Sponsored By

Hellogb

Members
  • Content Count

    9
  • Joined

  • Last visited

About Hellogb

  • Rank
    Member
  1. Tom: Avenger 1st, then Malwarebytes. Even typing this short reply to you took almost 5 minutes while the CPU ran up and down to 100%. Gary Here is another scan with v1.44: Malwarebytes' Anti-Malware 1.44 Database version: 3575 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/16/2010 1:57:35 PM mbam-log-2010-01-16 (13-57-35).txt Scan type: Quick Scan Objects scanned: 160249 Time elapsed: 26 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Tom: Here's the latest. System remains s-l-o-w. Even like writing this post took 10 minutes while waiting for 100% cpu. 99% was on iexplore.exe with only this window open in IE. Gary 1. Avenger Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\Recycler" deleted successfully. Completed script processing. ******************* Finished! Terminate. 2. Malware log Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/14/2010 11:07:31 AM mbam-log-2010-01-14 (11-07-31).txt Scan type: Quick Scan Objects scanned: 156339 Time elapsed: 27 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\NPROTECT\00000356.exe (Trojan.Banker) -> Quarantined and deleted successfully.
  3. Tom: Here's the latest. System remains s-l-o-w. Even like writing this post took 10 minutes while waiting for 100% cpu. 99% was on iexplore.exe with only this window open in IE. Gary 1. Avenger Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\Recycler" deleted successfully. Completed script processing. ******************* Finished! Terminate. 2. Malware log Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/14/2010 11:07:31 AM mbam-log-2010-01-14 (11-07-31).txt Scan type: Quick Scan Objects scanned: 156339 Time elapsed: 27 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\NPROTECT\00000356.exe (Trojan.Banker) -> Quarantined and deleted successfully.
  4. Hi Tom: Yeh, system is really s-l-o-w and wanted to also tell you that several times when I tried to return here to post I got the following warning: Norton Internet Worm protection has detected and blocked an intrusion attempt. Intrusion: HTTP MSIE com object memory corruption Intruder: www.besttechie.net (188.40.40.140)(http(80)) Risk Level: High Protocol: TCP Attacked: Field Computer (192.168.1.3.9) Attacked Port: 1076, 1070, 1565 (varies) Another observation: when system is "hanging" there is a lot of disk action (as observed by the onboard led). Here's the information you requested: 1. OTL Log ========== FILES ========== File\Folder C:\WINDOWS\Downloaded Program Files\vzbb.dll not found. Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER scheduled to be moved on reboot. OTL by OldTimer - Version 3.1.20.1 log created on 01092010_083939 Files\Folders moved on Reboot... Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER scheduled to be moved on reboot. Registry entries deleted on Reboot... 2. OTL.Txt OTL logfile created on: 1/9/2010 10:59:06 AM - Run 4 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 495.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 59.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 35.52 Gb Free Space | 38.13% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS Computer Name: FIELDCOMPUTER Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation) PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.) PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- File not found SRV - (Iomega Activity Disk2) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions) SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation) SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation) SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation) SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation) SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com)) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS () DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation) DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation) DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation) DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation) DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link ) DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation) DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation) DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation) DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies) DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH) DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems) DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH) DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.) DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys () DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.) DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH) DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT) DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.com" FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007 FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0.10 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M] [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions [2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected] [2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions [2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions [2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009/12/31 16:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll [2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation) O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/31 07:26:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes [2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis [2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead [2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot [2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/09 11:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/01/09 09:37:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/09 09:35:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/09 09:35:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/09 09:35:24 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys [2010/01/09 09:33:45 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini [2010/01/09 09:33:44 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT [2010/01/06 12:14:59 | 00,202,752 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls [2010/01/06 11:55:53 | 00,227,328 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls [2010/01/04 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job [2010/01/01 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job [2009/12/31 15:36:54 | 00,028,066 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls [2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls [2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/31 16:26:30 | 00,028,066 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html [2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini [2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI [2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML [2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR [2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR [2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini [2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll [2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini [2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI [2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI [2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL [2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS [2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI [2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini [2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI [2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll [2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini [2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll [2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll [2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll [2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll [2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll [2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll [2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys [2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll [1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv < End of report >
