Puter Locks Up

KScan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, February 23, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, February 23, 2010 23:07:42
Records in database: 3637760
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
I:\
J:\

Scan statistics:
Objects scanned: 251248
Threats found: 19
Infected objects found: 40
Suspicious objects found: 13
Scan duration: 04:39:31


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000097.eml Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000097.msg Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000210.eml Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000210.msg Infected: Trojan-Spy.HTML.Smitfraud.c 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000007244.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000022927.msg Infected: Trojan-Spy.HTML.Bankfraud.rk 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000024185.msg Infected: Trojan-Spy.HTML.Bankfraud.rk 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000026541.msg Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001760.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001760.msg Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001761.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001772.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001828.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001829.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\2\M0000001889.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\3\Front\3\M0000000445.eml Infected: Trojan-Spy.HTML.Bayfraud.ek 1
C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst Infected: Trojan-Spy.HTML.Bankfraud.cr 1
C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst Infected: Trojan-Spy.HTML.Bankfraud.ci 4
C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.hn 6
C:\Documents and Settings\Peggy\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Program Files\Mozilla Firefox\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
C:\Program Files\Mozilla Firefox\BSINSTALL.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
J:\Downloads\ATT_SST_Installer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2
J:\John\I Don't Have Any Clue Why I Am Saving This Random Stuff Anyway\Weather Bug\WxBugSetup27.exe Infected: not-a-virus:AdWare.Win32.Gator.1023 1
J:\Outlook.pst Infected: Email-Worm.Win32.NetSky.c 1
J:\Outlook.pst Infected: Email-Worm.Win32.Bagle.z 1
J:\Outlook.pst Infected: Email-Worm.Win32.Bagle.gen 1
J:\Outlook.pst Infected: Email-Worm.Win32.Bagle.ai 2
J:\Outlook.pst Infected: Trojan-Spy.HTML.Citifraud.ae 4
J:\Outlook.pst Infected: Trojan-Spy.HTML.Citifraud.ai 4
J:\Outlook.pst Infected: Trojan-Spy.HTML.Sunfraud.aj 1
J:\RECYCLER\S-1-5-21-132086333-3219335946-2764614581-1005\Dj5.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2

Selected area has been scanned.
 
Hi,

What I would do is to go here
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller ,open it and remove all the entries it found

I would also open Outlook and bite the bullet and delete all your email from sent and received, then empty the trash


Weather Bug <--Kind of falls in the gray area, it will bring you adds, you should uninstall it via add remove programs, you would be better of with desktop weather from the weather channel

How are things running now ?
 
Well...

Still locking up.

Handled Outlook.

Cannot find a way open spam killer?

WeatherBug is not found in my Add/Remove Programs.

Add/Remove Programs contains something called Mirar, which I vaguely remember having a lot of trouble removing in the past. Although I do not know what it is or why I thought it should be removed...

John
 
You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see.

C:\WINDOWS\system32\wvUljHAr.dll
c:\windows\windllreg1c.sys

If the site is busy you can try this one

http://virusscan.jotti.org/en


Mirar is a rogue toolbar but I don't see it in any of your reports


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
windllreg1c.sys

I was unable to locate C:\WINDOWS\system32\wvUljHAr.dll...



File windllreg1c.sys received on 2010.02.28 02:30:26 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/42 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.27 -
AhnLab-V3 5.0.0.2 2010.02.27 -
AntiVir 8.2.1.176 2010.02.26 -
Antiy-AVL 2.0.3.7 2010.02.26 -
Authentium 5.2.0.5 2010.02.27 -
Avast 4.8.1351.0 2010.02.27 -
Avast5 5.0.332.0 2010.02.28 -
AVG 9.0.0.730 2010.02.27 -
BitDefender 7.2 2010.02.28 -
CAT-QuickHeal 10.00 2010.02.27 -
ClamAV 0.96.0.0-git 2010.02.28 -
Comodo 4087 2010.02.27 -
DrWeb 5.0.1.12222 2010.02.28 -
eSafe 7.0.17.0 2010.02.25 -
eTrust-Vet 35.2.7331 2010.02.26 -
F-Prot 4.5.1.85 2010.02.27 -
F-Secure 9.0.15370.0 2010.02.27 -
Fortinet 4.0.14.0 2010.02.27 -
GData 19 2010.02.28 -
Ikarus T3.1.1.80.0 2010.02.27 -
Jiangmin 13.0.900 2010.02.27 -
K7AntiVirus 7.10.984 2010.02.26 -
Kaspersky 7.0.0.125 2010.02.28 -
McAfee 5905 2010.02.27 -
McAfee+Artemis 5905 2010.02.27 -
McAfee-GW-Edition 6.8.5 2010.02.28 -
Microsoft 1.5502 2010.02.27 -
NOD32 4901 2010.02.27 -
Norman 6.04.08 2010.02.27 -
nProtect 2009.1.8.0 2010.02.27 -
Panda 10.0.2.2 2010.02.27 -
PCTools 7.0.3.5 2010.02.28 -
Prevx 3.0 2010.02.28 -
Rising 22.36.05.04 2010.02.27 -
Sophos 4.50.0 2010.02.28 -
Sunbelt 5702 2010.02.27 -
Symantec 20091.2.0.41 2010.02.28 -
TheHacker 6.5.1.7.214 2010.02.28 -
TrendMicro 9.120.0.1004 2010.02.27 -
VBA32 3.12.12.2 2010.02.26 -
ViRobot 2010.2.27.2206 2010.02.27 -
VirusBuster 5.0.27.0 2010.02.27 -
Additional information
File size: 4263 bytes
MD5...: 1f5f071efffafa6af74821be01195409
SHA1..: 41e358e27644f27457fa0eac6bdc5341f91174e2
SHA256: 10a9e5a0728e5f35a79984ddf3f964838434666d1a410a95be71bcb329580cc1
ssdeep: 96:q3UUdE+vwhrbL6IkXKY7uB8VZU0WGibPUUdE+vwhrbL6IkXKY7uB8VZU0WGip
:qkUOpuITYiB8TUvMUOpuITYiB8TUt
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
OTL.txt

