Possible Rootkit on my system

[LDTate]

That partition is my external usb Buffalo terastation

That's why it's showing that. We need to leave it alone.

I was just told the TDSSKiller has beend updated.

Give this a run.

Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
    

  [*]Copy and paste the log in your next reply

  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    

[Firefox]

Below you will find the log..... by the way, my computer is currently detecting (Symantec Endpoint Protection) Trojan.Gen every few seconds at this time.

2010/09/08 21:42:25.0440 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/08 21:42:25.0440 ================================================================================

2010/09/08 21:42:25.0440 SystemInfo:

2010/09/08 21:42:25.0440

2010/09/08 21:42:25.0440 OS Version: 6.1.7600 ServicePack: 0.0

2010/09/08 21:42:25.0440 Product type: Workstation

2010/09/08 21:42:25.0441 ComputerName: 1WWLLF1

2010/09/08 21:42:25.0444 UserName: cmack

2010/09/08 21:42:25.0444 Windows directory: C:\Windows

2010/09/08 21:42:25.0444 System windows directory: C:\Windows

2010/09/08 21:42:25.0444 Processor architecture: Intel x86

2010/09/08 21:42:25.0444 Number of processors: 8

2010/09/08 21:42:25.0444 Page size: 0x1000

2010/09/08 21:42:25.0444 Boot type: Normal boot

2010/09/08 21:42:25.0444 ================================================================================

2010/09/08 21:42:28.0664 Initialize success

2010/09/08 21:42:49.0269 ================================================================================

2010/09/08 21:42:49.0269 Scan started

2010/09/08 21:42:49.0269 Mode: Manual;

2010/09/08 21:42:49.0269 ================================================================================

2010/09/08 21:42:54.0248 ================================================================================

2010/09/08 21:42:54.0248 Scan finished

2010/09/08 21:42:54.0248 ================================================================================

[LDTate]

by the way, my computer is currently detecting (Symantec Endpoint Protection) Trojan.Gen every few seconds at this time.

Does it show where it's finding it?

BTW, the TDSS scan look good.

[LDTate]

I need to get some sleep.

I'll check back in the morning.

[Firefox]

C:\Users\cmack.TXFBDOM\AppData\Local\temp

That is the location where its detecting it at, I checked earlier and there were no temp files in there that were detected, but now there are quite a few there, and they are being automatically detected and Quarantined by my AV.

I understand that you have to get some rest..... have a good night and we can followup in the morning.....

I am Central time in the USA and as I type this it is 9:52PM.

[LDTate]

Well when you're tired you start making dumb mistakes.

We need to try and figure out where those temp files are coming from.

OTL:

• Download OTL to your desktop.
  
• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output
  
• Check the boxes beside LOP Check and Purity Check.
  
• Copy and paste the following bold text into the box under Custom Scan
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  /md5stop
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt and post it with your next reply along with the OTL fix log.

[Firefox]

I know what its like to work when your tired.... no worries..... Here are the OTL.txt and Extras.txt logs.... not sure what you meant about fix logs...... (I still have the OTL program open, should I close it or click on something else?)

OTL logfile created on: 9/9/2010 8:24:01 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\cmack.TXFBDOM\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97.96 Gb Total Space | 60.51 Gb Free Space | 61.77% Space Free | Partition Type: NTFS

Drive D: | 200.07 Gb Total Space | 30.12 Gb Free Space | 15.05% Space Free | Partition Type: NTFS

Drive E: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 931.22 Gb Total Space | 678.97 Gb Free Space | 72.91% Space Free | Partition Type: FAT32

Computer Name: 1WWLLF1

Current User Name: cmack

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\cmack.TXFBDOM\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)

PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

PRC - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)

PRC - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)

PRC - C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)

PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Ghost\bin\dbserv.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Ghost\ngserver.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Ghost\db\..\bin\rteng9.exe ()

PRC - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

PRC - C:\Program Files\Roxio 2010\Roxio Burn\Roxio Burn.exe ()

PRC - C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()

PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)

PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd)

PRC - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()

