0265 1040 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:37:52.0265 1040 Udfs - ok
17:37:52.0296 1040 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:37:52.0296 1040 ultra - ok
17:37:52.0375 1040 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
17:37:52.0375 1040 Update - ok
17:37:52.0437 1040 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:37:52.0437 1040 usbaudio - ok
17:37:52.0437 1040 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:37:52.0437 1040 usbccgp - ok
17:37:52.0453 1040 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:37:52.0468 1040 usbehci - ok
17:37:52.0484 1040 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:37:52.0484 1040 usbhub - ok
17:37:52.0531 1040 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:37:52.0531 1040 usbprint - ok
17:37:52.0593 1040 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:37:52.0593 1040 usbscan - ok
17:37:52.0609 1040 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:37:52.0609 1040 USBSTOR - ok
17:37:52.0640 1040 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:37:52.0640 1040 usbuhci - ok
17:37:52.0703 1040 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) c:\windows\system32\VCdRom.sys
17:37:52.0703 1040 vcdrom - ok
17:37:52.0734 1040 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:37:52.0734 1040 VgaSave - ok
17:37:52.0750 1040 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:37:52.0765 1040 viaagp - ok
17:37:52.0796 1040 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:37:52.0796 1040 ViaIde - ok
17:37:52.0812 1040 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:37:52.0812 1040 VolSnap - ok
17:37:52.0968 1040 VSPerfDrv (50e4422df0dffaadeb49fae98e8cbfc3) C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys
17:37:52.0968 1040 VSPerfDrv - ok
17:37:53.0031 1040 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:37:53.0031 1040 Wanarp - ok
17:37:53.0093 1040 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:37:53.0109 1040 Wdf01000 - ok
17:37:53.0140 1040 WDICA - ok
17:37:53.0203 1040 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:37:53.0203 1040 wdmaud - ok
17:37:53.0265 1040 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:37:53.0265 1040 WpdUsb - ok
17:37:53.0296 1040 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:37:53.0296 1040 WS2IFSL - ok
17:37:53.0375 1040 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:37:53.0375 1040 WSTCODEC - ok
17:37:53.0421 1040 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:37:53.0421 1040 WudfPf - ok
17:37:53.0453 1040 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:37:53.0453 1040 WudfRd - ok
17:37:53.0484 1040 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
17:37:53.0515 1040 \Device\Harddisk0\DR0 - ok
17:37:53.0515 1040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:37:53.0515 1040 \Device\Harddisk1\DR1 - ok
17:37:53.0546 1040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR6
17:37:53.0546 1040 \Device\Harddisk2\DR6 - ok
17:37:53.0546 1040 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk10\DR22
17:37:53.0984 1040 \Device\Harddisk10\DR22 - ok
17:37:53.0984 1040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk7\DR12
17:37:53.0984 1040 \Device\Harddisk7\DR12 - ok
17:37:54.0000 1040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR13
17:37:54.0015 1040 \Device\Harddisk8\DR13 - ok
17:37:54.0062 1040 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk9\DR20
17:37:54.0078 1040 \Device\Harddisk9\DR20 - ok
17:37:54.0093 1040 Boot (0x1200) (13805cbd2de5c68f244ef1ced3f8b815) \Device\Harddisk0\DR0\Partition0
17:37:54.0093 1040 \Device\Harddisk0\DR0\Partition0 - ok
17:37:54.0093 1040 Boot (0x1200) (05c2cf8d8046ce830210a11f47219ce5) \Device\Harddisk1\DR1\Partition0
17:37:54.0093 1040 \Device\Harddisk1\DR1\Partition0 - ok
17:37:54.0093 1040 Boot (0x1200) (dfd79dfc0b18674c8380283d719dbef3) \Device\Harddisk2\DR6\Partition0
17:37:54.0093 1040 \Device\Harddisk2\DR6\Partition0 - ok
17:37:54.0109 1040 Boot (0x1200) (2e6e23a6452ab826d4ce9d56509f12b6) \Device\Harddisk10\DR22\Partition0
17:37:54.0109 1040 \Device\Harddisk10\DR22\Partition0 - ok
17:37:54.0109 1040 Boot (0x1200) (7584fa3ce3a9e70b06173f7e280c432d) \Device\Harddisk7\DR12\Partition0
17:37:54.0109 1040 \Device\Harddisk7\DR12\Partition0 - ok
17:37:54.0109 1040 Boot (0x1200) (2bd4783ac2166c7465a349c4688c72d3) \Device\Harddisk8\DR13\Partition0
17:37:54.0109 1040 \Device\Harddisk8\DR13\Partition0 - ok
17:37:54.0125 1040 Boot (0x1200) (4b99121298339100b8fc03b73b570c4d) \Device\Harddisk9\DR20\Partition0
17:37:54.0140 1040 \Device\Harddisk9\DR20\Partition0 - ok
17:37:54.0140 1040 ============================================================
17:37:54.0140 1040 Scan finished
17:37:54.0140 1040 ============================================================
17:37:54.0140 1948 Detected object count: 0
17:37:54.0140 1948 Actual detected object count: 0
17:38:16.0171 1064 Deinitialize success
  • 0