OTL logfile created on: 2/27/2010 9:40:09 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\John Dolensky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 109.71 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 921.32 Gb Free Space | 98.97% Space Free | Partition Type: NTFS

Computer Name: D30K1961
Current User Name: John Dolensky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John Dolensky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John Dolensky\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (KodakSvc) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
SRV - (TermService) -- C:\WINDOWS\SYSTEM32\termsrv32.dll (Microsoft Corporation)
SRV - (dlbu_device) -- C:\WINDOWS\System32\dlbucoms.exe (Dell)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys ()
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys (Western Digital Technologies)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (cdrbsdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsdrv.sys (B.H.A Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)
DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/24 20:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 19:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:44:33 | 000,000,000 | ---D | M]

[2009/02/02 22:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Extensions
[2010/02/24 19:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions
[2009/08/29 08:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/07 21:04:25 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/01/31 16:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\browserhighlighter@ebay.com
[2010/01/07 21:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\fbdislike@doweb.fr
[2010/01/25 21:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\personas@christopher.beard
[2009/12/09 13:32:50 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\searchplugins\bing.xml
[2010/02/27 21:23:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/14 21:21:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/03/27 19:03:24 | 000,000,043 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/12/28 14:02:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/02/27 21:36:58 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Dolensky\Desktop\OTL.exe
[2010/02/18 19:39:00 | 010,870,528 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\John Dolensky\My Documents\R92022.EXE
[2010/02/18 19:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Deployment
[2010/02/18 19:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/17 20:46:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/17 20:14:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/16 21:32:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/14 21:09:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/14 21:09:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/14 21:09:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/14 21:09:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/14 21:08:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/11 18:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/02/02 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/31 15:55:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John Dolensky\InstallAnywhere
[2010/01/07 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/01/07 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/07 21:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/07 21:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2009/12/07 17:33:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/07 17:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/11 17:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/03 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/12/11 11:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/08/08 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/08/08 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/08/28 14:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2005/09/24 11:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/02/03 20:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/12/21 16:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/12/11 00:29:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/12/10 23:22:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/12/10 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\John Dolensky\My Documents\*.tmp files -> C:\Documents and Settings\John Dolensky\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/27 21:36:59 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Dolensky\Desktop\OTL.exe
[2010/02/27 21:16:45 | 000,007,995 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/27 21:16:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/27 21:16:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/27 21:16:07 | 000,016,052 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/27 21:15:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 21:15:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/02/27 21:15:46 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/27 21:13:59 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/27 21:13:59 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/27 21:13:59 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/27 21:13:59 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/27 21:13:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/27 21:13:59 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/27 21:13:59 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/27 21:13:59 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/27 16:40:40 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\John Dolensky\NTUSER.DAT
[2010/02/27 16:40:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John Dolensky\NTUSER.INI
[2010/02/23 23:36:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 20:41:05 | 280,380,416 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst
[2010/02/19 23:00:48 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 19:51:34 | 012,676,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/19 19:51:34 | 006,406,144 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/19 19:51:34 | 000,567,515 | ---- | M] () -- C:\Peg at cosi.jpg
[2010/02/19 19:51:34 | 000,542,932 | ---- | M] () -- C:\cosi.jpg
[2010/02/19 19:51:33 | 000,637,881 | ---- | M] () -- C:\cosi 5.jpg
[2010/02/19 19:51:33 | 000,595,403 | ---- | M] () -- C:\cosi 1.jpg
[2010/02/19 19:51:33 | 000,584,401 | ---- | M] () -- C:\yellow sub 1.jpg
[2010/02/19 19:51:33 | 000,579,993 | ---- | M] () -- C:\yellow sub 2.jpg
[2010/02/19 19:51:33 | 000,539,860 | ---- | M] () -- C:\cosi 4.jpg
[2010/02/19 19:51:33 | 000,515,892 | ---- | M] () -- C:\cosi 3.jpg
[2010/02/19 19:51:33 | 000,504,526 | ---- | M] () -- C:\cosi 2.jpg
[2010/02/19 19:51:32 | 000,516,116 | ---- | M] () -- C:\cosi6.jpg
[2010/02/18 20:05:54 | 004,936,168 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/02/18 19:56:38 | 000,000,960 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/18 19:56:38 | 000,000,299 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/18 19:56:38 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/02/18 19:39:07 | 010,870,528 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\John Dolensky\My Documents\R92022.EXE
[2010/02/18 18:47:26 | 004,936,168 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.BAK
[2010/02/17 23:00:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/14 21:21:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/02/12 20:11:58 | 000,006,798 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\gmer.zip
[2010/02/11 18:43:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/11 18:07:09 | 000,004,410 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Attach.zip
[2010/02/11 18:03:48 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/11 18:03:48 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/09 19:38:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\7coju871.exe
[2010/02/09 19:34:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Dolensky\defogger_reenable
[2010/02/09 19:33:19 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Defogger.exe
[2010/02/09 13:39:09 | 001,637,376 | ---- | M] () -- C:\Documents and Settings\John Dolensky\My Documents\Doc1.doc
[2010/02/02 23:17:01 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Computer is locking up after 30 minutes or so.doc
[2010/02/02 19:41:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\HijackThis.lnk
[2010/02/02 19:28:16 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\ERUNT.lnk
[2010/01/31 16:21:17 | 000,000,675 | ---- | M] () -- C:\WINDOWS\Spidey.ini
[2010/01/30 21:20:47 | 000,585,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\John Dolensky\My Documents\*.tmp files -> C:\Documents and Settings\John Dolensky\My Documents\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 19:59:29 | 012,676,096 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/19 19:59:29 | 006,406,144 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/18 19:56:37 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
[2010/02/18 19:56:37 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/18 19:56:37 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
[2010/02/18 19:56:37 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/14 21:09:39 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/14 21:09:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/14 21:09:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/14 21:09:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/14 21:09:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/12 20:11:58 | 000,006,798 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\gmer.zip
[2010/02/11 18:07:09 | 000,004,410 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Attach.zip
[2010/02/11 18:03:48 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/09 19:38:26 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\7coju871.exe
[2010/02/09 19:34:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Dolensky\defogger_reenable
[2010/02/09 19:33:17 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Defogger.exe
[2010/02/09 13:39:08 | 001,637,376 | ---- | C] () -- C:\Documents and Settings\John Dolensky\My Documents\Doc1.doc
[2010/02/02 23:02:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Computer is locking up after 30 minutes or so.doc
[2010/02/02 19:41:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\HijackThis.lnk
[2010/02/02 19:28:16 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\ERUNT.lnk
[2010/02/01 21:13:50 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 23:37:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\housecall.guid.cache
[2009/12/10 03:03:44 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/03 19:31:34 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/20 03:10:39 | 000,782,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/03 20:19:56 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/12/15 21:21:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2008/12/13 22:55:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/31 15:41:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/07/24 15:30:56 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/05/25 14:05:50 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/05/17 00:01:40 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\wa4jfw.dll
[2008/05/16 22:58:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2008/03/15 20:23:25 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2008/02/12 20:10:43 | 000,000,675 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2007/12/25 12:14:16 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/11/09 18:43:58 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/09 18:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2007/03/04 22:40:01 | 000,000,192 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/08 14:16:56 | 000,000,336 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/08/07 18:21:03 | 000,000,698 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2006/08/07 18:20:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/14 12:23:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/14 12:21:59 | 000,000,782 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/05/29 20:40:37 | 280,380,416 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst
[2006/05/14 12:05:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2006/05/14 12:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\BD40.INI
[2005/11/03 19:29:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Application Data\PFP120JPR.{PB
[2005/11/03 19:29:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Application Data\PFP120JCM.{PB
[2005/06/24 11:35:50 | 000,000,207 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/14 12:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GeoHelp.INI
[2005/02/26 19:17:42 | 000,001,555 | ---- | C] () -- C:\WINDOWS\Airwar3.INI
[2005/02/18 20:52:21 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/02/10 16:02:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2005/02/10 15:43:33 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/02/10 15:43:32 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/01/11 19:37:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/29 15:31:34 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/28 15:25:15 | 000,001,175 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/28 15:24:55 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2004/12/28 15:24:55 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2004/12/28 15:21:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2004/12/28 15:21:35 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/12/28 15:21:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/12/28 15:21:32 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/12/28 15:21:28 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/12/21 19:18:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\fusioncache.dat
[2004/12/11 00:39:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/11 00:34:29 | 000,002,749 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/11 00:29:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/12/11 00:29:11 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/12/11 00:29:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/12/11 00:29:09 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/12/11 00:28:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/10 23:23:54 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 01:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 16:35:06 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 01:00:00 | 000,477,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[1763/06/13 16:14:55 | 000,004,263 | -HS- | C] () -- C:\WINDOWS\windllreg1c.sys