PRC - C:\Program Files\Common Files\PX Storage Engine\VxBlockServer.exe (Sonic Solutions)

PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Program Files\GetSmile\getsmile.exe (Sofrayt)

PRC - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)

PRC - C:\Program Files\r2 Studios\Tonic\Tonic.exe (r2 studios)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========== Modules (SafeList) ==========

MOD - C:\Users\cmack.TXFBDOM\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf

861225ca\GdiPlus.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)

SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (VSNAPVSS) -- C:\Windows\System32\vsnapvss.exe (StorageCraft Technology Corporation)

SRV - (ShadowProtectSvc) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe (StorageCraft Technology Corporation)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)

SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)

SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)

SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (NGDBSERV) -- C:\Program Files\Symantec\Ghost\bin\dbserv.exe (Symantec Corporation)

SRV - (NGSERVER) -- C:\Program Files\Symantec\Ghost\ngserver.exe (Symantec Corporation)

SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()

SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions)

SRV - (RoxMediaDB12) -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)

SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ()

SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (awhost32) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\CMACK~1.TXF\AppData\Local\Temp\catchme.sys File not found

DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)

DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)

DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)

DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (sbmount) -- C:\Windows\System32\drivers\sbmount.sys (StorageCraft Technology Corporation)

DRV - (stcvsm) -- C:\Windows\system32\DRIVERS\stcvsm.sys (StorageCraft Technology Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100908.035\NAVEX15.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100908.035\NAVENG.SYS (Symantec Corporation)

DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (SysPlant) -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)

DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\System32\drivers\hidbatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd)

DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)

DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)

DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)

DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)

DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)

DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)

DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)

DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)

DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)

DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)

DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.)

DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)

DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.)

DRV - (SaibVd32) -- C:\Windows\System32\drivers\SaibVd32.sys (Sonic Solutions)

DRV - (SahdIa32) -- C:\Windows\System32\Drivers\SahdIa32.sys (Sonic Solutions)

DRV - (SaibIa32) -- C:\Windows\System32\Drivers\SaibIa32.sys (Sonic Solutions)

DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (AW_HOST) -- C:\Windows\System32\drivers\AW_HOST5.sys (Symantec Corporation)

DRV - (awlegacy) -- C:\Windows\System32\Drivers\awlegacy.sys (Symantec Corporation)

DRV - (awecho) -- C:\Windows\System32\drivers\awechomd.sys (Symantec Corporation)

DRV - (Gernuwa) -- C:\Windows\System32\drivers\GERNUWA.sys (Symantec Corporation)

DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sharepoint.txfb.org/it/default.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 8A 49 B4 35 F1 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.txfb-ins.local:8080

O1 HOSTS File: ([2010/09/02 14:04:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [Tonic] C:\Program Files\r2 Studios\Tonic\Tonic.exe (r2 studios)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [GetSmile] C:\Program Files\GetSmile\getsmile.exe (Sofrayt)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\cmack.TXFBDOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: kltforums.net ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: malwarebytes.org ([forums] http in Trusted sites)

O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)

O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)

O15 - HKCU\..Trusted Domains: txfb.org ([sharepoint] http in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dl...vex-2.2.5.7.cab (DLM Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://productivecorp.webex.com/client/T27...ng/ieatgpc1.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15112/CTPID.cab (Creative Software AutoUpdate Support Package)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TXFB.ORG

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/09 08:16:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\cmack.TXFBDOM\Desktop\OTL.exe

[2010/09/08 14:05:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/09/08 14:05:32 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\temp

[2010/09/08 13:47:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/09/08 11:58:20 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\Desktop\GooredFix Backups

[2010/09/08 08:45:38 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\Lunarsoft

[2010/09/08 08:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft

[2010/09/07 15:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ultra File Search

[2010/09/02 16:19:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/09/02 13:57:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/09/02 13:57:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/09/02 13:57:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/09/02 13:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/09/02 13:56:49 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/09/01 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\Desktop\Donny Smith Pictures 2010

[2010/08/31 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Apple Computer

[2010/08/27 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\vlc

[2010/08/27 13:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2010/08/27 11:51:59 | 000,000,000 | ---D | C] -- C:\YouTubeVideos

