Sponsored By

roryawilson

Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by roryawilson

  1. OK...so I guess that ends our session. Thank you for all your help.
  2. Here's a diagnostic from Microsoft on my challenge... ---------------------- Last diagnostic run time: 12/06/09 11:21:30 HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity info HTTPS: Successfully connected to www.microsoft.com. info FTP (Passive): Successfully connected to ftp.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established error Could not make an HTTP connection. info Redirecting user to support call DNS Client Diagnostic DNS - Not a home user scenario info Using Web Proxy: yes No DNS servers DNS failure Gateway Diagnostic Gateway info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:http=127.0.0.1:5555 Proxy Bypass list:<local> info This computer has the following default gateway entry(ies): 192.168.1.1 info This computer has the following IP address(es): 192.168.1.103 info The default gateway is in the same subnet as this computer info The default gateway entry is a valid unicast address info The default gateway address was resolved via ARP in 1 try(ies) info The default gateway was reached via ICMP Ping in 1 try(ies) info Skipped gateway connectivity check because of IE proxy configuration IP Layer Diagnostic Corrupted IP routing table info The default route is valid info The loopback route is valid info The local host route is valid info The local subnet route is valid Invalid ARP cache entries action The ARP cache has been flushed IP Configuration Diagnostic Invalid IP address info Valid IP address detected: 192.168.1.103 Wireless Diagnostic Wireless - Service disabled Wireless - User SSID action User input required: Specify network name or SSID Wireless - First time setup info The Wireless Network name (SSID) to which the user would like to connect = Wilson5. Wireless - Radio off info Valid IP address detected: 192.168.1.103 Wireless - Out of range Wireless - Hardware issue Wireless - Novice user Wireless - Ad-hoc network Wireless - Less preferred Wireless - 802.1x enabled Wireless - Configuration mismatch Wireless - Low SNR WinSock Diagnostic WinSock status info All base service provider entries are present in the Winsock catalog. info The Winsock Service provider chains are valid. info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test. info Provider entry MSAFD Tcpip [uDP/IP] passed the loopback communication test. info Provider entry RSVP UDP Service Provider passed the loopback communication test. info Provider entry RSVP TCP Service Provider passed the loopback communication test. info Provider entry MSAFD Tcpip [TCP/IPv6] passed the loopback communication test. info Provider entry MSAFD Tcpip [uDP/IPv6] passed the loopback communication test. info Connectivity is valid for all Winsock service providers. Network Adapter Diagnostic Network location detection info Using home Internet connection Network adapter identification info Network connection: Name=Local Area Connection, Device=Realtek RTL8102E Family PCI-E Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN info Network connection: Name=Wireless Network Connection, Device=Intel® Wireless WiFi Link 5100, MediaType=LAN, SubMediaType=WIRELESS info Both Ethernet and Wireless connections available, prompting user for selection action User input required: Select network connection info Wireless connection selected Network adapter status info Network connection status: Connected HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity info FTP (Passive): Successfully connected to ftp.microsoft.com. info HTTPS: Successfully connected to www.microsoft.com. warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established error Could not make an HTTP connection. ---------------------- Here is the "FIX" - I tried to locate these settings, but was unable to. Windows cannot connect to the Internet using HTTP, HTTPS, or FTP. This is probably caused by firewall settings on this computer. Check the firewall settings for the HTTP port (80), HTTPS port (443) and FTP port (21). You might need to contact your Internet service provider (ISP) or the manufacturer of your firewall software. ---------------------- Can you help?
  3. Tried it and IE still not working. I am in the process of deleting IE from my computer. I'll update you later.
  4. All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Rory Wilson ->Temp folder emptied: 941705 bytes ->Temporary Internet Files folder emptied: 846465 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 65287979 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 253584 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 64.27 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version 3.1.2.1 log created on 12042009_221904 Files moved on Reboot... File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_bf4.dat not found! Registry entries deleted on Reboot...