========== LOP Check ==========

[2005/04/06 16:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/04/06 16:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/03/31 14:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/02/07 16:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/08/11 21:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/06/19 13:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2008/07/20 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/05 15:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/04/12 14:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2008/12/15 21:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/10/23 12:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/02/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/16 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Atari
[2006/09/17 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\CoreComm
[2005/09/15 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Leadertech
[2008/12/15 21:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\MSNInstaller
[2010/01/07 21:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Musicmatch
[2006/12/30 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\OLYMPUS
[2006/05/29 20:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Outlook
[2009/01/03 23:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Skinux
[2009/10/05 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\The Learning Company
[2009/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/01/18 22:44:56 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/25 21:29:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/08/25 21:29:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/25 21:29:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/08/25 21:29:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/12/31 01:11:47 | 000,477,952 | ---- | M] () MD5=73157F79894DC3D6C9AC91F624313E66 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys
[2004/06/29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/06/29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >
 
Extras.txt

OTL Extras logfile created on: 2/27/2010 9:40:09 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\John Dolensky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 504.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 109.71 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 921.32 Gb Free Space | 98.97% Space Free | Partition Type: NTFS

Computer Name: D30K1961
Current User Name: John Dolensky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"9584:TCP" = 9584:TCP:*:Enabled:Services
"2788:TCP" = 2788:TCP:*:Enabled:Services
"7038:TCP" = 7038:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"9584:TCP" = 9584:TCP:*:Enabled:Services
"2788:TCP" = 2788:TCP:*:Enabled:Services
"7038:TCP" = 7038:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Atari\Locomotion\Loco.exe" = C:\Program Files\Atari\Locomotion\Loco.exe:*:Disabled:Chris Sawyer's Locomotion -- (Atari Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F19423A-6072-44BC-8E03-3C645ED2301F}" = Freedom Scientific Utilities
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4322997E-CF55-4E34-9203-6DEFC72B3A86}" = Scrabble Online
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54DD77E8-838C-4DA3-92A6-F86BAB069FC9}" = Mirar
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59716973-C123-4B46-B44B-36FCD9CEB8A3}" = Print Artist 22 Platinum
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EC9AEA4-4B16-4C2B-B760-6F378A7577B6}" = Freedom Scientific Video Intercept
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{967C1374-BCB3-42AA-AE08-A5C56A956ACE}" = Freedom Scientific Braille
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FAB7FA0-1BCC-4F37-9EAD-5C2F05C5EAA4}" = Freedom Scientific Document Server
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22A0E14-70C5-43F5-A254-32907377541A}" = Freedom Scientific Talking Installer 9.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FE831C-C1FB-4D2F-95C3-32473F49BC7F}" = G10A942EN
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4DA19E5-A560-4313-8623-3493DCE3C681}" = Freedom Scientific Synthesizer Eloquence
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"2Wire SetupWiz" = AT&T Yahoo! High Speed Internet Home Networking Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"ATT-PRT22" = ATT-PRT22
"Audigy2 Audio UG" = Audio User's Guide
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cyberchase Carnival Chaos" = Cyberchase Carnival Chaos
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Organizer 1.8" = Photo Organizer
"PrintMaster 10" = PrintMaster
"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003
"RealPlayer 6.0" = RealPlayer
"SBC.MCCInstall" = AT&T Self Support Tool
"Shockwave" = Shockwave
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2010 8:35:39 PM | Computer Name = D30K1961 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00028c0b.

Error - 2/18/2010 8:35:47 PM | Computer Name = D30K1961 | Source = Application Error | ID = 1001
Description = Fault bucket 1228308904.

Error - 2/25/2010 7:38:13 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application RCT3.exe, version 3.0.12.58, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 7:38:13 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application RCT3.exe, version 3.0.12.58, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 7:38:13 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application RCT3.exe, version 3.0.12.58, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 7:38:14 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application RCT3.exe, version 3.0.12.58, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/25/2010 7:49:52 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2010 11:37:25 AM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2010 11:37:32 AM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/26/2010 9:15:56 PM | Computer Name = D30K1961 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/27/2010 2:06:36 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/27/2010 2:06:36 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/27/2010 2:33:15 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/27/2010 2:33:15 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/27/2010 5:41:37 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/27/2010 5:41:37 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/27/2010 10:12:04 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/27/2010 10:12:04 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2/27/2010 10:16:01 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2/27/2010 10:16:01 PM | Computer Name = D30K1961 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
 
Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe




Open up OTL

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\WINDOWS\system32\drivers\iaStor.sys|C:\I386\iaStor.sys /replace


:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT] 
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it wont take long.


Post the log please
 
Last edited:
OTL_Fix_Log

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File C:\WINDOWS\system32\drivers\iaStor.sys successfully replaced with C:\I386\iaStor.sys
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 2484713 bytes

User: HelpAssistant
->Temp folder emptied: 178249 bytes
->Temporary Internet Files folder emptied: 1982431 bytes
->Java cache emptied: 33468504 bytes
->FireFox cache emptied: 14640325 bytes

User: HelpAssistant.D30K1961
->Temp folder emptied: 109854200 bytes
->Temporary Internet Files folder emptied: 21678392 bytes
->Java cache emptied: 80305052 bytes
->FireFox cache emptied: 159740504 bytes

User: John Dolensky
->Temp folder emptied: 142831846 bytes
->Temporary Internet Files folder emptied: 18746868 bytes
->Java cache emptied: 84635910 bytes
->FireFox cache emptied: 39371235 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 6703250 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Peggy
->Temp folder emptied: 8652382 bytes
->Temporary Internet Files folder emptied: 39790987 bytes
->Java cache emptied: 78408574 bytes
->FireFox cache emptied: 53660931 bytes

%systemdrive% .tmp files removed: 20751 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 245265 bytes
%systemroot%\System32\dllcache .tmp files removed: 294400 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1997565 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 173168750 bytes

Total Files Cleaned = 1,023.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.30.3 log created on 02282010_210029

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HelpAssistant.D30K1961\Local Settings\Temp\jkos-John Dolensky\engine\bases\baseb1dc.avc not found!
File\Folder C:\Documents and Settings\HelpAssistant.D30K1961\Local Settings\Temporary Internet Files\Content.IE5\6Y7YGHQT\hercules_ny[1].jpg not found!
File\Folder C:\Documents and Settings\HelpAssistant.D30K1961\Local Settings\Temporary Internet Files\Content.IE5\6Y7YGHQT\home_1.9[1].js not found!
File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\mcmsc_aP73Acd3rwHz6Xj not found!
File\Folder C:\WINDOWS\temp\mcmsc_wi91do2n7axxxOH not found!

Registry entries deleted on Reboot...
 
What I would like you to do is to run OTL again to scan your system and Under the Custom Scan box paste this in

iaStor.sys

Post the log and let me know how your system is behaving now ?
 
OTL.txt

System slow to start up, sounds as though the hard drive is still working hard writing and reading during wait times. I've not used it enough today to see if it locks up...