[2010/08/27 11:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\AliveMedia

[2010/08/23 08:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2010/08/19 07:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/08/18 14:30:31 | 000,193,440 | ---- | C] (StorageCraft Technology Corporation) -- C:\Windows\System32\drivers\stcvsm.sys

[2010/08/17 15:41:06 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

[2010/08/17 15:41:02 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

[2010/08/17 15:41:02 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys

[2010/08/17 15:40:56 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll

[2010/08/17 15:40:44 | 000,024,624 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys

[2010/08/17 15:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware

[2010/08/17 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\VMware

[2010/08/17 10:48:30 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Download Manager

[2010/08/12 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Opera

[2010/08/12 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\cmack.TXFBDOM\AppData\Local\Opera

[2010/08/12 07:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

[2010/08/11 11:23:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2010/08/11 11:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/08/11 11:23:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/08/11 11:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/08/11 11:23:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/08/10 18:17:04 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll

[2010/08/10 18:17:04 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/08/10 18:17:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/08/10 18:17:00 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/08/10 18:17:00 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/08/10 18:16:57 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/08/10 18:16:57 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/08/10 18:16:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/08/10 18:16:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010/08/10 18:16:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/08/10 18:16:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/08/10 18:16:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/08/10 18:16:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010/08/10 18:16:54 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/05/20 08:34:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.sys

[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/09/09 08:26:16 | 004,194,304 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat

[2010/09/09 08:20:30 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\cmack.TXFBDOM\Desktop\OTL.exe

[2010/09/09 08:09:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/09/09 07:09:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/09/08 20:45:34 | 000,080,384 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\MBRCheck.exe

[2010/09/08 16:32:27 | 000,360,448 | ---- | M] (Interactive Studios Inc.) -- C:\Windows\System32\IsLicense40.dll

[2010/09/08 16:21:12 | 000,022,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 16:21:12 | 000,022,272 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/09/08 16:18:31 | 000,734,468 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/09/08 16:18:31 | 000,629,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/09/08 16:18:31 | 000,108,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/09/08 16:13:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/09/08 16:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/09/08 16:13:03 | 2615,377,920 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/08 16:12:13 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx

[2010/09/08 16:12:13 | 000,054,568 | ---- | M] () -- C:\Windows\System32\BMXState-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx

[2010/09/08 16:12:13 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000009-00000000-00000002-00001102-00000005-10031102}.rfx

[2010/09/08 16:11:58 | 005,040,261 | -H-- | M] () -- C:\Users\cmack.TXFBDOM\AppData\Local\IconCache.db

[2010/09/08 14:32:33 | 000,001,999 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\KLTImageshack uploader.lnk

[2010/09/08 14:03:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/09/08 12:03:48 | 003,840,563 | R--- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\ComboFix.exe

[2010/09/08 09:03:26 | 000,000,000 | ---- | M] () -- C:\Users\cmack.TXFBDOM\defogger_reenable

[2010/09/08 08:45:38 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk

[2010/09/02 14:04:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/09/02 10:42:17 | 000,748,739 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\A+ Card Businesses.pdf

[2010/09/01 13:49:17 | 000,176,128 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\Fields_and_Formations_2009_08_C.vsd

[2010/09/01 09:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2010/09/01 09:22:51 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2010/09/01 09:22:51 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TM.blf

[2010/09/01 08:26:16 | 000,037,677 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\HOT Rods Roster Fall 2010.pdf

[2010/08/27 13:21:29 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/08/26 09:10:31 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2010/08/26 09:10:31 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2010/08/26 09:10:31 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TM.blf

[2010/08/23 09:49:52 | 000,000,756 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_23.08.2010_15-51drv.spi

[2010/08/23 08:41:17 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/08/19 07:45:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/18 14:34:08 | 000,004,096 | -HS- | M] () -- C:\VSM000.IDX

[2010/08/17 16:46:14 | 000,023,556 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\E4310 Latitude for Roslyn_details_po.pdf

[2010/08/17 15:42:02 | 000,000,998 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk

[2010/08/17 15:40:34 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010/08/17 15:40:26 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk

[2010/08/13 16:24:12 | 000,000,000 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\New Microsoft Office Word Document.docx

[2010/08/12 10:42:56 | 000,013,030 | ---- | M] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Comma Separated Values (Windows).CAL

[2010/08/12 10:41:48 | 000,003,825 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\dallascowboys2010.csv

[2010/08/12 08:04:11 | 000,000,529 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Desktop\Delay_Protection_Start.zip

[2010/08/12 07:52:09 | 000,000,827 | ---- | M] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/08/12 07:52:09 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[2010/08/11 03:21:57 | 000,548,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/11 03:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2010/08/11 03:19:50 | 000,524,288 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2010/08/11 03:19:50 | 000,065,536 | -HS- | M] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{6af38069-a3e7-11df-a0b9-005056c00008}.TM.blf

========== Files Created - No Company Name ==========

[2010/09/08 20:45:19 | 000,080,384 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\MBRCheck.exe

[2010/09/08 14:10:35 | 000,000,261 | ---- | C] () -- C:\Users\cmack.TXFBDOM\activate.log

[2010/09/08 13:32:41 | 003,840,563 | R--- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\ComboFix.exe

[2010/09/08 09:03:26 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\defogger_reenable

[2010/09/08 08:45:38 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Malware Toolkit.lnk

[2010/09/02 13:57:16 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/09/02 13:57:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/09/02 13:57:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/09/02 13:57:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/09/02 13:57:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/09/02 10:32:55 | 000,748,739 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\A+ Card Businesses.pdf

[2010/09/01 13:49:17 | 000,176,128 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\Fields_and_Formations_2009_08_C.vsd

[2010/09/01 08:26:16 | 000,037,677 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\HOT Rods Roster Fall 2010.pdf

[2010/08/31 13:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2010/08/31 13:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2010/08/31 13:43:18 | 000,065,536 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{772916b9-b52f-11df-a749-005056c00008}.TM.blf

[2010/08/27 13:21:29 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2010/08/25 13:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2010/08/25 13:49:43 | 000,524,288 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2010/08/25 13:49:43 | 000,065,536 | -HS- | C] () -- C:\Users\cmack.TXFBDOM\ntuser.dat{62eb3fdb-b079-11df-9c18-005056c00008}.TM.blf

[2010/08/23 09:04:13 | 000,000,756 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_23.08.2010_15-51drv.spi

[2010/08/23 08:41:17 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2010/08/19 07:45:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010/08/18 14:34:08 | 000,004,096 | -HS- | C] () -- C:\VSM000.IDX

[2010/08/17 16:46:14 | 000,023,556 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\E4310 Latitude for Roslyn_details_po.pdf

[2010/08/17 15:42:02 | 000,000,998 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk

[2010/08/17 15:40:26 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk

[2010/08/13 16:24:12 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\New Microsoft Office Word Document.docx

[2010/08/12 10:42:56 | 000,013,030 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Comma Separated Values (Windows).CAL

[2010/08/12 10:41:47 | 000,003,825 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\dallascowboys2010.csv

[2010/08/12 07:52:09 | 000,000,827 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010/08/12 07:52:09 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2010/08/11 08:23:20 | 000,000,529 | ---- | C] () -- C:\Users\cmack.TXFBDOM\Desktop\Delay_Protection_Start.zip

[2010/06/30 10:40:08 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

[2010/05/27 13:43:31 | 000,003,088 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2010/05/24 08:49:17 | 000,026,624 | ---- | C] () -- C:\Windows\System32\VNCpm.dll

[2010/05/20 08:34:39 | 000,000,034 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.log

[2010/05/20 08:34:08 | 000,007,887 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.cat

[2010/05/20 08:34:08 | 000,001,144 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Roaming\pcouffin.inf

[2010/05/13 08:29:19 | 000,000,000 | ---- | C] () -- C:\Users\cmack.TXFBDOM\AppData\Local\rx_image32.Cache