  5. Hi Tom: I've been running for a couple of days now and honestly, I believe I am actually worse now. I am sorry to report this. Even writing this reply is interrupted (characters stop) while CPU is running 100%. What can you tell me about what you found or what you suggest I do. Thanks again, Gary
  6. Hello Tom: 1. OTL Log: ========== FILES ========== C:\WINDOWS\Downloaded Program Files\vzbb.dll moved successfully. c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1007 folder moved successfully. c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1005\Dc3 folder moved successfully. c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1005 folder moved successfully. Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER scheduled to be moved on reboot. OTL by OldTimer - Version 3.1.20.1 log created on 01032010_155225 Files\Folders moved on Reboot... Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot. Folder move failed. c:\RECYCLER scheduled to be moved on reboot. Registry entries deleted on Reboot... 2. OTL.txt: OTL logfile created on: 1/3/2010 4:12:58 PM - Run 3 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 495.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 33.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 35.78 Gb Free Space | 38.41% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS Computer Name: FIELDCOMPUTER Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation) PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.) PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- File not found SRV - (Iomega Activity Disk2) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions) SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation) SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation) SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation) SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation) SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com)) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS () DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation) DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation) DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation) DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation) DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link ) DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation) DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation) DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation) DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies) DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH) DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems) DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH) DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.) DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys () DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.) DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH) DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT) DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.com" FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007 FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0.10 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M] [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions [2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected] [2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions [2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions [2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009/12/30 22:11:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll [2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation) O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/31 07:26:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes [2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis [2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead [2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot [2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/03 16:25:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2010/01/03 15:57:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/03 15:56:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/03 15:56:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/03 15:56:12 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys [2010/01/03 15:54:34 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT [2010/01/03 15:54:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini [2010/01/03 15:41:43 | 00,195,072 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls [2010/01/01 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job [2009/12/31 15:36:54 | 00,028,066 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html [2009/12/28 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls [2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls [2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls [2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/31 16:26:30 | 00,028,066 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html [2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini [2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI [2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML [2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR [2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR [2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini [2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll [2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini [2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI [2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI [2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL [2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS [2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI [2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini [2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI [2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll [2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini [2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll [2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll [2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll [2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll [2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll [2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll [2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys [2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll [1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv < End of report > Thanks again, Gary