John

OTL logfile created on: 3/1/2010 10:08:54 PM - Run 2
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\John Dolensky\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 335.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.85 Gb Total Space | 110.13 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 921.38 Gb Free Space | 98.98% Space Free | Partition Type: NTFS

Computer Name: D30K1961
Current User Name: John Dolensky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John Dolensky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - c:\Program Files\McAfee\VirusScan\mcinsupd.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdui.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe ()
PRC - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John Dolensky\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (KodakSvc) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
SRV - (TermService) -- C:\WINDOWS\SYSTEM32\termsrv32.dll (Microsoft Corporation)
SRV - (dlbu_device) -- C:\WINDOWS\System32\dlbucoms.exe (Dell)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys (Western Digital Technologies)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (cdrbsdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsdrv.sys (B.H.A Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (drvnddm) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
DRV - (tfsnudfa) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
DRV - (ha10kx2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys (Creative Technology Ltd)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
DRV - (hap16v2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys (Creative Technology Ltd)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ctdvda2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys (Creative Technology Ltd)
DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (E100B) Intel(R) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080



IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\S-1-5-21-132086333-3219335946-2764614581-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\S-1-5-21-132086333-3219335946-2764614581-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
IE - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\S-1-5-21-132086333-3219335946-2764614581-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:0.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/24 20:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/28 13:57:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:44:33 | 000,000,000 | ---D | M]