[2010/05/11 13:29:20 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL

[2010/05/11 13:29:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

[2010/05/11 13:23:32 | 000,009,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/01/25 12:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\System32\instwdm.ini

[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll

[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL

[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini

[2008/11/29 11:13:12 | 000,015,040 | ---- | C] () -- C:\Windows\System32\uddriver.sys

[2006/06/12 17:15:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll

[2004/06/12 07:56:51 | 000,036,608 | ---- | C] () -- C:\Windows\System32\BASSMOD.DLL

[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/02/03 07:22:08 | 000,307,200 | ---- | C] () -- C:\Windows\System32\ExportModeller.dll

[2001/02/03 05:59:28 | 000,049,223 | ---- | C] () -- C:\Windows\System32\crtslv.dll

[2000/10/25 23:15:00 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll

[2000/04/12 21:28:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll

[2000/04/12 21:24:10 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll

[1998/05/31 06:00:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll

========== LOP Check ==========

[2010/08/26 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\FileZilla

[2010/05/12 11:22:44 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\ImgBurn

[2010/08/12 07:52:18 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Opera

[2010/05/11 14:39:56 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Simple Star

[2010/05/11 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Sofrayt

[2010/05/13 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\TeamViewer

[2010/08/26 10:17:03 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\Vso

[2010/07/28 10:59:51 | 000,000,000 | ---D | M] -- C:\Users\cmack.TXFBDOM\AppData\Roaming\webex

[2009/07/13 23:53:46 | 000,021,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >

[2009/12/24 19:19:32 | 000,537,368 | R--- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x64_2003\IaStor.sys

[2009/12/24 19:19:32 | 000,537,368 | R--- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x64_2003\IaStor.sys

[2009/12/24 19:19:32 | 000,277,784 | R--- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x86_XP\iaStor.sys

[2009/12/24 19:19:32 | 000,277,784 | R--- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\Intel.82801.SataRaid\Win_x86_XP\iaStor.sys

< MD5 for: IASTORV.SYS >

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2009/12/24 19:19:32 | 000,232,040 | R--- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\iastorv\iaStorV.sys

[2009/12/24 19:19:32 | 000,232,040 | R--- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\iastorv\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVATA.SYS >

[2009/12/24 19:20:00 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sata_ide\nvata.sys

[2009/12/24 19:20:00 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sata_ide\nvata.sys

< MD5 for: NVATABUS.SYS >

[2009/12/24 19:19:58 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\legacy\nvatabus.sys

[2009/12/24 19:19:58 | 000,093,568 | R--- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\legacy\nvatabus.sys

[2009/12/24 19:20:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sataraid\nvatabus.sys

[2009/12/24 19:20:00 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\NVidia.nForceSataRaid\IDE\Win2K\sataraid\nvatabus.sys

< MD5 for: NVSTOR.SYS >

[2009/12/24 19:20:00 | 000,040,040 | R--- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\nvraid\nvstor.sys

[2009/12/24 19:20:00 | 000,040,040 | R--- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\nvraid\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: VIAMRAID.SYS >

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\2003IA32\viamraid.sys

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Win2000\viamraid.sys

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Winxp\viamraid.sys

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\2003IA32\viamraid.sys

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Win2000\viamraid.sys

[2009/12/24 19:20:08 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.Raid\RAID\Winxp\viamraid.sys

< MD5 for: VIASRAID.SYS >

[2009/12/24 19:20:08 | 000,077,056 | R--- | M] (VIA Technologies inc,.ltd) MD5=45469FA05947D75874316649A22878D4 -- C:\ProgramData\Symantec\Ghost\Template\common\windrivers\VIA.SATARaid\SATA\Winxp\viasraid.sys

[2009/12/24 19:20:08 | 000,077,056 | R--- | M] (VIA Technologies inc,.ltd) MD5=45469FA05947D75874316649A22878D4 -- C:\Users\All Users\Symantec\Ghost\Template\common\windrivers\VIA.SATARaid\SATA\Winxp\viasraid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:618D0840

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BEC0D766

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 9/9/2010 8:24:01 AM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\cmack.TXFBDOM\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97.96 Gb Total Space | 60.51 Gb Free Space | 61.77% Space Free | Partition Type: NTFS