Advertisements

#11
northernbird
Posted 02 February 2012 - 06:25 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
aswMBR.exe completed and I went back and tried rerunning Malwarebytes.. it ran for 1.5 minutes found 9 infections, the rebooted my PC again.. not sure whats going on with that?? Any ideas?

Gotta wait for the chkdsk to finish again before I can pull the aswMBR.exe log off and post it here.
  • 0

#12
northernbird
Posted 02 February 2012 - 10:27 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok, heres the aswMBR.exe log. When it completed the fix button was NOT enabled.


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-02 17:39:19
-----------------------------
17:39:19.218 OS Version: Windows 5.1.2600 Service Pack 2
17:39:19.218 Number of processors: 2 586 0xF06
17:39:19.218 ComputerName: DC0XMBC1 UserName:
17:39:19.828 Initialize success
17:39:19.875 AVAST engine defs: 12020202
17:39:37.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
17:39:37.875 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
17:39:37.890 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
17:39:37.890 Disk 1 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
17:39:37.906 Disk 2 \Device\Harddisk2\DR6 -> \Device\Sbp2\Seagate&FreeAgent Xtreme&0&00203702_00308b01_Instance00
17:39:37.906 Disk 2 Vendor: Seagate_ 4113 Size: 953869MB BusType: 4
17:39:37.921 Disk 0 MBR read successfully
17:39:37.921 Disk 0 MBR scan
17:39:38.031 Disk 0 unknown MBR code
17:39:38.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:39:38.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 149354 MB offset 112455
17:39:38.109 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3176 MB offset 305990055
17:39:38.109 Disk 0 scanning sectors +312496380
17:39:38.171 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:47.000 Service scanning
17:39:47.921 Modules scanning
17:40:15.625 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:40:26.218 AVAST engine scan C:\WINDOWS
17:40:35.171 AVAST engine scan C:\WINDOWS\system32
17:43:17.484 AVAST engine scan C:\WINDOWS\system32\drivers
17:43:31.859 AVAST engine scan C:\Documents and Settings\Arlie Norwood
17:45:54.343 AVAST engine scan C:\Documents and Settings\All Users
18:03:51.828 Scan finished successfully
18:16:34.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Arlie Norwood\Desktop\MBR.dat"
18:16:34.109 The log file has been saved successfully to "C:\Documents and Settings\Arlie Norwood\Desktop\aswMBR.txt"
  • 0

#13
northernbird
Posted 02 February 2012 - 10:29 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
And here are the two logs from the final run of OLT...

I was never able to get Malwarebytes to run completely. It keeps rebooting the PC. It does find things but it reboots before any action can be taken against those items.

I think I've done everything in your instructions. Let me know what to do next. Thanks!