[2009/02/02 22:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Extensions
[2010/02/28 20:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions
[2009/08/29 08:12:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/07 21:04:25 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/01/31 16:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\browserhighlighter@ebay.com
[2010/01/07 21:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\fbdislike@doweb.fr
[2010/01/25 21:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\extensions\personas@christopher.beard
[2009/12/09 13:32:50 | 000,002,184 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Application Data\Mozilla\Firefox\Profiles\4n2fjetv.default\searchplugins\bing.xml
[2010/03/01 22:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/14 21:21:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\HelpAssistant\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant.D30K1961\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE File not found
O4 - Startup: C:\Documents and Settings\HelpAssistant.D30K1961\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Peggy\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-132086333-3219335946-2764614581-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/03/27 19:03:24 | 000,000,043 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/28 21:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Dolensky\My Documents\TurboTax
[2010/02/28 21:00:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/27 21:36:58 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Dolensky\Desktop\OTL.exe
[2010/02/18 19:39:00 | 010,870,528 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\John Dolensky\My Documents\R92022.EXE
[2010/02/18 19:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Deployment
[2010/02/18 19:09:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/17 20:46:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/02/17 20:14:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/16 21:32:57 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/14 21:09:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/14 21:09:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/14 21:09:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/14 21:09:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/14 21:08:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 18:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/02/11 18:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/02/02 19:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/31 15:55:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John Dolensky\InstallAnywhere
[2010/01/07 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/01/07 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/07 21:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/07 21:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2009/12/07 17:33:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/07 17:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/11 17:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/02/03 20:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2008/12/11 11:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/08/08 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/08/08 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/08/28 14:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2005/09/24 11:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2005/02/03 20:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/12/21 16:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/12/11 00:29:09 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/12/10 23:22:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/12/10 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2 C:\Documents and Settings\John Dolensky\My Documents\*.tmp files -> C:\Documents and Settings\John Dolensky\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/01 22:01:33 | 000,016,052 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/01 22:01:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/01 22:00:30 | 000,008,749 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/01 22:00:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/01 21:59:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 21:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/01 21:59:43 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 23:12:39 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\John Dolensky\NTUSER.DAT
[2010/02/28 23:12:39 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/28 23:12:39 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/28 23:12:39 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/28 23:12:39 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000002-00001102-00000004-20061102}.rfx
[2010/02/28 23:12:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/02/28 23:12:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/02/28 23:12:39 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/28 23:12:39 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
[2010/02/28 23:12:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John Dolensky\NTUSER.INI
[2010/02/28 21:31:57 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/02/27 21:36:59 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Dolensky\Desktop\OTL.exe
[2010/02/23 23:36:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/23 20:41:05 | 280,380,416 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst
[2010/02/19 23:00:48 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 19:51:34 | 012,676,096 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/19 19:51:34 | 006,406,144 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/19 19:51:34 | 000,567,515 | ---- | M] () -- C:\Peg at cosi.jpg
[2010/02/19 19:51:34 | 000,542,932 | ---- | M] () -- C:\cosi.jpg
[2010/02/19 19:51:33 | 000,637,881 | ---- | M] () -- C:\cosi 5.jpg
[2010/02/19 19:51:33 | 000,595,403 | ---- | M] () -- C:\cosi 1.jpg
[2010/02/19 19:51:33 | 000,584,401 | ---- | M] () -- C:\yellow sub 1.jpg
[2010/02/19 19:51:33 | 000,579,993 | ---- | M] () -- C:\yellow sub 2.jpg
[2010/02/19 19:51:33 | 000,539,860 | ---- | M] () -- C:\cosi 4.jpg
[2010/02/19 19:51:33 | 000,515,892 | ---- | M] () -- C:\cosi 3.jpg
[2010/02/19 19:51:33 | 000,504,526 | ---- | M] () -- C:\cosi 2.jpg
[2010/02/19 19:51:32 | 000,516,116 | ---- | M] () -- C:\cosi6.jpg
[2010/02/18 20:05:54 | 004,936,168 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF
[2010/02/18 19:56:38 | 000,000,960 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/02/18 19:56:38 | 000,000,299 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/18 19:56:38 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/02/18 19:39:07 | 010,870,528 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\John Dolensky\My Documents\R92022.EXE
[2010/02/18 18:47:26 | 004,936,168 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.BAK
[2010/02/17 23:00:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/14 21:21:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/02/12 20:11:58 | 000,006,798 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\gmer.zip
[2010/02/11 18:43:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Microsoft Office Outlook 2003.lnk
[2010/02/11 18:07:09 | 000,004,410 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Attach.zip
[2010/02/11 18:03:48 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/11 18:03:48 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/09 19:38:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\7coju871.exe
[2010/02/09 19:34:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Dolensky\defogger_reenable
[2010/02/09 19:33:19 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Defogger.exe
[2010/02/09 13:39:09 | 001,637,376 | ---- | M] () -- C:\Documents and Settings\John Dolensky\My Documents\Doc1.doc
[2010/02/02 23:17:01 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\Computer is locking up after 30 minutes or so.doc
[2010/02/02 19:41:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\HijackThis.lnk
[2010/02/02 19:28:16 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\John Dolensky\Desktop\ERUNT.lnk
[2010/01/31 16:21:17 | 000,000,675 | ---- | M] () -- C:\WINDOWS\Spidey.ini
[2 C:\Documents and Settings\John Dolensky\My Documents\*.tmp files -> C:\Documents and Settings\John Dolensky\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/19 19:59:29 | 012,676,096 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/02/19 19:59:29 | 006,406,144 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/02/18 19:56:37 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled
[2010/02/18 19:56:37 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/02/18 19:56:37 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
[2010/02/18 19:56:37 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/02/14 21:09:39 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/14 21:09:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/14 21:09:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/14 21:09:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/14 21:09:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/12 20:11:58 | 000,006,798 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\gmer.zip
[2010/02/11 18:07:09 | 000,004,410 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Attach.zip
[2010/02/11 18:03:48 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/02/09 19:38:26 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\7coju871.exe
[2010/02/09 19:34:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Dolensky\defogger_reenable
[2010/02/09 19:33:17 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Defogger.exe
[2010/02/09 13:39:08 | 001,637,376 | ---- | C] () -- C:\Documents and Settings\John Dolensky\My Documents\Doc1.doc
[2010/02/02 23:02:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\Computer is locking up after 30 minutes or so.doc
[2010/02/02 19:41:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\HijackThis.lnk
[2010/02/02 19:28:16 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Desktop\ERUNT.lnk
[2010/02/01 21:13:50 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/24 23:37:15 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\housecall.guid.cache
[2009/12/10 03:03:44 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/03 19:31:34 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/20 03:10:39 | 000,782,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/03 20:19:56 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/12/15 21:21:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2008/12/13 22:55:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/31 15:41:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/07/24 15:30:56 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/05/25 14:05:50 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/05/17 00:01:40 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\wa4jfw.dll
[2008/05/16 22:58:18 | 000,000,380 | ---- | C] () -- C:\WINDOWS\dcmuser.ini
[2008/03/15 20:23:25 | 000,000,062 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2008/02/12 20:10:43 | 000,000,675 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2007/12/25 12:14:16 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/11/09 18:43:58 | 000,000,191 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/11/09 18:34:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2007/03/04 22:40:01 | 000,000,192 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/08 14:16:56 | 000,000,336 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/08/07 18:21:03 | 000,000,698 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2006/08/07 18:20:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/14 12:23:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/14 12:21:59 | 000,000,782 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/05/29 20:40:37 | 280,380,416 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\Outlook.pst
[2006/05/14 12:05:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2006/05/14 12:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\BD40.INI
[2005/11/03 19:29:51 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Application Data\PFP120JPR.{PB
[2005/11/03 19:29:51 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Application Data\PFP120JCM.{PB
[2005/06/24 11:35:50 | 000,000,207 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/14 12:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GeoHelp.INI
[2005/02/26 19:17:42 | 000,001,555 | ---- | C] () -- C:\WINDOWS\Airwar3.INI
[2005/02/18 20:52:21 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/02/10 16:02:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2005/02/10 15:43:33 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/02/10 15:43:32 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/01/11 19:37:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/29 15:31:34 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/12/28 15:25:15 | 000,001,175 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/28 15:24:55 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2004/12/28 15:24:55 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2004/12/28 15:21:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2004/12/28 15:21:35 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2004/12/28 15:21:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2004/12/28 15:21:32 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2004/12/28 15:21:28 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/12/21 19:18:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\John Dolensky\Local Settings\Application Data\fusioncache.dat
[2004/12/11 00:39:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/11 00:34:29 | 000,002,749 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/11 00:29:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/12/11 00:29:11 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/12/11 00:29:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/12/11 00:29:09 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/12/11 00:28:49 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/10 23:23:54 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 01:28:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 16:35:06 | 000,000,254 | ---- | C] () -- C:\WINDOWS\System32\DLBUPLC.INI
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1763/06/13 16:14:55 | 000,004,263 | -HS- | C] () -- C:\WINDOWS\windllreg1c.sys