  5. I believe that I have run every program with the exception of the Recovery Console. I do not have a XP set-up disk. I purchased my Toshiba L300 laptop from Newegg.com and the disks that I have say "Recovery Media - Windows Vista business 32-bit SP 1." This is different than the Recovery Console says to insert in my computer. I wasn't sure if I should attempt to do something beyond my comfort level. As a side note...None of my Microsoft products are working properly. IE will not navigate to http web sites, but will navigate to https (secure) websites. Outlook will not allow me to view graphic attachments. Windows Media Player does not function. I have been using Firefox as my primary web browser, but I have two websites that do not work well in Firefox. So I really need IE. I've looked at Thunderbird for emails, but Outlook suits my purposes much better. Maybe with some added time I can investigate the add-ons for TB and make it work, but for now I am dependent on Outlook. I installed Real player, but it seems to work through IE, which isn't working at the moment. I've tried to install updates, but this doesn't work. Can you give me some suggestions on how to get IE, Outlook, and WinMedia Player back up and working? Thank you for all you help. I think I've gotten most of my sanity back Rory
  6. Sorry for the delay...I never got an email notification and I thought you were taking longer in getting back to me. I ran the tests and nothing was found. Here are the results My Outlook and IE are having challenges. Thanks, KASPERSKY ONLINE SCANNER 7.0: scan report Thursday, December 3, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, December 03, 2009 06:21:37 Records in database: 3325388 Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area My Computer C:\ D:\ Scan statistics Objects scanned 103211 Threats found 0 Infected objects found 0 Suspicious objects found 0 Scan duration 01:19:29 No threats found. Scanned area is clean. Selected area has been scanned.
  7. OTL logfile created on: 11/30/2009 4:02:52 PM - Run 3 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.99% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 225.37 Gb Total Space | 196.31 Gb Free Space | 87.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEACONMKTG Current User Name: Rory Wilson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/29 16:22:39 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe PRC - [2009/11/29 16:22:34 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/11/29 16:22:29 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2009/11/29 16:22:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/11/29 16:22:29 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2009/11/29 16:22:28 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/02 22:34:42 | 00,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2009/08/17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE PRC - [2009/07/29 14:52:10 | 01,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/08/30 10:12:40 | 00,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe PRC - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008/04/30 18:27:12 | 01,347,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2008/04/30 18:11:20 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2008/04/07 15:40:04 | 16,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE PRC - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/12/06 16:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe PRC - [2007/10/08 12:02:46 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2007/10/08 12:02:46 | 00,032,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2007/04/13 17:16:16 | 00,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe PRC - [2007/04/09 17:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2002/12/04 10:52:48 | 00,237,568 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe ========== Modules (SafeList) ========== MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (McShield) SRV - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc) SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200 IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701 FF - prefs.js..extensions.enabledItems: [email protected]:2.710.016.005 FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0 FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/29 16:22:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2009/11/29 16:22:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 16:12:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M] [2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions [2009/11/29 22:36:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions [2009/11/29 22:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected] [2009/11/29 22:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected] [2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/30 11:49:23 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2009/11/30 05:54:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/11/29 21:15:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/11/29 16:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AVG Security Toolbar [2009/11/29 16:23:09 | 00,000,000 | -H-D | C] -- C:\$AVG [2009/11/29 16:22:58 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/11/29 16:22:58 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/11/29 16:22:53 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/11/29 16:22:52 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/11/29 16:22:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2009/11/29 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/11/29 16:22:32 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys [2009/11/29 16:22:29 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2009/11/29 16:22:23 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll [2009/11/29 16:22:23 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys [2009/11/29 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/11/29 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/11/29 16:12:19 | 00,000,000 | ---D | C] -- C:\_OTL [2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes [2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix [2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's [2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado [2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads [2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs [2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators [2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys [2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache [2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files [2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector [2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft [2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft [2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft [2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [1 C:\Documents and Settings\Rory Wilson\My Documents\*.tmp files -> C:\Documents and Settings\Rory Wilson\My Documents\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/30 16:02:24 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst [2009/11/30 16:01:30 | 45,961,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/30 16:01:16 | 00,106,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/30 15:57:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/30 15:56:23 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/30 15:56:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/30 15:56:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/30 15:55:58 | 20,090,63424 | -HS- | M] () -- C:\hiberfil.sys [2009/11/30 13:25:00 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/30 