  7. Hi Tom: Thanks again for the help so far. Here are the reports you requested: 1. Found and removed Viewpoint Media Player. 2. Removed all of the J2SE Runtime and Java 6 Updates you listed. I swear I removed Java SE once and then found it there again and removed it again. There is a Java 6 Update 17 in the program list. As you did not list it, I left it there. 3. Log file from OTL: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bill W ->Temp folder emptied: 107190 bytes ->Temporary Internet Files folder emptied: 45628496 bytes User: Default User ->Temp folder emptied: 850426 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gary ->Temp folder emptied: 177601886 bytes ->Temporary Internet Files folder emptied: 194535726 bytes ->Java cache emptied: 71790088 bytes ->FireFox cache emptied: 146567893 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 9424073 bytes User: LogMeInRemoteUser ->Temp folder emptied: 850426 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner ->Temp folder emptied: 324762 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 109640 bytes %systemroot%\System32 .tmp files removed: 6485769 bytes Windows Temp folder emptied: 713721 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 850426 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 889786 bytes RecycleBin emptied: 743095357 bytes Total Files Cleaned = 1,335.00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.1.20.1 log created on 12302009_222541 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Gary\Local Settings\Temp\Temporary Internet Files\Content.IE5\SD6Z492F\2422251_728x90[2].com%2Fdocs%2F199794%2FBusiness-Corporations-Shareholders-Resolution-for-Blanket-Authority-to-Sell-Property&rfkwd=llc%2Bresolution%2Bto%2Bsell%2Bproperty&se=google not found! File\Folder C:\Documents and Settings\Gary\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1Q3O9EZ\2422251_728x90[2].com%2Fdocs%2F6565%2FShareholders-Resolution-For-Blanket-Authority-to-Sell-Corporate-Property&rfkwd=corporate%2Bresolution%2Bto%2Bsell%2Bproperty&se=google not found! Registry entries deleted on Reboot... 4. From OTL.Txt: OTL logfile created on: 12/30/2009 11:32:32 PM - Run 2 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 495.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 43.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 35.58 Gb Free Space | 38.20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS Computer Name: FIELDCOMPUTER Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation) PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.) PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LexBceS) -- File not found SRV - (Iomega Activity Disk2) -- File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions) SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions) SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation) SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation) SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation) SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation) SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation) SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation) SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.) DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com)) DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com)) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation) DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS () DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation) DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation) DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation) DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation) DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link ) DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation) DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation) DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation) DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies) DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH) DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems) DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH) DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.) DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys () DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.) DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH) DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT) DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.com" FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007 FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0.10 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1 FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M] [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions [2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected] [2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions [2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions [2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009/12/30 22:11:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/04/12 07:13:29 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll [2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL [2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation) O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL [2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes [2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis [2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead [2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot [2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/30 23:45:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2009/12/30 22:46:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/30 22:45:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/30 22:45:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/30 22:45:10 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys [2009/12/30 22:44:03 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT [2009/12/30 22:43:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini [2009/12/30 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job [2009/12/28 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls [2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls [2009/12/21 07:10:01 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls [2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls [2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini [2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI [2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk [2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML [2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR [2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR [2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini [2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll [2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini [2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI [2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI [2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL [2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS [2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI [2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini [2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI [2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll [2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini [2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll [2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll [2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll [2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll [2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll [2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll [2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys [2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll [1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv < End of report > 5. From Malwarebytes quick scan: Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 12/31/2009 7:18:35 AM mbam-log-2009-12-31 (07-18-35).txt Scan type: Quick Scan Objects scanned: 143786 Time elapsed: 13 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 6. From BitDefender: BitDefender Online Scanner Scan report generated at: Thu, Dec 31, 2009 - 15:36:47 Scan path: A:\;C:\;D:\;E:\; Statistics Time 07:54:23 Files 925794 Folders 8761 Boot Sectors 0 Archives 108745 Packed Files 30838 Results Identified Viruses 7 Infected Files 15 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 16 Engines Info Virus Definitions 4803415 Engine build AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009) Scan plugins 17 Archive plugins 44 Unpack plugins 8 E-mail plugins 6 System plugins 4 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll Detected with: Gen:[email protected] C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll Disinfection failed C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll Deleted C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll Detected with: Gen:[email protected]!hOji C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll Disinfection failed C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll Deleted C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll Detected with: Gen:[email protected] C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll Disinfection failed C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll Deleted C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll Detected with: Gen:[email protected] C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll Disinfection failed C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll Deleted C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp=>(Quarantine-2) Infected with: Java.Trojan.Exploit.Bytverify.I C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp Deleted C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp=>(Quarantine-2) Infected with: Trojan.Java.Classloader.AO C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp=>(Quarantine-2) Deleted C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp Deleted C:\RECYCLER\NPROTECT\01135528.dll Detected with: Gen:[email protected] C:\RECYCLER\NPROTECT\01135528.dll Disinfection failed C:\RECYCLER\NPROTECT\01135528.dll Deleted C:\RECYCLER\NPROTECT\01135529.dll Detected with: Gen:[email protected]!hOji C:\RECYCLER\NPROTECT\01135529.dll Disinfection failed C:\RECYCLER\NPROTECT\01135529.dll Deleted C:\RECYCLER\NPROTECT\01135530.dll Detected with: Gen:[email protected] C:\RECYCLER\NPROTECT\01135530.dll Disinfection failed C:\RECYCLER\NPROTECT\01135530.dll Deleted C:\RECYCLER\NPROTECT\01135531.dll Detected with: Gen:[email protected] C:\RECYCLER\NPROTECT\01135531.dll Disinfection failed C:\RECYCLER\NPROTECT\01135531.dll Deleted C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll Detected with: Gen:[email protected] C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll Disinfection failed C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll Deleted C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll Detected with: Gen:[email protected]!hOji C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll Disinfection failed C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll Deleted C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll Detected with: Gen:[email protected] C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll Disinfection failed C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll Deleted C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll Detected with: Gen:[email protected] C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll Disinfection failed C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll Deleted C:\WINDOWS\Downloaded Program Files\vzbb.dll Detected with: Adware.Megasearch.H C:\WINDOWS\Downloaded Program Files\vzbb.dll Delete failed So there is everything you requested, I believe. Please let me know how to proceed. Happy New Year to you, Gary
  8. Good Morning Tom: Thank you so much for helping me with this. I have run the program and posted the output below as you instructed. Gary [OTL logfile created on: 12/28/2009 8:36:40 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 495.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 33.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 34.38 Gb Free Space | 36.90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS Computer Name: FIELDCOMPUTER Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE PRC - [2008/04/23 14:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE PRC - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE PRC - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE PRC - [2008/01/17 11:42:02 | 00,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE PRC - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe PRC - [2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe PRC - [2007/03/01 18:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe PRC - [2006/06/22 13:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe PRC - [2006/03/23 14:15:18 | 00,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2006/03/22 19:27:53 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE PRC - [2004/12/03 10:52:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe PRC - [2004/11/22 17:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe PRC - [2004/08/30 23:52:10 | 00,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE PRC - [2004/08/30 23:50:38 | 00,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe PRC - [2004/08/04 02:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004/08/04 02:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe PRC - [2004/07/21 11:24:03 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2002/04/15 20:35:38 | 00,249,856 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe PRC - [2002/04/04 11:19:22 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2002/03/29 16:40:18 | 00,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2002/03/19 19:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE PRC - [2001/08/03 19:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe PRC - [2001/07/13 12:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe ========== Modules (SafeList) ========== MOD - [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (LexBceS) SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/10/03 09:51:15 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2009/04/24 06:57:30 | 00,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2008/12/11 11:04:58 | 00,111,896 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe -- (RetroExpLauncher) SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008/04/25 11:16:56 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2008/01/17 11:42:04 | 00,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2007/10/30 20:51:44 | 00,492,720 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2007/03/26 07:07:26 | 00,310,008 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - [2007/03/26 07:07:26 | 00,166,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2007/03/26 07:07:20 | 01,010,424 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2007/03/25 20:29:36 | 00,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2007/03/25 20:29:34 | 00,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9) SRV - [2007/03/01 18:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2006/03/23 14:15:18 | 00,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2006/03/22 19:27:53 | 00,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService) SRV - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor) SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc) SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe -- (SAVScan) SRV - [2004/12/03 10:52:38 | 00,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services) SRV - [2004/11/22 17:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost) SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/30 23:52:10 | 00,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService) SRV - [2004/08/30 23:50:38 | 00,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service) SRV - [2004/08/04 02:56:42 | 00,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon) SRV - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) SRV - [2004/07/21 11:24:03 | 00,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.msn.com" FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07076007 FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M] [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions [2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected] [2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions [2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\[email protected] [2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions [2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009/11/26 08:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll Hosts file not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation) O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation) O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/04/26 19:32:06 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation) NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (53483750268338176) ========== Files/Folders - Created Within 14 Days ========== [2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes [2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio [2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis [2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead [2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot [2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/28 08:55:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe [2009/12/27 14:10:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/27 14:07:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/27 14:07:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/27 14:07:14 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys [2009/12/27 14:05:35 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT [2009/12/27 14:05:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini [2009/12/27 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job [2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls [2009/12/21 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job [2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls [2009/12/21 07:10:01 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls [2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls [8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ] [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc [2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini [2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI [2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk [2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML [2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR [2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR [2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll [2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini [2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll [2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll [2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini [2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI [2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI [2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL [2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS [2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI [2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini [2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI [2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll [2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll [2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini [2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll [2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll [2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll [2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll [2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll [2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll [2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys [2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll [1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll [1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll [1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv ========== LOP Check ========== [2007/11/26 20:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis [2009/03/07 08:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2008/11/04 16:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2004/06/13 20:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2007/04/30 09:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compass Web Designs LLC [2007/04/30 21:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LCSW [2008/11/06 22:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2009/12/27 14:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp [2006/03/15 14:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/06/04 09:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2008/11/04 16:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Autodesk [2008/01/31 12:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Blackberry Desktop [2004/05/04 22:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Drag'n Drop CD [2002/04/29 13:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterTrust [2006/07/04 11:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo [2007/11/24 10:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage [2007/10/09 10:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech [2007/09/27 07:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeUpdate12 [2008/01/31 12:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Research In Motion [2006/03/15 16:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft [2007/05/23 09:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Southwest Airlines [2009/06/04 09:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TomTom [2009/01/26 22:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys [2001/08/18 07:00:00 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll [2001/08/18 07:00:00 | 00,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll [2001/08/18 07:00:00 | 00,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2001/08/18 07:00:00 | 00,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll < %systemroot%\*. /mp /s > < End of report > OTL Extras logfile created on: 12/28/2009 8:36:40 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 495.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 33.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 34.38 Gb Free Space | 36.90% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS Computer Name: FIELDCOMPUTER Current User Name: Gary Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found "C:\Files from Toshiba 3000\TAX01-BUSINESS\32bit\ttax.exe" = C:\Files from Toshiba 3000\TAX01-BUSINESS\32bit\ttax.exe:*:Enabled:2001 TurboTax Business -- (Intuit, Inc.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.) "C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Iomega StorCenter\retrospect\Retrospect.exe" = C:\Program Files\Iomega StorCenter\retrospect\Retrospect.exe:*:Enabled:Retrospect Express HD -- (EMC Corporation) "C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe" = C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service -- (EMC Corporation) "C:\Program Files\Iomega StorCenter\sohoclient.exe" = C:\Program Files\Iomega StorCenter\sohoclient.exe:*:Enabled:Storage Manager 2.0.10.42013 -- (EMC) "C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{011FDFFF-67D5-11D3-8CF4-0050048383FE}" = Excel 2000 Quattro Pro 7.0 Converter "{098104AB-F9FF-4BF5-B909-071C60164E82}" = TileGem "{0A8E3E6C-7A09-4D2F-9446-DBD4F65D32FA}" = Qlean$tart ProFile "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17 "{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Contractor Edition 2004 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express "{364F2A4B-C161-4E2C-8627-1440BC2E8030}" = Network Device Switch 3 "{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0 "{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console "{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009 "{4A5BED74-7167-48DC-8BA8-7366501B8B90}" = Remove Duplicates from Outlook Express "{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset "{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation "{5864B49E-03FC-481E-89B7-A6664CC2ACB4}" = eDrawings 2008 "{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home "{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING! "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort "{A600B935-50DC-476E-9432-95A13F416302}" = DBXpress "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2 "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5 "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682 "{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}" = PENTAX USB DISK Device "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006 "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.1 "{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier "{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5 "{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD "{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 "{C727AF2B-536C-4FA3-8671-4974B1F5C399}" = ConvertMe 