========== LOP Check ==========

[2005/04/06 16:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2005/04/06 16:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/03/31 14:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2009/02/07 16:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2008/08/11 21:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/06/19 13:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2008/07/20 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/10/05 15:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/04/12 14:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2008/12/15 21:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/10/23 12:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/02/11 18:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/11/25 20:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\CoreComm
[2007/01/07 13:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\OLYMPUS
[2009/03/16 18:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Atari
[2006/09/17 17:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\CoreComm
[2005/09/15 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Leadertech
[2008/12/15 21:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\MSNInstaller
[2010/01/07 21:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Musicmatch
[2006/12/30 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\OLYMPUS
[2006/05/29 20:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Outlook
[2009/01/03 23:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\Skinux
[2009/10/05 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Dolensky\Application Data\The Learning Company
[2010/01/07 21:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/09/06 10:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Amazon
[2008/05/25 14:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Atari
[2006/09/16 20:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\CoreComm
[2008/07/31 19:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Freedom Scientific
[2008/08/02 02:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Gamelab
[2008/12/09 20:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\gtk-2.0
[2005/02/04 15:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Leadertech
[2007/11/16 09:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\OLYMPUS
[2008/12/30 20:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\Skinux
[2008/10/21 15:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peggy\Application Data\WeatherBug
[2009/11/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 01:00:20 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/01/18 22:44:56 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< iaStor.sys >
< End of report >
 
tdsskiller.txt

22:40:04:859 2892 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
22:40:04:859 2892 ================================================================================
22:40:04:859 2892 SystemInfo:

22:40:04:859 2892 OS Version: 5.1.2600 ServicePack: 3.0
22:40:04:859 2892 Product type: Workstation
22:40:04:859 2892 ComputerName: D30K1961
22:40:04:859 2892 UserName: John Dolensky
22:40:04:859 2892 Windows directory: C:\WINDOWS
22:40:04:859 2892 Processor architecture: Intel x86
22:40:04:859 2892 Number of processors: 2
22:40:04:859 2892 Page size: 0x1000
22:40:04:859 2892 Boot type: Normal boot
22:40:04:859 2892 ================================================================================
22:40:04:875 2892 UnloadDriverW: NtUnloadDriver error 2
22:40:04:875 2892 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
22:40:04:890 2892 Initialize success
22:40:04:890 2892
22:40:04:890 2892 Scanning Services ...
22:40:04:890 2892 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
22:40:04:890 2892 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:40:04:890 2892 wfopen_ex: Trying to KLMD file open
22:40:04:890 2892 wfopen_ex: File opened ok (Flags 2)
22:40:04:890 2892 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
22:40:04:890 2892 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
22:40:04:890 2892 wfopen_ex: Trying to KLMD file open
22:40:04:890 2892 wfopen_ex: File opened ok (Flags 2)
22:40:04:953 2892 GetAdvancedServicesInfo: Raw services enum returned 396 services
22:40:04:968 2892 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
22:40:04:968 2892 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
22:40:04:968 2892
22:40:04:968 2892 Scanning Kernel memory ...
22:40:04:968 2892 Devices to scan: 6
22:40:04:968 2892
22:40:04:968 2892 Driver Name: Disk
22:40:04:968 2892 IRP_MJ_CREATE : F782ABB0
22:40:04:968 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:04:968 2892 IRP_MJ_CLOSE : F782ABB0
22:40:04:968 2892 IRP_MJ_READ : F7824D1F
22:40:04:968 2892 IRP_MJ_WRITE : F7824D1F
22:40:04:968 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:04:968 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:04:968 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:04:968 2892 IRP_MJ_SET_EA : 804F9739
22:40:04:968 2892 IRP_MJ_FLUSH_BUFFERS : F78252E2
22:40:04:968 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:04:968 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:04:968 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:04:968 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:04:968 2892 IRP_MJ_DEVICE_CONTROL : F78253BB
22:40:04:968 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7828F28
22:40:04:968 2892 IRP_MJ_SHUTDOWN : F78252E2
22:40:04:968 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:04:968 2892 IRP_MJ_CLEANUP : 804F9739
22:40:04:968 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:04:968 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:04:968 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:04:968 2892 IRP_MJ_POWER : F7826C82
22:40:04:968 2892 IRP_MJ_SYSTEM_CONTROL : F782B99E
22:40:04:968 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:04:968 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:04:968 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:04:984 2892 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
22:40:04:984 2892 sion
22:40:04:984 2892 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:40:04:984 2892
22:40:04:984 2892 Driver Name: USBSTOR
22:40:04:984 2892 IRP_MJ_CREATE : EE13D218
22:40:04:984 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:04:984 2892 IRP_MJ_CLOSE : EE13D218
22:40:04:984 2892 IRP_MJ_READ : EE13D23C
22:40:04:984 2892 IRP_MJ_WRITE : EE13D23C
22:40:04:984 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:04:984 2892 IRP_MJ_SET_EA : 804F9739
22:40:04:984 2892 IRP_MJ_FLUSH_BUFFERS : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_DEVICE_CONTROL : EE13D180
22:40:04:984 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : EE1389E6
22:40:04:984 2892 IRP_MJ_SHUTDOWN : 804F9739
22:40:04:984 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_CLEANUP : 804F9739
22:40:04:984 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:04:984 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:04:984 2892 IRP_MJ_POWER : EE13C5F0
22:40:04:984 2892 IRP_MJ_SYSTEM_CONTROL : EE13AA6E
22:40:04:984 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:04:984 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:04:984 2892 siohd: 0
22:40:04:984 2892 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
22:40:04:984 2892
22:40:04:984 2892 Driver Name: Disk
22:40:04:984 2892 IRP_MJ_CREATE : F782ABB0
22:40:04:984 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:04:984 2892 IRP_MJ_CLOSE : F782ABB0
22:40:04:984 2892 IRP_MJ_READ : F7824D1F
22:40:04:984 2892 IRP_MJ_WRITE : F7824D1F
22:40:04:984 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:04:984 2892 IRP_MJ_SET_EA : 804F9739
22:40:04:984 2892 IRP_MJ_FLUSH_BUFFERS : F78252E2
22:40:04:984 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:04:984 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_DEVICE_CONTROL : F78253BB
22:40:04:984 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7828F28