Drive D: | 200.07 Gb Total Space | 30.12 Gb Free Space | 15.05% Space Free | Partition Type: NTFS

Drive E: | 2.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive L: | 931.22 Gb Total Space | 678.97 Gb Free Space | 72.91% Space Free | Partition Type: FAT32

Computer Name: 1WWLLF1

Current User Name: cmack

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{01287DE9-6EEB-488D-99C7-FE3C707A87AC}" = BIAS SoundSoap SE 2.2

"{04049B18-7319-48ED-AE48-8AF73C2B06E7}" = CCSMailCaptureSetup

"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package

"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds

"{12118183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5

"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 21

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn

"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel® IPP Run-Time Installer 5.2 for Windows* on IA-32

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{46578609-AD6D-4E69-AC8F-28B89C090F3B}" = Roxio Creator 2010 Pro

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A72CBD5-806C-4C52-8E23-1FB28F1E1DB5}" = ShadowProtect Desktop

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers

"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Creator 2010 Content

"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Update

"{5491453D-8C3E-4785-AC5C-E9A4DABF378A}" = Roxio Venue

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{65A79175-3C4C-41F4-92AF-BA1DDDBA0626}" = Roxio Burn Manager CDB

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer

"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator 2010 Pro

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B3B4CE5-300C-4DFC-8CD1-D9C0E07015D1}" = Symantec Endpoint Protection

"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB

"{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery

"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop

"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator 2010 Pro

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A3C6818-2706-11D7-9605-0000E224ED8B}" = WinDSX V3.7.25

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{906C01EE-B242-4197-AE85-6C506E1B869B}" = Roxio Burn Manager

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack

"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = ContentManager

"{BE8585BF-DC7A-4AE0-0A2E-000007493152}" = Symantec Ghost Console and Standard Tools

"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5

"{C708C5C2-A170-48B8-A0A2-69C8E0935A28}" = AttachmentOptions

"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{DDF1A502-7670-44A1-BB19-399574D7FD34}" = Pocket Highscores

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{F07737AC-C218-4272-A678-26CA5F6CD8DF}" = Opera 10.61

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.13.326

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.7 Professional

"Adobe Acrobat 8 Professional_817" = Adobe Acrobat 8.1.7 - CPSID_50029

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"ALchemy" = Creative ALchemy

"Alive YouTube Video Converter_is1" = Alive YouTube Video Converter (version 2.6.0.2)

"AnyDVD" = AnyDVD

"AudioCS" = Creative Audio Control Panel

"CCleaner" = CCleaner

"Console Launcher" = Creative Console Launcher

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties" = Creative Sound Blaster Properties

"DFX for Windows Media Player" = DFX for Windows Media Player

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.3.4.1

"GetSmile0903_is1" = GetSmile v1.952

"ImgBurn" = ImgBurn

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"KLTImageshack uploader" = KLTImageshack uploader

"LightZone 3.7" = LightZone 3.7

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"Mace Enterprise Pro Surveillance System(Basic)" = Mace Enterprise Pro Surveillance System(Basic)

"MainApp.exe_is1" = CloneDVD 5.0.2.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MVApplication1" = SureThing CD Labeler Deluxe 4

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ObjectDock Plus" = ObjectDock Plus

"OpenAL" = OpenAL

"pdfFactory Pro" = pdfFactory Pro

"RealVNC_is1" = VNC Enterprise Edition E4.5.3

"Remote Client" = Remote Client

"Roxio PhotoShow" = Roxio PhotoShow

"Spb AirIslands qVGA" = Spb AirIslands qVGA

"Spb Arkaball II" = Spb Arkaball II

"Spb Balltracker" = Spb Balltracker

"Spb Brain Evolution" = Spb Brain Evolution

"Spb Bubbles" = Spb Bubbles

"Spb FreeCell" = Spb FreeCell

"Spb Matches" = Spb Matches

"Spb Minesweeper II" = Spb Minesweeper II

"Spb Numbers" = Spb Numbers

"Spb Quadronica" = Spb Quadronica

"Spb Sudoku" = Spb Sudoku

"Spb Xonix II qVGA" = Spb Xonix II qVGA

"TeamViewer 5" = TeamViewer 5

"Tonic" = Tonic v1.0 (build 990)