13:25:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini [2009/11/30 13:24:32 | 00,109,477 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx [2009/11/30 11:49:37 | 00,622,730 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/30 11:49:37 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/30 11:49:37 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/30 11:36:24 | 00,005,382 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos PO#KFD.pdf [2009/11/30 11:34:12 | 00,789,279 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos ART Layout for PO#KFD.pdf [2009/11/30 11:29:02 | 01,003,779 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Kirkland Fire.JPG [2009/11/29 22:44:18 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/29 21:44:15 | 04,845,040 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db [2009/11/29 20:41:21 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2009/11/29 16:22:58 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/11/29 16:22:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/11/29 16:22:58 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2009/11/29 16:22:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/11/29 16:22:52 | 00,544,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2009/11/29 16:22:52 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2009/11/29 16:22:52 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/11/29 16:22:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/11/29 16:22:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/11/29 16:22:32 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys [2009/11/29 16:22:29 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2009/11/29 16:22:23 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll [2009/11/29 16:22:23 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys [2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI [2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver [2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb [2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [1 C:\Documents and Settings\Rory Wilson\My Documents\*.tmp files -> C:\Documents and Settings\Rory Wilson\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/30 11:49:25 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2009/11/30 11:49:25 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2009/11/30 11:49:25 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2009/11/30 11:49:25 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2009/11/30 11:49:25 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2009/11/30 11:49:25 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2009/11/30 11:49:25 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2009/11/30 11:49:25 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2009/11/30 11:49:25 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2009/11/30 11:49:25 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2009/11/30 11:49:25 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2009/11/30 11:49:25 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2009/11/30 11:49:25 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2009/11/30 11:49:24 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2009/11/30 11:49:24 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2009/11/30 11:49:24 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2009/11/30 11:49:24 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2009/11/30 11:49:24 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2009/11/30 11:49:24 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2009/11/30 11:36:24 | 00,005,382 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos PO#KFD.pdf [2009/11/30 11:34:10 | 00,789,279 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos ART Layout for PO#KFD.pdf [2009/11/30 11:31:06 | 01,003,779 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Kirkland Fire.JPG [2009/11/29 16:22:58 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2009/11/29 16:22:52 | 00,544,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2009/11/29 16:22:52 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2009/11/29 16:22:48 | 45,961,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/29 16:22:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/11/29 16:22:48 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/11/29 16:22:48 | 00,106,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/29 16:13:08 | 20,090,63424 | -HS- | C] () -- C:\hiberfil.sys [2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini [2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI [2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI [2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR [2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log [2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat [2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys [2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys [2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini ========== LOP Check ========== [2009/11/29 16:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/11/29 16:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/11/28 21:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/11/22 19:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado [2009/10/21 17:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\InterVideo [2009/11/13 15:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon [2009/10/21 15:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\pdfforge [2009/10/21 14:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Search Settings [2009/10/24 21:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\toshiba [2008/09/11 13:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\WinBatch [2009/10/21 12:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Desktop Search [2009/10/25 14:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Search [2009/11/30 15:56:23 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job ========== Purity Check ========== < End of report >
  8. I ran the second OTL and posted it (see #3 above) yesterday...is there something else you need me to run?
  9. Hello...I've noticed that IE will not open http:// websites, but https:// will open. Mozilla is not causing a challenge. IE has all my links and I would like to get it back working also. Any suggestions?
  10. Here is the info from the new OTL scan...(BTW - Thank you very much for helping me!) OTL logfile created on: 11/29/2009 4:36:37 PM - Run 2 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 57.73% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 225.37 Gb Total Space | 197.46 Gb Free Space | 87.62% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEACONMKTG Current User Name: Rory Wilson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/29 16:22:39 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe PRC - [2009/11/29 16:22:34 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2009/11/29 16:22:29 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2009/11/29 16:22:29 | 00,744,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe PRC - [2009/11/29 16:22:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2009/11/29 16:22:29 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2009/11/29 16:22:28 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/07/29 14:52:10 | 01,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008/08/30 10:12:40 | 00,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe PRC - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe PRC - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe PRC - [2008/04/30 18:27:12 | 01,347,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe PRC - [2008/04/30 18:11:20 