OTL logfile created on: 2/2/2012 10:00:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arlie Norwood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.51% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 6.33 Gb Free Space | 4.34% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 197.68 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 3.17 Gb Free Space | 83.93% Space Free | Partition Type: FAT32
Drive H: | 2048.00 Gb Total Space | 1434.65 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 14.10 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 2030.59 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive P: | 232.88 Gb Total Space | 0.27 Gb Free Space | 0.12% Space Free | Partition Type: NTFS

Computer Name: DC0XMBC1 | User Name: Arlie Norwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/01 22:48:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
PRC - [2011/11/11 14:36:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/07 09:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe
PRC - [2010/08/04 16:25:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/07/17 16:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/07/17 16:12:04 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/06/24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/04/26 14:34:00 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/02/22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007/12/04 02:07:00 | 000,061,440 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
PRC - [2007/09/05 13:06:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe
PRC - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/28 06:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/13 15:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/12/05 15:21:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2003/11/12 01:05:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/07/01 02:05:00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\W32X86\3\E_S10IC2.EXE


========== Modules (No Company Name) ==========

MOD - [2012/02/02 12:25:34 | 001,688,576 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12020202\algo.dll
MOD - [2011/07/15 00:09:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2011/07/15 00:09:27 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011/07/15 00:09:21 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2009/02/26 00:39:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/08/24 11:50:32 | 000,217,157 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBMSDev.dll
MOD - [2003/12/05 15:28:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBRsvc.dll
MOD - [2003/12/05 15:28:24 | 000,274,432 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBNWDev.dll
MOD - [2003/12/05 15:21:48 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
MOD - [2001/10/28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/11 14:36:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 09:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2010/08/04 16:25:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/05/28 09:19:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/17 16:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/07/06 05:00:46 | 002,988,888 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/28 06:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/02/28 06:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/02/28 06:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2004/07/13 15:51:29 | 000,679,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2003/12/05 15:21:48 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2003/11/12 01:05:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2012/02/02 18:17:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/07 08:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 08:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 14:10:45 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2009/08/25 14:10:52 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/26 00:29:58 | 001,142,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2008/02/14 17:50:04 | 000,038,656 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/11 16:14:40 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/27 18:25:00 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/09/23 02:42:00 | 000,054,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys -- (VSPerfDrv)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/10 04:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 04:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/15 07:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i1display.sys -- (i1display)
DRV - [2004/05/07 12:02:08 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EyeOneDp.sys -- (eyeonedp)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/04/02 15:30:16 | 000,033,024 | ---- | M] (Colorvision Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cvspydr2.sys -- (cvspydr2)
DRV - [2001/12/19 10:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\VCdRom.sys -- (vcdrom)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...us&ibd=6070104"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.mywebsearch.prevKwdURL: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..keyword.URL: "http://search.mywebs...732&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Maija Norwood\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\3.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/03 19:55:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/03 19:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 12:48:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 12:48:36 | 000,000,000 | ---D | M]