"UltimateDefrag 2008" = UltimateDefrag 2008

"UltraISO_is1" = UltraISO Premium V9.33

"VLC media player" = VLC media player 1.1.4

"VMware_Workstation" = VMware Workstation

"VNCMirror_is1" = VNC Mirror Driver 1.8.0

"VNCPrinter_is1" = VNC Printer Driver 1.6.0

"WaveStudio 7" = Creative WaveStudio 7

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/9/2010 7:21:11 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH8F83.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:22:34 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH8D17.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:23:03 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHA588.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:23:33 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHBF21.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:26:28 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH1CEC.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:26:58 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH35BA.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:27:28 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH4ED7.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:32:51 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWHF953.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:33:22 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH11C4.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

Error - 9/9/2010 7:33:51 AM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Trojan.Gen in File: C:\Users\cmack.TXFBDOM\AppData\Local\temp\DWH2AB1.tmp

by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:

The file was quarantined successfully.

[ System Events ]

Error - 9/8/2010 2:48:25 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 9/8/2010 2:52:43 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

Error - 9/8/2010 2:57:28 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 9/8/2010 3:03:48 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195

Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is

the error.

Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195

Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is

the error.

Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195

Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is

the error.

Error - 9/8/2010 3:29:06 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = stcvsm | ID = 328195

Description = Cannot query the Volume ID for \Device\SaibVd\SaibVd0. The data is

the error.

Error - 9/8/2010 3:29:32 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = DCOM | ID = 10010

Description =

Error - 9/8/2010 5:14:05 PM | Computer Name = 1WWLLF1.TXFB.ORG | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio

Hard Drive Watcher 12 service to connect.

< End of report >

[LDTate]

You can close OT

Interesting read. Looks like an issue with Symantec.

http://www.symantec.com/connect/forums/gen...tmp-temp-folder

[Firefox]

intresting reading indeed, sounds like it is that, as far as you can see right now, I dont have anything weird huh?

Do you want me to try a different AV product? I have serveral I can try?

[LDTate]

intresting reading indeed, sounds like it is that, as far as you can see right now, I dont have anything weird huh?

Do you want me to try a different AV product? I have serveral I can try?

Sure, but you'll need to uninstall Symantec.

I didn't see anything bad.

[LDTate]

Maybe a fix?

http://service1.symantec.com/SUPPORT/ent-s...009042217073548

[Firefox]

Ok before I decide to ditch Symantec Endpoint Protection let me see how it does....

I have deleted all the temp files and I have also deleted what was in the Quarantine folder. There was 1.7GB of stuff in that folder, dont ask me from what or where, but I think it was a build up of all those tmp files it was detecting.

I am going to try and find the update / service pack for it see what it does.

[LDTate]

Cool

[Firefox]

OK I installed the latest version of Symantec endpoint protection on this pc but it did not seem to solve the issue. I am sure that its the update but they are talking about....

I have ditched symantec on this computer for the time being, I am now running McAfee Corp Editon on this box.

Do we want to call this case done?

[LDTate]

It's up to you.

We can wait and see if McAfee finds anything or have you ran a scan with McAfee yet?

[Firefox]

Its running a full scan now, will let you know if it finds anything....

[Firefox]

OK the scan finished (of course I had to go to lunch too he he) and all it found was some left over stuff in Symantec Endpoint Protection Quarantine folder. I deleted all that stuff aside from that it came back clean....

LDTate I just wanted to thank you for helping me find the culprit to this issue and helping me fix it.

[LDTate]

OK the scan finished (of course I had to go to lunch too he he) and all it found was some left over stuff in Symantec Endpoint Protection Quarantine folder. I deleted all that stuff aside from that it came back clean....

LDTate I just wanted to thank you for helping me find the culprit to this issue and helping me fix it.

You're more than welcome, Firefox

You keep up the good work your doing.

Peace be with you