2.4 "{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper "{CFB93E3F-D045-4E78-9D35-CFA7AC35BE5D}" = Pinnacle InstantCD/DVD Suite "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus "{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist "{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite "{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update "{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine "2001 TurboTax Business" = 2001 TurboTax Business "2001 TurboTax Deluxe" = 2001 TurboTax Deluxe "7-Zip" = 7-Zip 4.57 "ActiveTouchMeetingClient" = WebEx "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2 "ALi Audio Accelerator WDM Driver" = ALi Audio Accelerator WDM Driver "A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.5 "Autodesk Design Review 2009" = Autodesk Design Review 2009 "BlackBerry_{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2 "CCleaner" = CCleaner (remove only) "CdaC13Ba" = SafeCast Shared Components "Coupon Printer for Windows4.0" = Coupon Printer for Windows "EPSON Printer and Utilities" = EPSON Printer Software "GreenPower Order Entry" = GreenPower Order Entry "HijackThis" = HijackThis 2.0.2 "Iomega Backup" = Iomega Backup 4.4 "Iomega StorCenter" = Iomega StorCenter "IomegaWare" = IomegaWare 4.0.2 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "MSNINST" = MSN "OEDMR_is1" = OE Duplicate Remover "PhotoScape" = PhotoScape "Precision Tile_is1" = Precision Tile 3.0.4 "PROSet" = Intel® PRO Ethernet Adapter and Software "Quicken 2001 New User Edition" = Quicken 2001 New User Edition "RealPlayer 12.0" = RealPlayer "ST4UNST #1" = CKPRO5 "SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier (Symantec Corporation) "TFNF5" = Toshiba Hotkey Utility for Display Devices "TomTom HOME" = TomTom HOME 2.6.3.1609 "Toshiba Access" = Toshiba Access "Toshiba Power Saver" = TOSHIBA Power Saver "Toshiba Soft Modem" = Toshiba Soft Modem AMR "TOSHIBA Software Modem" = TOSHIBA Software Modem "Toshiba Software Upgrades" = Toshiba Software Upgrades "Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver "TOSHIBA Utilities" = TOSHIBA Utilities "Toshiba WinXP Registration" = Toshiba WinXP Registration "TouchED" = TOSHIBA TouchPad On/Off Utility V2.01.01 "TurboTax 2008" = TurboTax 2008 "TurboTax Business 2002" = TurboTax Business 2002 "TurboTax Business 2003" = TurboTax Business 2003 "TurboTax Business 2004" = TurboTax Business 2004 "TurboTax Business 2005" = TurboTax Business 2005 "TurboTax Business 2006" = TurboTax Business 2006 "TurboTax Business 2007" = TurboTax Business 2007 "TurboTax Business 2008" = TurboTax Business 2008 "TurboTax Deluxe 2002" = TurboTax Deluxe 2002 "TurboTax Deluxe 2003" = TurboTax Deluxe 2003 "TurboTax Deluxe 2004" = TurboTax Deluxe 2004 "TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006 "TurboTax Home & Business 2007" = TurboTax Home & Business 2007 "TurboTax Premier 2005" = TurboTax Premier 2005 "Verizon Online Help and Support" = Verizon Online Help and Support "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only) "VZBB" = Verizon Broadband Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Works" = Microsoft Works 4.0 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Pilot Desktop 2.0" = PalmPilot Desktop 2.0 "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/21/2009 8:18:50 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299 Description = simpleServer information: Error: Ignoring unknown directive "StartThread" At line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf Make sure the required module is loaded and the relevant handlers have been added. Ensure the directive is after all LoadModule and AddHandler directives. . Error - 12/22/2009 11:23:22 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/23/2009 8:31:10 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299 Description = simpleServer information: Error: Ignoring unknown directive "StartThread" At line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf Make sure the required module is loaded and the relevant handlers have been added. Ensure the directive is after all LoadModule and AddHandler directives. . Error - 12/24/2009 9:38:54 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299 Description = simpleServer information: Error: Ignoring unknown directive "StartThread" At line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf Make sure the required module is loaded and the relevant handlers have been added. Ensure the directive is after all LoadModule and AddHandler directives. . Error - 12/24/2009 12:08:36 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/24/2009 12:10:34 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1001 Description = Fault bucket 126637809. Error - 12/24/2009 8:11:22 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/24/2009 8:11:56 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1001 Description = Fault bucket 126637809. Error - 12/27/2009 3:09:27 PM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299 Description = simpleServer information: Error: Ignoring unknown directive "StartThread" At line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf Make sure the required module is loaded and the relevant handlers have been added. Ensure the directive is after all LoadModule and AddHandler directives. . Error - 12/28/2009 12:27:22 AM | Computer Name = FIELDCOMPUTER | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x115c9934. [ System Events ] Error - 12/24/2009 8:13:22 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034 Description = The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/25/2009 9:13:56 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the Netman service. Error - 12/26/2009 9:57:00 AM | Computer Name = FIELDCOMPUTER | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} Error - 12/26/2009 9:57:04 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect. Error - 12/26/2009 9:57:04 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7000 Description = The LiveUpdate service failed to start due to the following error: %%1053 Error - 12/27/2009 3:10:07 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7000 Description = The LexBce Server service failed to start due to the following error: %%2 Error - 12/27/2009 3:10:08 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: ppa3 Error - 12/27/2009 3:12:50 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034 Description = The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s). Error - 12/27/2009 3:13:52 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034 Description = The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s). Error - 12/27/2009 3:14:27 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034 Description = The Retrospect Express HD Launcher service terminated unexpectedly. It has done this 1 time(s). < End of report >
  9. I have been having issues with my system for a while. It runs very slow at times, CPU will run at 100% many times a day, with Internet Explorer being the main culprit. I ran Malwarebytes and the log follows. I have also run HijackThis and posted the log as well. Can someone help me identify any issues? Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 12/27/2009 9:41:26 AM mbam-log-2009-12-27 (09-41-26).txt Scan type: Full Scan (C:\|) Objects scanned: 286105 Time elapsed: 4 hour(s), 3 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe acrobat speed launcher (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Bill W\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Bill W\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1007\Dc130\acrobat_sl.exe (Trojan.Agent) -> Quarantined and deleted successfully. ************************************************************************************************************************************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03:39 AM, on 12/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\GEARSec.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" O4 - HKLM\..\Run: [TFncKy] "C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" /Type 20 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10529 bytes