[2009/03/09 17:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Extensions
[2012/02/02 13:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions
[2012/02/02 13:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/31 19:10:53 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2008/04/19 09:29:15 | 000,000,000 | ---D | M] (Dimdim Web Meeting Publisher) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2011/10/28 11:48:22 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2009/03/31 19:10:55 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\[email protected]
[2012/02/02 13:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\extensions\staged-xpis
[2010/09/07 20:50:57 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Mozilla\Firefox\Profiles\qv5xj8no.default\searchplugins\mywebsearch.xml
[2012/02/02 13:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/24 17:51:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/11/14 19:34:14 | 000,090,112 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2007/03/05 12:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/02/02 17:23:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\Arlie Norwood\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AC593DB-A4F5-4526-A193-D3BCC79E353C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/02/02 17:36:50 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 17:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/02 14:18:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/02 14:00:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/02 14:00:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/02 14:00:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/02 14:00:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/02 14:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/02 14:00:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 09:05:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/02 09:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Arlie Norwood\Application Data\Malwarebytes
[2012/02/02 09:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/02 09:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/02 09:04:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/02 09:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/02 02:28:21 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Arlie Norwood\Desktop\tdsskiller.exe
[2012/02/02 02:28:19 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Arlie Norwood\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/02 02:28:19 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Arlie Norwood\Desktop\aswMBR.exe
[2012/02/02 02:28:19 | 004,395,020 | R--- | C] (Swearware) -- C:\Documents and Settings\Arlie Norwood\Desktop\ComboFix.exe
[2012/02/02 02:00:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/02 01:51:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Arlie Norwood\Recent
[2012/02/01 22:50:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
[2012/01/20 13:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tax Forms Helper 2011
[2012/01/06 10:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Eye-One Match 3
[2011/06/01 20:00:32 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2008/03/25 11:53:15 | 000,115,712 | ---- | C] (Macrovision) -- C:\Program Files\eZsuite.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/02 21:48:30 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/02 21:48:14 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 19:18:10 | 000,000,527 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/02/02 19:17:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/02 19:17:13 | 2145,304,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 18:17:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/02 18:16:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Arlie Norwood\Desktop\MBR.dat
[2012/02/02 17:23:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/02 14:18:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/02 13:58:40 | 004,395,020 | R--- | M] (Swearware) -- C:\Documents and Settings\Arlie Norwood\Desktop\ComboFix.exe
[2012/02/02 09:09:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/02/02 09:04:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 01:57:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Arlie Norwood\Desktop\aswMBR.exe
[2012/02/02 01:55:52 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Arlie Norwood\Desktop\tdsskiller.exe
[2012/02/02 01:54:16 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Arlie Norwood\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/01 22:48:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Arlie Norwood\Desktop\OTL.exe
[2012/01/28 21:34:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/19 22:23:22 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 18:16:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Desktop\MBR.dat
[2012/02/02 14:18:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/02 14:18:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/02 14:00:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/02 14:00:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/02 14:00:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/02 14:00:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/02 14:00:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/02 09:04:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 02:02:05 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 02:02:05 | 000,001,141 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\SQL Server Management Studio.lnk
[2012/02/02 02:02:05 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/02 02:02:05 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2012/02/02 02:02:05 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/02 02:02:04 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/02/02 02:02:04 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/02/02 02:02:04 | 000,002,399 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Visio 2007.lnk