22:40:04:984 2892 IRP_MJ_SHUTDOWN : F78252E2
22:40:04:984 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:04:984 2892 IRP_MJ_CLEANUP : 804F9739
22:40:04:984 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:04:984 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:04:984 2892 IRP_MJ_POWER : F7826C82
22:40:04:984 2892 IRP_MJ_SYSTEM_CONTROL : F782B99E
22:40:04:984 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:04:984 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:04:984 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:04:984 2892 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
22:40:04:984 2892 sion
22:40:05:000 2892 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:40:05:000 2892
22:40:05:000 2892 Driver Name: Disk
22:40:05:000 2892 IRP_MJ_CREATE : F782ABB0
22:40:05:000 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:05:000 2892 IRP_MJ_CLOSE : F782ABB0
22:40:05:000 2892 IRP_MJ_READ : F7824D1F
22:40:05:000 2892 IRP_MJ_WRITE : F7824D1F
22:40:05:000 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_EA : 804F9739
22:40:05:000 2892 IRP_MJ_FLUSH_BUFFERS : F78252E2
22:40:05:000 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_DEVICE_CONTROL : F78253BB
22:40:05:000 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7828F28
22:40:05:000 2892 IRP_MJ_SHUTDOWN : F78252E2
22:40:05:000 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_CLEANUP : 804F9739
22:40:05:000 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_POWER : F7826C82
22:40:05:000 2892 IRP_MJ_SYSTEM_CONTROL : F782B99E
22:40:05:000 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:05:000 2892 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
22:40:05:000 2892 sion
22:40:05:000 2892 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:40:05:000 2892
22:40:05:000 2892 Driver Name: Disk
22:40:05:000 2892 IRP_MJ_CREATE : F782ABB0
22:40:05:000 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:05:000 2892 IRP_MJ_CLOSE : F782ABB0
22:40:05:000 2892 IRP_MJ_READ : F7824D1F
22:40:05:000 2892 IRP_MJ_WRITE : F7824D1F
22:40:05:000 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_EA : 804F9739
22:40:05:000 2892 IRP_MJ_FLUSH_BUFFERS : F78252E2
22:40:05:000 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_DEVICE_CONTROL : F78253BB
22:40:05:000 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7828F28
22:40:05:000 2892 IRP_MJ_SHUTDOWN : F78252E2
22:40:05:000 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_CLEANUP : 804F9739
22:40:05:000 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_POWER : F7826C82
22:40:05:000 2892 IRP_MJ_SYSTEM_CONTROL : F782B99E
22:40:05:000 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:05:000 2892 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
22:40:05:000 2892 sion
22:40:05:000 2892 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
22:40:05:000 2892
22:40:05:000 2892 Driver Name: iaStor
22:40:05:000 2892 IRP_MJ_CREATE : F7641094
22:40:05:000 2892 IRP_MJ_CREATE_NAMED_PIPE : 804F9739
22:40:05:000 2892 IRP_MJ_CLOSE : F7641094
22:40:05:000 2892 IRP_MJ_READ : 804F9739
22:40:05:000 2892 IRP_MJ_WRITE : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_EA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_EA : 804F9739
22:40:05:000 2892 IRP_MJ_FLUSH_BUFFERS : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
22:40:05:000 2892 IRP_MJ_DIRECTORY_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_DEVICE_CONTROL : F76447E8
22:40:05:000 2892 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86968E78
22:40:05:000 2892 IRP_MJ_SHUTDOWN : 804F9739
22:40:05:000 2892 IRP_MJ_LOCK_CONTROL : 804F9739
22:40:05:000 2892 IRP_MJ_CLEANUP : 804F9739
22:40:05:000 2892 IRP_MJ_CREATE_MAILSLOT : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_SET_SECURITY : 804F9739
22:40:05:000 2892 IRP_MJ_POWER : F7649118
22:40:05:000 2892 IRP_MJ_SYSTEM_CONTROL : F76491A4
22:40:05:000 2892 IRP_MJ_DEVICE_CHANGE : 804F9739
22:40:05:000 2892 IRP_MJ_QUERY_QUOTA : 804F9739
22:40:05:000 2892 IRP_MJ_SET_QUOTA : 804F9739
22:40:05:031 2892 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
22:40:05:031 2892 sion
22:40:05:031 2892 C:\WINDOWS\system32\drivers\iaStor.sys - Verdict: Clean
22:40:05:031 2892
22:40:05:031 2892 Completed
22:40:05:031 2892
22:40:05:031 2892 Results:
22:40:05:031 2892 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
22:40:05:031 2892 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:40:05:031 2892 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:40:05:031 2892
22:40:05:031 2892 KLMD(ARK) unloaded successfully
 
Not seeing anything bad.

Why don't you post here at our sister site for windows issues, link them to this thread so they can see what we have done. Explain what your experiencing , it may be a bad driver for one of your programs or a hardware issue causing it, not sure. You can post back here and link me to your thread so I can follow along .

http://forums.whatthetech.com/Microsoft_Windows_f119.html

If they don't find anything wrong we can did a bit deeper if need be
 
You must log in or register to reply here.
Back
Top