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2008/04/07 15:40:04 | 16,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE PRC - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/12/06 16:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe PRC - [2007/10/08 12:02:46 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2007/10/08 12:02:46 | 00,032,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2007/04/13 17:16:16 | 00,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe PRC - [2007/04/09 17:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe PRC - [2006/03/16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2002/12/04 10:52:48 | 00,237,568 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe ========== Modules (SafeList) ========== MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (McShield) SRV - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc) SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200 IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701 FF - prefs.js..extensions.enabledItems: [email protected]:2.710.016.005 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/29 16:22:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2009/11/29 16:22:46 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 16:12:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M] [2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions [2009/11/29 16:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions [2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/11/29 16:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AVG Security Toolbar [2009/11/29 16:23:09 | 00,000,000 | -H-D | C] -- C:\$AVG [2009/11/29 16:22:58 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/11/29 16:22:58 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/11/29 16:22:53 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/11/29 16:22:52 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/11/29 16:22:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2009/11/29 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/11/29 16:22:32 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys [2009/11/29 16:22:29 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2009/11/29 16:22:23 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll [2009/11/29 16:22:23 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys [2009/11/29 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/11/29 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/11/29 16:12:19 | 00,000,000 | ---D | C] -- C:\_OTL [2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes [2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix [2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's [2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado [2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads [2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs [2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators [2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys [2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache [2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files [2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector [2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft [2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft [2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft [2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Help [2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Help [2009/11/15 21:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Backups [2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll ========== Files - Modified Within 14 Days ========== [2009/11/29 16:27:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/29 16:26:17 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/29 16:26:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/29 16:26:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/29 16:25:58 | 20,090,63424 | -HS- | M] () -- C:\hiberfil.sys [2009/11/29 16:25:00 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/29 16:25:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini [2009/11/29 16:24:41 | 04,314,152 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db [2009/11/29 16:22:58 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/11/29 16:22:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/11/29 16:22:58 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2009/11/29 16:22:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/11/29 16:22:52 | 45,908,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/29 16:22:52 | 00,544,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2009/11/29 16:22:52 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2009/11/29 16:22:52 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/11/29 16:22:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/11/29 16:22:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/11/29 16:22:48 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/29 16:22:32 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys [2009/11/29 16:22:29 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys [2009/11/29 16:22:23 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll [2009/11/29 16:22:23 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys [2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 11:30:40 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe [2009/11/29 02:15:27 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst [2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009/11/28 17:19:46 | 00,109,645 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx [2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI [2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver [2009/11/25 08:31:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/20 20:29:14 | 00,622,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/20 20:29:14 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/20 20:29:14 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb [2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini ========== Files Created - No Company Name ========== [2009/11/29 16:22:58 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk [2009/11/29 16:22:52 | 00,544,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm [2009/11/29 16:22:52 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2009/11/29 16:22:48 | 45,908,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/11/29 16:22:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2009/11/29 16:22:48 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/11/29 16:22:48 | 00,106,123 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/11/29 16:13:08 | 20,090,63424 | -HS- | C] () -- C:\hiberfil.sys [2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 11:30:40 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe [2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini [2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI [2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI [2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR [2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log [2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat [2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys [2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys [2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/09/11 12:32:41 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini ========== LOP Check ========== [2009/11/29 16:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar [2009/11/29 16:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2009/11/28 21:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/11/22 19:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado [2009/10/21 17:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\InterVideo [2009/11/13 15:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon [2009/10/21 15:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\pdfforge [2009/10/21 14:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Search Settings [2009/10/24 21:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\toshiba [2008/09/11 13:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\WinBatch [2009/10/21 12:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Desktop Search [2009/10/25 14:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Search [2009/11/29 16:26:17 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== < End of report >