[2012/02/02 02:02:04 | 000,001,109 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual Studio 2008 Beta 2.lnk
[2012/02/02 02:02:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/02 02:02:03 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Application Data\Microsoft\Internet Explorer\Quick Launch\CS2.lnk
[2011/12/22 14:44:33 | 000,294,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/15 00:51:14 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/06/15 20:24:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/14 12:09:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/01 20:00:32 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2011/06/01 20:00:31 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2011/05/31 18:03:05 | 000,000,527 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2011/05/31 18:02:59 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2011/02/04 10:25:36 | 000,004,943 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pyknfeyt.slj
[2009/11/24 13:44:19 | 000,000,704 | ---- | C] () -- C:\Program Files\FOXUSER.FPT
[2009/11/24 13:44:19 | 000,000,665 | ---- | C] () -- C:\Program Files\FOXUSER.DBF
[2009/08/17 21:14:07 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/04/16 22:08:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/03/29 21:29:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/03/29 21:29:24 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/03/29 21:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/02/20 11:40:18 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/14 14:37:06 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\fusioncache.dat
[2008/05/02 00:59:42 | 000,000,791 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/10 21:32:27 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/10 10:18:31 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2008/04/10 10:05:06 | 000,000,197 | ---- | C] () -- C:\WINDOWS\i1Share.ini
[2008/04/10 10:00:17 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2008/03/25 11:53:15 | 000,040,721 | ---- | C] () -- C:\Program Files\lax.jar
[2008/03/25 11:53:15 | 000,004,098 | ---- | C] () -- C:\Program Files\eZsuite.lax
[2008/03/25 11:53:15 | 000,002,066 | ---- | C] () -- C:\Program Files\Launcher.jar
[2007/05/03 01:04:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/03 01:04:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/04/26 22:31:21 | 000,117,005 | ---- | C] () -- C:\WINDOWS\HPHins10.dat
[2007/04/26 22:31:21 | 000,002,314 | ---- | C] () -- C:\WINDOWS\hphmdl10.dat
[2007/04/26 22:22:25 | 000,116,979 | ---- | C] () -- C:\WINDOWS\HPHins10.dat.temp
[2007/04/26 22:22:25 | 000,002,314 | ---- | C] () -- C:\WINDOWS\hphmdl10.dat.temp
[2007/04/18 11:55:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/04/03 20:07:52 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\Seqcal.sys
[2007/03/02 22:05:05 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Arlie Norwood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/19 14:42:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/19 14:27:23 | 000,000,201 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/02/19 14:24:20 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2007/02/19 14:24:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2007/02/19 14:23:02 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/02/19 14:23:02 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2007/02/19 14:23:02 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/02/19 14:20:48 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2007/01/19 14:34:26 | 000,003,920 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/19 14:34:26 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CFF56F9C53.sys
[2007/01/15 01:25:03 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/01/15 01:25:03 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/01/15 01:24:43 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/01/15 01:24:43 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/01/15 01:24:41 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/01/12 16:00:14 | 000,162,943 | ---- | C] () -- C:\WINDOWS\FotoFusion Uninstaller.exe
[2007/01/09 23:35:00 | 000,003,774 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/09 21:23:24 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/01/09 21:19:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/04 07:39:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/04 07:35:36 | 000,000,654 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/04 07:31:45 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/04 07:10:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/01/04 07:10:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/01/04 07:09:55 | 000,000,301 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/08 00:17:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 002,233,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:20 | 000,610,114 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,133,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 2/2/2012 10:00:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Arlie Norwood\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.51% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 6.33 Gb Free Space | 4.34% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 197.68 Gb Free Space | 21.22% Space Free | Partition Type: NTFS
Drive G: | 3.77 Gb Total Space | 3.17 Gb Free Space | 83.93% Space Free | Partition Type: FAT32
Drive H: | 2048.00 Gb Total Space | 1434.65 Gb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 14.10 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
Drive O: | 2048.00 Gb Total Space | 2030.59 Gb Free Space | 99.15% Space Free | Partition Type: NTFS
Drive P: | 232.88 Gb Total Space | 0.27 Gb Free Space | 0.12% Space Free | Partition Type: NTFS