  11. Here are the reports from the scans... (MBAM, Rooter, LockSearch, CKScanner, RootRepeal, and OTL logs) Thank you - Rory Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 (Safe Mode) 11/29/2009 1:46:59 AM mbam-log-2009-11-29 (01-46-52).txt Scan type: Full Scan (C:\|) Objects scanned: 197820 Time elapsed: 15 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\Cache\D8AABD14d01 (Rogue.Installer) -> No action taken. Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . [wscsvc] STOPPED (state:1) : Security Center -> Disabled ! [sharedAccess] RUNNING (state:4) Windows Firewall -> Enabled . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.5.5 (en-US) . C:\ [Fixed-NTFS] .. ( Total:225 Go - Free:199 Go ) D:\ [CD_Rom] . Scan : 10:59.31 Path : C:\Documents and Settings\Rory Wilson\My Documents\Downloads\Rooter.exe User : Rory Wilson ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (744) ______ \??\C:\WINDOWS\system32\csrss.exe (800) ______ \??\C:\WINDOWS\system32\winlogon.exe (824) ______ C:\WINDOWS\system32\services.exe (868) ______ C:\WINDOWS\system32\lsass.exe (880) ______ C:\WINDOWS\system32\svchost.exe (1040) ______ C:\WINDOWS\system32\svchost.exe (1124) ______ C:\WINDOWS\system32\svchost.exe (1364) ______ C:\WINDOWS\system32\svchost.exe (1392) ______ C:\WINDOWS\Explorer.EXE (1180) ______ C:\Program Files\Mozilla Firefox\firefox.exe (1808) ______ C:\Documents and Settings\Rory Wilson\My Documents\Downloads\Rooter.exe (332) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:241987705344) \Device\Harddisk0\Partition2 (Start_Offset:241987737600 | Length:8068999680) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\OGALogon.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 11:00.18 . C:\Rooter$\Rooter_1.txt - (29/11/2009 | 11:00.18) LockSearch by jpshortstuff (05.11.09.1) Log created at 11:01 on 29/11/2009 (Rory Wilson) Scanning C:\ C:\pagefile.sys ------------------------- -=E.O.F=- CKScanner - Additional Security Risks - These are not necessarily bad c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr12\tiles\stone\cracks2m.cpt c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\food\bread\cracker.cdr c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\police\misc\crack.cdr c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\spec_occ\misc\crack032.cdr c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\spec_occ\xmasmisc\nutcrack.cdr c:\program files\corel\corel graphics 12\custom data\bumpmap\cracks.cpt c:\program files\corel\corel graphics 12\custom data\canvas\cracks2c.pcx c:\program files\corel\corel graphics 12\custom data\tiles\cracks2m.cpt c:\program files\visual link spanish\level i complete cd\lib\imgs\crackers.swf scanner sequence 3.ED.11 ----- EOF ----- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/29 11:36 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0xB9CAC000 Size: 843776 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA63B000 Size: 49152 File Visible: No Signed: - Status: - ==EOF== OTL logfile created on: 11/29/2009 11:48:52 AM - Run 1 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 79.46% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 225.37 Gb Total Space | 199.39 Gb Free Space | 88.47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEACONMKTG Current User Name: Rory Wilson Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe MOD - [2009/05/24 21:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll MOD - [2008/04/14 04:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (McSysmon) SRV - File not found -- -- (McShield) SRV - File not found -- -- (MBYPJH) SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc) SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv) SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger) SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) ========== Driver Services (SafeList) ========== DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/05/22 15:53:58 | 00,154,624 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR) DRV - [2008/05/21 11:48:46 | 06,018,464 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/04/28 05:14:54 | 03,626,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2008/04/14 04:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pciide.sys -- (PCIIde) DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/09 17:01:16 | 04,703,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/03/20 11:32:24 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008/03/06 11:51:14 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2008/02/22 18:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008/01/03 21:10:16 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/12/17 10:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2007/12/06 16:41:42 | 00,220,032 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007/04/04 07:56:48 | 00,005,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk) DRV - [2007/03/26 11:22:18 | 00,105,856 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf) DRV - [2007/02/22 14:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2007/02/19 11:15:32 | 00,134,016 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf) DRV - [2006/11/28 14:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2003/01/29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home" FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.123 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 14:56:23 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M] [2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions [2009/11/28 20:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions [2009/11/11 22:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected] [2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/19 14:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/11/19 14:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe () O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe () O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation) O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a4fc31ea-cf1c-11de-9fde-001e653d3bb4}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O33 - MountPoints2\{a8732da1-d469-11de-9fe7-001e653d3bb4}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$ [2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes [2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/28 21:59:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\AVG8 [2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/11/28 21:20:39 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix [2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster [2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos [2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/11/28 17:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj [2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's [2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado [2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads [2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs [2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators [2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys [2009/11/20 14:56:29 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache [2009/11/20 14:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons [2009/11/20 10:13:12 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys [2009/11/20 10:13:12 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files [2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector [2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft [2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft [2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft [2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Help [2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Help [2009/11/15 21:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Backups [2009/11/13 15:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon [2009/11/13 15:50:16 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll [2009/11/13 15:50:15 | 00,415,504 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll [2009/11/13 15:50:15 | 00,368,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL [2009/11/13 15:50:15 | 00,294,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll [2009/11/13 15:50:15 | 00,044,304 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrpfs35.dll [2009/11/13 15:50:15 | 00,039,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\JETCOMP.exe [2009/11/13 15:50:14 | 01,238,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt4jlt.dll [2009/11/13 15:50:14 | 01,050,896 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2009/11/13 15:50:14 | 00,262,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll [2009/11/13 15:50:14 | 00,252,688 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll [2009/11/13 15:50:14 | 00,250,128 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll [2009/11/13 15:50:14 | 00,168,720 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll [2009/11/13 15:50:14 | 00,166,672 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll [2009/11/13 15:50:11 | 00,393,216 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRDO20.DLL [2009/11/13 15:50:11 | 00,151,552 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdocurs.dll [2009/11/13 15:50:11 | 00,123,664 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll [2009/11/13 15:50:11 | 00,024,848 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll [2009/11/13 15:49:51 | 00,000,000 | ---D | C] -- C:\Program Files\Nikon [2009/11/13 15:49:21 | 00,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2009/11/13 15:49:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2009/11/13 15:48:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2009/11/13 15:48:46 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/11/13 15:48:09 | 00,163,840 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Screen Saver.scr [2009/11/13 15:47:17 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\pcdlib32.dll [2009/11/13 15:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft [2009/11/13 15:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon [2009/11/11 23:05:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AskToolbar [2009/11/11 22:55:51 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com [2009/11/11 22:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2009/11/11 22:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc [2009/11/11 22:03:36 | 00,040,448 | ---- | C] (Intuit) -- C:\WINDOWS\Icg32.dll [2009/11/11 22:03:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Intuit [2009/11/11 22:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit [2009/11/09 17:26:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2009/11/09 17:25:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/11/08 13:48:11 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009/11/08 13:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/11/08 13:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2009/11/08 13:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2009/11/06 18:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/11/06 15:37:25 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys [2009/11/02 21:04:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Downloads [2009/11/02 10:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Teaching Docs [2009/11/01 19:15:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2009/10/30 21:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\skypePM [2009/10/30 21:52:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Skype [2009/10/30 21:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2009/10/30 21:51:32 | 00,000,000 | R--D | C] -- C:\Program Files\Skype [2009/10/30 21:51:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2009/10/30 15:21:51 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll [2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll ========== Files - Modified Within 30 Days ========== [2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 11:34:04 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/29 11:30:40 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe [2009/11/29 10:55:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/29 10:54:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/29 02:15:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini [2009/11/29 02:15:32 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db [2009/11/29 02:15:27 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst [2009/11/29 01:22:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/29 01:21:04 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 21:38:03 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata [2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009/11/28 21:20:39 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009/11/28 17:19:46 | 00,109,645 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx [2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI [2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver [2009/11/25 08:31:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/11/20 20:29:14 | 00,622,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/20 20:29:14 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/20 20:29:14 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 14:56:29 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid [2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/19 14:16:27 | 00,068,824 | ---- | M] () -- C:\WINDOWS\CouponPrinter.ocx [2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb [2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/13 15:50:21 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk [2009/11/13 15:49:05 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\qttask.exe [2009/11/13 15:49:02 | 00,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp [2009/11/11 22:59:42 | 00,121,853 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\JRBC Funds Forms.pdf [2009/11/11 22:43:24 | 00,025,053 | ---- | M] () -- C:\WINDOWS\unins000.dat [2009/11/11 22:42:58 | 00,695,617 | ---- | M] () -- C:\WINDOWS\unins000.exe [2009/11/11 22:13:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\ICOA.INI [2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QFNONL.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QFN.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QDQICK.ini [2009/11/11 22:03:37 | 00,000,064 | ---- | M] () -- C:\WINDOWS\QBWCD.INI [2009/11/10 15:34:30 | 00,070,832 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Brink Blanket - Final Art.pdf [2009/11/09 22:12:26 | 00,172,810 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Beacon - Forms.cdr [2009/11/09 17:31:02 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/09 17:31:02 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009/11/08 13:48:02 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/11/08 13:48:02 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/11/08 13:46:26 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/11/04 09:41:08 | 00,086,773 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Window Stickers - Final.pdf [2009/11/03 18:16:49 | 00,000,124 | ---- | M] () -- C:\WINDOWS\iPlayer.INI [2009/10/30 21:55:24 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat ========== Files Created - No Company Name ========== [2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat [2009/11/29 11:30:40 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe [2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2009/11/28 21:38:03 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata [2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat [2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf [2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf [2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job [2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf [2009/11/13 15:50:21 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk [2009/11/13 15:50:15 | 00,170,865 | R--- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp [2009/11/13 15:50:15 | 00,006,902 | R--- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt [2009/11/13 15:50:12 | 00,037,062 | R--- | C] () -- C:\WINDOWS\System32\odbcinst.hlp [2009/11/13 15:50:12 | 00,000,324 | R--- | C] () -- C:\WINDOWS\System32\odbcinst.cnt [2009/11/13 15:49:05 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe [2009/11/13 15:49:00 | 00,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp [2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini [2009/11/11 22:55:53 | 00,000,246 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009/11/11 22:43:23 | 00,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe [2009/11/11 22:43:23 | 00,025,053 | ---- | C] () -- C:\WINDOWS\unins000.dat [2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI [2009/11/11 22:03:36 | 00,005,776 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat [2009/11/10 15:34:29 | 00,070,832 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Brink Blanket - Final Art.pdf [2009/11/09 20:21:03 | 00,068,824 | ---- | C] () -- C:\WINDOWS\CouponPrinter.ocx [2009/11/09 15:16:36 | 00,172,810 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Beacon - Forms.cdr [2009/11/08 13:46:26 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2009/11/06 15:37:25 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD [2009/11/04 09:41:06 | 00,086,773 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Window Stickers - Final.pdf [2009/11/04 07:58:49 | 00,271,360 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst [2009/10/30 21:55:24 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI [2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR [2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log [2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat [2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys [2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys [2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll [2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll [2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008/09/11 12:32:41 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: ATAPI.SYS > [2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\atapi.sys [2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008/04/15 01:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys [2008/04/15 01:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-25 16:31:26 < End of report > OTL Extras logfile created on: 11/29/2009 11:48:52 AM - Run 1 OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 79.46% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 8184 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 225.37 Gb Total Space | 199.39 Gb Free Space | 88.47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BEACONMKTG Current User Name: Rory Wilson Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- () "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3 "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility "{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007 "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6 "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader "{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration "{FB3171AA-E420-45ED-BE0B-A6763B9DE305}" = Visual Link Spanish Level 1 v.4 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "ArcSoft Software Suite" = ArcSoft Software Suite "Belarc Advisor" = Belarc Advisor 8.1 "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "ERUNT_is1" = ERUNT 1.1j "Foxit PDF Editor" = Foxit PDF Editor "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool "InterActual Player" = InterActual Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Picasa2" = Picasa 2 "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "PROR" = Microsoft Office Professional 2007 "QuickBooks" = QuickBooks "QuickTime" = QuickTime "SpywareBlaster_is1" = SpywareBlaster 4.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/28/2009 7:39:36 PM | Computer Name = BEACONMKTG | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206. Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 7040 Description = The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801) Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3029 Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800) Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3028 Description = The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800) Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3058 Description = The application cannot be initialized. Context: Windows Application Details: The content index cannot be read. (0xc0041800) Error - 11/29/2009 12:18:04 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\Rory Wilson\Local Settings\Temporary Internet Files\Content.IE5\3SRVWYET\mvt_en-us[1].msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 11/29/2009 12:18:29 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My Downloads\mvt_en-us.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 11/29/2009 12:18:55 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My Downloads\mvt_en-us.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 11/29/2009 12:18:59 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My Downloads\mvt_en-us.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error - 11/29/2009 12:30:58 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008 Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My Downloads\mvt_en-us.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted. [ System Events ] Error - 11/29/2009 12:31:34 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} Error - 11/29/2009 12:32:22 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} Error - 11/29/2009 12:32:22 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A} Error - 11/29/2009 12:34:49 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11/29/2009 12:59:47 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 11/29/2009 1:19:19 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 11/29/2009 1:27:44 AM | Computer Name = BEACONMKTG | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: atapi PCIIde Error - 11/29/2009 1:35:25 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10016 Description = The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. Error - 11/29/2009 2:55:33 PM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 11/29/2009 2:56:03 PM | Computer Name = BEACONMKTG | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: atapi BANTExt Fips intelppm mfehidk PCIIde < End of report >