Computer Name: DC0XMBC1 | User Name: Arlie Norwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe" = C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe:*:Enabled:Drobo Dashboard Service -- (Data Robotics, Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3000 J310 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}" = Image Trends' ShineOff Plug-In 1.0.2
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D7D276-46D2-42F5-BC90-0906C330746E}" = Microsoft Windows Vista Client Headers and Libraries (6001.16533.121)
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0C8EE4CE-981E-4E7C-A2B5-2EA68A645589}" = D4100_Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AFB6EA5-DBD0-43A4-AA56-4D1EBF8E39D8}" = HP Deskjet 3000 J310 series Basic Device Software
"{1B041548-33BC-4174-8B97-ADC9B7948488}" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{20B8FD81-A71D-42ea-B887-07A616069E63}" = D4100
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{2238A301-6A20-4bdb-A655-C84AB629F6B6}" = hph_readme
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{235674B0-A35F-4811-8A8F-E8F42A919EA3}" = PhotoPresets with One-Click WOW!
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"{2928F0D5-DABC-4637-A6B3-740629075555}" = RocketFish 5.1 PCI Sound Card
"{2B2BEF9D-BF66-4BCF-B3DE-8C23DC516317}" = Basic Date Picker v1.3
"{2E572661-94BA-829F-80B0-0776F4832B09}" = The Photographer's Ephemeris
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{333B10B5-5DD1-44C0-891C-9738FDE14CC1}" = Drobo Dashboard
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36E7A382-E7DF-4C07-9CCA-9415C1E208AF}" = SNAP 3.0.1 Downloader
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BDB182E-8371-46BD-AC39-C14A91D5EEF8}" = Microsoft SQL Server 2005 Reporting Services
"{3CD2DC4F-F3F6-4E62-B22B-773CA9D784EB}" = Image Trends' PearlyWhites Plug-In 2.0.2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{554EB98C-D995-471F-8874-D2BA7BF5EB3E}" = Noiseware Professional Edition
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5821459E-A8E1-42D1-A8B5-34AB19A75E79}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5.1.1
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DE0220D-1A71-3C1B-9BE1-DF8D3D392BC4}" = Microsoft Document Explorer 2008
"{5DEDD928-2CBE-35E9-B002-85232EDB120A}" = Microsoft .NET Framework 2.0 Service Pack 1
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{6297F8EC-D821-4B33-B845-8A8D1A0DF472}" = Lightroom
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68CE30BC-365D-4BC6-A8F4-520899B6FECD}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.16533.121)
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F684F0C-D0AB-4C6F-9D87-1B285D1566EF}" = Image Trends' PearlyWhites Plug-In 1.0.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7C515D87-2DCD-422B-B993-3FE8A71B3DDB}" = Noiseware Professional Plug-in
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8CD05946-4102-3560-B475-9EA2C5B22388}" = Microsoft Device Emulator version 3.0 - ENU
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{930A590D-29F8-4554-8DC8-27B8A17DD637}" = Microsoft Windows Vista Client Utilities for Win32 Development (6001.16533.121)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{9D404F8F-05A1-4734-9550-6EC2FEE916B8}" = HP Photosmart and Deskjet 7.0 Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A5BB0E8C-6BCE-3486-A705-82F5707C5059}" = Windows SDK .Net Tools
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91033}" = Nero 8 Essentials
"{A6DE1AAE-B147-4B08-A61C-BA471D86AC4D}" = DB VGA Cam
"{A919EFA5-ADD6-42CB-AE11-EE5DAAB686D5}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{A922F4CD-6129-4B8A-A00D-C6185C1A39B2}" = Microsoft Windows Vista Client Common Utilities (6001.16533.121)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0513493-04B9-4F21-B4AB-83E750D54256}" = Adobe Photoshop Lightroom 2.7
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B6CB9E38-ED2F-33C6-9A58-11A37F4F5C96}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBEB5679-6E2C-47C6-A9B5-3C6D4CD19B60}" = hph_software_req
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C76AA8ED-44F5-41B1-BAE6-A2E43C1CAA4F}" = Image Trends' ShineOff Plug-In 2.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECCAEF3-D37A-48D5-8E39-8D0727C8C6E2}" = ACH Origination Application
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D6346347-B8CD-4B52-BF5F-9676CDE79801}" = hph_software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE1A361F-31DC-4AC5-ABBA-2323BC505880}" = LexarMedia ImageRescue Software
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E3B039DD-C2DD-4765-800A-3572BC75458D}" = SNAP 3.0.1
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9B4A5F2-CAF7-4727-BB22-1939FD659019}" = HP Deskjet 3000 J310 series Product Improvement Study
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE174FE1-2276-46E9-8C54-9E8C51D528CB}" = ACHFORPC
"{F0BD17B0-086B-11DD-BD0B-0800200C9A66}" = Dimdim Web Meeting Publisher For IE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958F15A-4CE2-44E7-8179-97BBDCAF401A}" = OLYMPUS Master 2
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CCleaner" = CCleaner
"ColorChecker Passport_is1" = ColorChecker Passport 1.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EPSON Photo Print" = EPSON Photo Print
"EPSON Printer and Utilities" = EPSON Printer Software
"Eye-One Match_is1" = Eye-One Match 3.6.1
"Eye-One Share" = Eye-One Share
"eZsports" = eZsports
"eZsuite" = eZsuite
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"FotoFusion" = FotoFusion
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo Creations" = HP Photo Creations
"i1ColorPoint 1.0" = i1ColorPoint 1.0
"InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}" = Seagate Manager Installer
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU" = Microsoft Visual Studio 2005 Team Edition for Software Developers - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"MyPublisher" = MyPublisher
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIA Drivers" = NVIDIA Drivers
"Photodex Presenter" = Photodex Presenter
"PROR" = Microsoft Office Professional 2007
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"ReNamer_is1" = ReNamer
"SearchAssist" = SearchAssist
"Silent Package Run-Time Sample" = EPSON Scanner Reference Guide
"Tax Forms Helper 2009_is1" = Tax Forms Helper 2009 9.0
"Tax Forms Helper 2010_is1" = Tax Forms Helper 2010 9.5
"Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"VISPROR" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/28/2010 10:47:42 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:42 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:43 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 1/28/2010 10:47:43 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 3/31/2010 4:07:45 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 4/3/2010 10:24:53 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

Error - 5/13/2010 4:06:00 AM | Computer Name = DC0XMBC1 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 2/2/2012 5:03:02 AM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB976576'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB976576_20120202_090300781-Msi0.txt.

Error - 2/2/2012 5:03:03 AM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
2709.

Error - 2/2/2012 5:03:23 AM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 2/2/2012 5:03:23 AM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB958481'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB958481_20120202_090319468-Msi0.txt.

Error - 2/2/2012 5:03:23 AM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 2/2/2012 5:03:34 AM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft visual studio 2008-kb952241,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.30612.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 2/2/2012 5:04:30 AM | Computer Name = DC0XMBC1 | Source = NativeWrapper | ID = 5000
Description =

Error - 2/2/2012 5:05:11 AM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 2/2/2012 5:05:11 AM | Computer Name = DC0XMBC1 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB974417'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB974417_20120202_090507828-Msi0.txt.

Error - 2/2/2012 5:05:11 AM | Computer Name = DC0XMBC1 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
2721.

[ OSession Events ]
Error - 1/14/2009 1:51:56 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 7211
seconds with 480 seconds of active time. This session ended with a crash.

Error - 10/28/2009 9:49:16 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 74103
seconds with 960 seconds of active time. This session ended with a crash.

Error - 11/16/2009 2:09:18 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 289
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/18/2010 12:19:55 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 39
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/7/2010 12:34:59 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 267663
seconds with 5880 seconds of active time. This session ended with a crash.

Error - 10/17/2010 8:27:17 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 144307
seconds with 3660 seconds of active time. This session ended with a crash.

Error - 10/1/2010 1:24:56 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 272
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/7/2011 10:13:49 AM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 832559
seconds with 14820 seconds of active time. This session ended with a crash.

Error - 2/9/2011 11:23:23 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 220163
seconds with 8640 seconds of active time. This session ended with a crash.

Error - 12/16/2011 4:06:36 PM | Computer Name = DC0XMBC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 367017
seconds with 8760 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/2/2012 9:34:09 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 9:34:12 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 10:21:55 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 10:21:58 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 10:22:01 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 10:22:04 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 11:21:55 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 11:21:58 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 11:22:01 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.

Error - 2/2/2012 11:22:04 PM | Computer Name = DC0XMBC1 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk2\D, has a bad block.


< End of report >
  • 0

#14
RKinner
Posted 02 February 2012 - 10:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5 - Get the latest Java from java.com
Adobe Reader 8.1.1 - get the latest adobe reader from adobe.com
Adobe Flash Player 10 ActiveX - get latest flash from adobe.com (must use IE)
SearchAssist

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#15
northernbird
Posted 02 February 2012 - 11:22 PM

northernbird

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Couple questions for you..
1. right now when I open my all programs list, all the folders are there, but they are all empty.. no applications to launch. Do you know why that is? or how to get that rebuilt?
2. My Add/Remove program window never populates with anything. (this was an issue in the past too, not related to the infections here) I'm using CCleaner to do the uninstalls.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP