http://www.dslreports.com/forum/cleanup Security Cleanup forum current topics en Copyright 2007, dslreports.com Wed, 10 Feb 2010 01:06:41 EDT Wed, 10 Feb 2010 01:06:41 EDT http://i.dslr.net/bbrdisc1.gif http://www.dslreports.com 19 18 bbr disc http://www.dslreports.com/forum/remark,23683058 Quarantined and deleted successfully. C:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully. IE asks about security setting and FF disappears from the screen, try to restart and it says that is already running. Even though the Trojan agent was quarantined and deleted, I believe there is still something out there running on my machine. This all started on the 15 of Jan. and has improved somewhat since I ran the pre-cleaning steps. I have run all the prechecks and this will exceed the 65kb limit so it will be several posts Thank you in advance for your help. rr Malwarebytes' Anti-Malware 1.44 Database version: 3582 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/20/2010 8:18:39 PM mbam-log-2010-01-20 (20-18-39).txt Scan type: Quick Scan Objects scanned: 134317 Time elapsed: 4 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL logfile created on: 1/20/2010 8:25:36 PM - Run 1 OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\David W Brown\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 171.43 Gb Total Space | 64.00 Gb Free Space | 37.33% Space Free | Partition Type: NTFS Drive D: | 57.48 Gb Total Space | 13.02 Gb Free Space | 22.66% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 104.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAVID Current User Name: David W Brown Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/01/20 20:02:37 | 00,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\David W Brown\Local Settings\Temp\clclean.0001 PRC - [2010/01/19 14:14:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\OTL.exe PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2009/09/25 23:31:32 | 00,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/05/21 10:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/05/01 22:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe PRC - [2007/04/10 11:01:16 | 02,066,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2007/04/10 11:01:06 | 01,537,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\GhostTray.exe PRC - [2007/03/15 18:16:42 | 00,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe PRC - [2006/10/16 17:27:20 | 00,822,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2006/10/16 17:22:37 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe PRC - [2006/07/06 06:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006/06/16 07:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006/02/16 08:20:20 | 01,118,208 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Creative\VoiceCenter\AndreaVC.exe PRC - [2005/10/31 09:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe PRC - [2005/09/08 04:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005/04/17 11:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2005/04/17 11:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2005/04/17 11:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2005/04/08 14:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2005/04/08 14:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2005/04/08 14:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2003/05/20 19:15:34 | 00,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\WINDOWS\system32\Ofps.exe PRC - [2003/05/20 19:13:10 | 00,040,960 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniForm 5.1\OFPA.exe PRC - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/01/19 14:14:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\OTL.exe MOD - [2008/05/01 22:15:35 | 00,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll MOD - [2008/04/13 18:11:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll MOD - [2008/04/13 18:11:51 | 00,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/09/25 23:32:18 | 00,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2009/08/06 19:50:02 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2007/09/12 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/04/10 11:01:16 | 02,066,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2007/02/01 21:03:07 | 00,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/16 17:27:20 | 00,822,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2006/10/16 17:22:37 | 00,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service) SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006/06/16 07:39:00 | 00,143,427 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper) SRV - [2005/08/16 19:05:38 | 00,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) SRV - [2005/04/17 11:30:42 | 00,124,608 | ---- | M] (symantec) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2005/04/17 11:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2005/04/17 11:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2005/04/08 14:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2005/04/08 14:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc) SRV - [2005/04/08 14:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc) SRV - [2005/03/30 20:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/05/20 19:15:34 | 00,049,152 | ---- | M] (ScanSoft, Inc.) [Auto | Running] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer) SRV - [1999/12/13 00:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/01/16 06:42:32 | 00,072,192 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\G27U565Sv.sys -- (G27U565Sv) DRV - [2009/08/27 02:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100115.050\NAVEX15.SYS -- (NAVEX15) DRV - [2009/08/27 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009/08/27 02:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100115.050\NAVENG.SYS -- (NAVENG) DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/04/10 11:00:54 | 00,146,912 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SymSnap.sys -- (SymSnap) DRV - [2007/04/10 11:00:52 | 00,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\V2iMount.sys -- (V2IMount) DRV - [2007/03/22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro) DRV - [2007/03/22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr) DRV - [2007/03/07 17:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/10/16 17:27:20 | 00,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd) DRV - [2006/07/24 09:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iastor.sys -- (iastor) DRV - [2006/06/16 07:39:00 | 03,581,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/06/05 12:49:08 | 00,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2006/06/05 02:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2006/01/10 11:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/01/04 14:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005/05/25 16:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN) DRV - [2005/04/05 10:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI) DRV - [2005/04/05 10:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2005/04/01 19:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2005/03/30 20:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2005/02/04 19:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/02/04 19:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2005/01/10 17:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/01/10 17:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2004/10/19 08:07:22 | 00,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1) DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061016 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/16 12:27:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 11:39:52 | 00,000,000 | ---D | M] [2010/01/16 12:28:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Mozilla\Extensions [2010/01/16 12:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Mozilla\Firefox\Profiles\fvil7q91.default\extensions [2010/01/16 11:39:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2010/01/20 02:13:13 | 00,318,433 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10922 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL () O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OmniForm OFPA] C:\Program Files\ScanSoft\OmniForm 5.1\OFPA.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [OmniFormReminder] C:\Program Files\ScanSoft\OmniForm 5.1\EReg\Ereg.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VoiceCenter] C:\Program Files\Creative\VoiceCenter\AndreaVC.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\David W Brown\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161833791265 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx (CamImage Class) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.arkansashighways.com/Road/acgm.cab (ActiveCGM Control) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.54.220.21 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\David W Brown\My Documents\My Pictures\new space bg.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\David W Brown\My Documents\My Pictures\new space bg.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{92e16b66-6491-11db-9838-0019d100c15f}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found O33 - MountPoints2\{b2a78712-88ea-11dd-99c8-0019d100c15f}\Shell - "" = AutoRun O33 - MountPoints2\{b2a78712-88ea-11dd-99c8-0019d100c15f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b2a78712-88ea-11dd-99c8-0019d100c15f}\Shell\AutoRun\command - "" = G:\start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/01/20 20:23:15 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\OTL.exe [2010/01/20 20:21:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\Clean 20 Jan [2010/01/20 02:19:12 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\TFC.exe [2010/01/20 02:17:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\Fix log [2010/01/20 02:03:50 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2010/01/19 21:30:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010/01/19 21:28:43 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\David W Brown\Desktop\Ad-AwareInstallation.exe [2010/01/18 07:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2010/01/18 07:19:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Application Data\muvee Technologies [2010/01/18 07:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate [2010/01/18 07:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Local Settings\Application Data\Downloaded Installations [2010/01/18 07:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\Carbonite [2010/01/18 07:13:40 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2010/01/18 07:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate [2010/01/18 07:12:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies [2010/01/16 21:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Application Data\Malwarebytes [2010/01/16 21:50:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/16 21:50:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/16 21:50:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/01/16 21:50:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/16 21:49:16 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David W Brown\Desktop\mbam-setup.exe [2010/01/16 15:56:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\IE Favorite [2010/01/16 12:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Application Data\Mozilla [2010/01/15 20:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\David BS [2010/01/14 18:25:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\oe [2010/01/13 07:07:00 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2009/12/30 22:41:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\MO STUFF HB [2009/12/28 18:45:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David W Brown\Desktop\Christmas 2009, SF [2009/12/24 12:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\iPod [2009/12/24 12:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009/12/24 12:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/12/24 12:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/08/06 19:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/08/06 19:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2009/07/31 02:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/02/26 20:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2008/02/14 01:49:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2007/12/22 21:14:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2007/07/22 03:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2006/11/25 04:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2006/11/25 04:38:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google [2006/11/22 17:45:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/01/20 20:03:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/20 20:03:01 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{255D0CDF-23CE-4DBF-98D2-C1E7996E649D}.job [2010/01/20 20:02:30 | 00,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/01/20 20:02:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/20 20:02:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/20 20:02:13 | 32,191,77472 | -HS- | M] () -- C:\hiberfil.sys [2010/01/20 20:01:16 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\David W Brown\NTUSER.DAT [2010/01/20 20:00:53 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\David W Brown\ntuser.ini [2010/01/20 20:00:03 | 00,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/01/20 19:56:55 | 00,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/01/20 19:48:11 | 00,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2010/01/20 19:35:01 | 00,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-865067878-3737679157-1093594984-1006UA.job [2010/01/20 15:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/20 09:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/20 06:00:53 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\David W Brown\Desktop\Word 2003.lnk [2010/01/20 03:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/20 02:24:50 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\David W Brown\Desktop\Spybot - Search & Destroy.lnk [2010/01/20 02:13:13 | 00,318,433 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/01/20 01:02:03 | 00,000,062 | -H-- | M] () -- C:\aaw7boot.cmd [2010/01/19 21:50:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/19 21:50:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/19 20:35:00 | 00,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-865067878-3737679157-1093594984-1006Core.job [2010/01/19 16:24:16 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\David W Brown\Desktop\Ad-AwareInstallation.exe [2010/01/19 14:14:34 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\OTL.exe [2010/01/19 14:12:02 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David W Brown\Desktop\TFC.exe [2010/01/18 20:10:24 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\Martin Luther virus.doc [2010/01/18 15:11:14 | 00,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk [2010/01/18 15:10:07 | 01,577,984 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\screen shot.doc [2010/01/18 07:21:29 | 00,199,680 | ---- | M] () -- C:\Documents and Settings\David W Brown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/18 07:14:34 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk [2010/01/18 07:13:39 | 00,002,034 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\muvee Reveal Seagate Edition.lnk [2010/01/16 21:50:08 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/16 21:49:25 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David W Brown\Desktop\mbam-setup.exe [2010/01/16 21:46:36 | 00,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job [2010/01/16 18:40:28 | 00,002,591 | ---- | M] () -- C:\Documents and Settings\David W Brown\Desktop\Excel 2003.lnk [2010/01/16 17:45:33 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\ff crash.doc [2010/01/16 11:39:55 | 00,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/01/16 07:07:41 | 00,010,496 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\ode to farts.docx [2010/01/16 06:42:32 | 00,072,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\G27U565Sv.sys [2010/01/14 11:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/01/14 03:02:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/13 06:34:53 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\Mr Artee WILLIAMDS.doc [2010/01/12 22:22:33 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\Airplane flyovers.xls [2010/01/11 20:10:33 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\I was terminated by Lenox because my short term disability had been exhausted.doc [2010/01/10 14:28:22 | 00,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2010/01/10 13:57:14 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\Salmon Grilled.doc [2010/01/10 13:15:53 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\Brining chicken breast.doc [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/06 13:12:43 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\PASSWORDS.xls [2010/01/01 11:07:18 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/12/28 17:53:34 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\bp david.xls [2009/12/25 16:01:36 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\563.doc [2009/12/24 12:02:25 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\OOEY.doc [2009/12/23 16:05:59 | 00,001,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/23 09:12:52 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\David W Brown\My Documents\7 cups cooked sweet potatoes.doc [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/20 01:02:03 | 00,000,062 | -H-- | C] () -- C:\aaw7boot.cmd [2010/01/19 21:38:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/19 21:38:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/01/19 21:38:49 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/01/19 21:38:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/01/19 21:38:47 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/01/18 15:10:06 | 01,577,984 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\screen shot.doc [2010/01/18 07:14:34 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk [2010/01/18 07:13:39 | 00,002,034 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\muvee Reveal Seagate Edition.lnk [2010/01/18 05:09:37 | 32,191,77472 | -HS- | C] () -- C:\hiberfil.sys [2010/01/17 23:31:59 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\Martin Luther virus.doc [2010/01/16 21:50:08 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/16 17:45:33 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\ff crash.doc [2010/01/16 11:39:55 | 00,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/01/16 07:07:41 | 00,010,496 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\ode to farts.docx [2010/01/16 06:42:31 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\G27U565Sv.sys [2010/01/12 22:22:33 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\Airplane flyovers.xls [2010/01/11 20:44:34 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\Mr Artee WILLIAMDS.doc [2010/01/11 18:47:40 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\I was terminated by Lenox because my short term disability had been exhausted.doc [2010/01/10 13:57:14 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\Salmon Grilled.doc [2010/01/10 13:15:53 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\Brining chicken breast.doc [2009/12/25 16:01:36 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\563.doc [2009/12/24 12:17:25 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/12/24 12:02:25 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\OOEY.doc [2009/12/23 16:05:59 | 00,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk [2009/12/23 09:09:47 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\David W Brown\My Documents\7 cups cooked sweet potatoes.doc [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008/03/16 09:54:55 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Pt.dll [2007/12/15 12:57:27 | 00,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini [2007/08/19 11:45:20 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI [2007/08/19 11:45:14 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI [2007/06/06 22:17:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI [2007/06/06 21:48:06 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2007/06/06 21:47:44 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2007/02/20 19:26:24 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2007/02/09 20:26:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2007/01/05 18:49:14 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/12/16 19:25:20 | 00,000,100 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2006/11/23 17:20:01 | 00,417,792 | ---- | C] () -- C:\WINDOWS\System32\fxdb.dll [2006/11/23 17:19:36 | 01,213,440 | ---- | C] () -- C:\WINDOWS\System32\opengl.dll [2006/11/23 17:19:36 | 00,315,904 | ---- | C] () -- C:\WINDOWS\System32\glu.dll [2006/11/23 17:19:36 | 00,154,624 | ---- | C] () -- C:\WINDOWS\System32\glut.dll [2006/11/15 20:38:46 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2006/11/15 20:02:42 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/10/27 23:16:53 | 00,199,680 | ---- | C] () -- C:\Documents and Settings\David W Brown\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/27 23:11:11 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\David W Brown\Application Data\dvd.bmk [2006/10/26 23:52:07 | 00,000,280 | ---- | C] () -- C:\Documents and Settings\David W Brown\Application Data\wklnhst.dat [2006/10/25 20:18:42 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2006/10/22 20:24:56 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006/10/22 20:24:56 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\176621B6B5.sys [2006/10/18 22:22:02 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\David W Brown\Local Settings\Application Data\fusioncache.dat [2006/10/18 20:58:50 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/10/16 17:42:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/10/16 17:37:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/10/16 17:32:01 | 00,000,730 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/10/16 17:27:30 | 00,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll [2006/10/16 17:22:53 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI [2006/10/16 17:22:38 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll [2006/10/16 17:22:24 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini [2006/10/16 16:58:09 | 01,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL [2006/10/16 16:57:55 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006/10/16 16:56:43 | 00,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/11 16:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009/11/01 22:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN [2010/01/18 07:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2009/03/21 08:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2009/05/23 11:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2010/01/18 07:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate [2009/05/23 11:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2009/05/23 11:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard [2007/01/27 13:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/12/24 12:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/11 18:43:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/01 22:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\GARMIN [2007/06/03 16:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\iWin [2006/10/25 20:54:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Leadertech [2010/01/18 07:27:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\muvee Technologies [2006/11/15 19:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\RipIt4Me [2006/10/26 23:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Template [2009/03/12 17:26:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Unity [2007/01/27 13:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David W Brown\Application Data\Viewpoint [2010/01/19 21:50:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010/01/20 03:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010/01/20 09:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010/01/20 15:36:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010/01/19 21:50:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/01/16 21:46:36 | 00,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job [2010/01/20 20:03:01 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{255D0CDF-23CE-4DBF-98D2-C1E7996E649D}.job [color=#E56717]========== Purity Check ==========[/color] continued]]> http://www.dslreports.com/forum/remark,23683058 2010-01-21 21:50:55 http://www.dslreports.com/forum/remark,23746029 http://www.dslreports.com/forum/remark,23746029 2010-02-03 00:27:21 http://www.dslreports.com/forum/remark,23731253 http://www.dslreports.com/forum/remark,23731253 2010-01-31 09:55:25 http://www.dslreports.com/forum/remark,23764127 Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL logfile created on: 2/5/2010 8:13:23 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\jshriber\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.71 Gb Total Space | 355.42 Gb Free Space | 77.99% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 6.04 Gb Free Space | 60.37% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-PC Current User Name: jshriber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/02/05 20:09:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\jshriber\Desktop\OTL.exe PRC - [2010/02/03 10:40:01 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/02/03 10:39:59 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/02/03 10:39:59 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/02/03 10:39:58 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/02/03 10:39:42 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2010/02/03 10:39:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/02/03 10:39:31 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/02/03 10:39:26 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010/01/01 22:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/11/12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009/04/10 22:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe PRC - [2009/04/10 22:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009/01/13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008/02/04 14:18:40 | 000,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2008/02/04 14:18:32 | 000,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2008/01/18 23:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2008/01/18 23:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008/01/18 23:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe PRC - [2008/01/15 02:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/01/02 17:07:04 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008/01/02 17:07:02 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008/01/02 17:06:52 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2007/07/24 15:17:08 | 000,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2007/05/31 07:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe PRC - [2007/05/11 05:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2006/11/05 09:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe PRC - [2006/08/04 16:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/02/05 20:09:39 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\jshriber\Desktop\OTL.exe MOD - [2010/02/03 10:40:44 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2009/11/12 10:03:32 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/02/03 10:39:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/02/03 10:39:26 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2009/11/18 14:39:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2009/11/12 10:03:32 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire) SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2009/01/13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/07/18 12:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2008/07/18 12:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2008/02/04 14:18:32 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/16 06:54:49 | 000,138,168 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2008/01/15 02:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/07/24 15:17:08 | 000,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2007/05/31 07:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 07:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2006/11/05 09:15:12 | 000,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2006/11/05 09:13:00 | 000,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/09/14 12:54:34 | 000,073,728 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2006/08/04 16:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService) SRV - [2004/10/22 01:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/02/03 10:40:43 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/03 10:40:36 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/02/03 10:40:34 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/02/03 10:40:32 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/11/12 10:03:32 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2009/11/12 10:03:32 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2009/11/12 10:03:32 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009/10/30 11:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2009/09/03 09:45:12 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg) DRV - [2009/01/13 10:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2008/08/28 16:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008/01/16 14:26:57 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008/01/16 14:26:57 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008/01/16 14:26:57 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008/01/15 02:39:58 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2007/05/11 05:26:46 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/04/29 00:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007/04/26 02:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006/11/01 23:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006/11/01 22:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006/10/18 10:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006/10/18 10:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2006/10/18 10:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006/09/19 14:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/07/24 01:00:00 | 000,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006/06/19 13:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk) DRV - [2006/01/31 16:48:53 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPZius12.sys -- (HPZius12) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] ]]> http://www.dslreports.com/forum/remark,23764127 2010-02-06 11:19:48 http://www.dslreports.com/forum/remark,23725811 http://www.dslreports.com/forum/remark,23725811 2010-01-29 21:22:38 http://www.dslreports.com/forum/remark,23646109 http://www.dslreports.com/forum/remark,23646109 2010-01-14 23:19:49 http://www.dslreports.com/forum/remark,23725737 No action taken. HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\psisrndrz.dll (Redir.NewServerSearch) -> No action taken. -------------------------------------------------------------- Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:09:07 PM, on 30/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [PerfectSpeed.exe] C:\Program Files\Raxco\PerfectSpeed20\PerfectSpeed.exe /tray /startrun O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RegKillTray] "C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254952943046 O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Rx2Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe O23 - Service: Rx2Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe -- End of file - 12037 bytes]]> http://www.dslreports.com/forum/remark,23725737 2010-01-29 21:09:48 http://www.dslreports.com/forum/remark,23690033 http://www.dslreports.com/forum/remark,23690033 2010-01-23 09:51:46 http://www.dslreports.com/forum/remark,23708724 C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/01/26 17:13:42 | 00,773,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\ycmjpcz.sys [2010/01/26 17:08:36 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMC\Desktop\OTL.exe [2010/01/26 17:07:22 | 00,192,890 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\http___www.dslreports.pdf [2010/01/26 17:07:22 | 00,006,999 | ---- | M] () -- C:\Documents and Settings\CMC\Application Data\PrimoPDFSet.xml [2010/01/26 17:01:56 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/01/26 16:56:58 | 00,000,692 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini [2010/01/26 16:56:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/26 16:56:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/26 16:56:02 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys [2010/01/26 16:56:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/26 16:54:58 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\CMC\NTUSER.DAT [2010/01/26 16:54:58 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\CMC\ntuser.ini [2010/01/26 16:52:10 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CMC\Desktop\TFC.exe [2010/01/26 16:12:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\CMC\netstat [2010/01/26 14:27:48 | 00,000,706 | ---- | M] () -- C:\WINDOWS\win.ini [2010/01/26 14:27:48 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2010/01/26 14:27:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/01/26 14:13:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/01/21 22:53:28 | 00,000,841 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\Spybot - Search & Destroy.lnk [2010/01/21 21:06:04 | 00,088,879 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\Charles Schwab Posting.pdf [2010/01/21 19:19:58 | 00,016,714 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\Laurie_Margheim_resume.docx [2010/01/21 16:16:06 | 00,225,010 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\DU Posting - Executive asst.pdf [2010/01/20 17:29:48 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ympdpcdx.sys [2010/01/15 19:18:12 | 00,294,577 | ---- | M] () -- C:\Documents and Settings\CMC\Desktop\SkiTrainFlyer20Feb13.pdf [2010/01/15 14:18:40 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\CMC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/01/14 20:18:58 | 00,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk [2010/01/14 11:45:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2010/01/12 19:44:36 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/11 00:00:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/29 11:45:08 | 00,000,211 | ---- | M] () -- C:\Boot.bak [1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/26 17:06:34 | 00,001,162 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp5.log [2010/01/26 16:52:53 | 00,192,890 | ---- | C] () -- C:\Documents and Settings\CMC\Desktop\http___www.dslreports.pdf [2010/01/26 16:12:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\CMC\netstat [2010/01/21 22:53:26 | 00,000,841 | ---- | C] () -- C:\Documents and Settings\CMC\Desktop\Spybot - Search & Destroy.lnk [2010/01/21 21:06:01 | 00,088,879 | ---- | C] () -- C:\Documents and Settings\CMC\Desktop\Charles Schwab Posting.pdf [2010/01/21 19:20:04 | 00,016,714 | ---- | C] () -- C:\Documents and Settings\CMC\Desktop\Laurie_Margheim_resume.docx [2010/01/21 16:16:01 | 00,225,010 | ---- | C] () -- C:\Documents and Settings\CMC\Desktop\DU Posting - Executive asst.pdf [2010/01/20 17:29:47 | 00,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ympdpcdx.sys [2010/01/14 20:18:57 | 00,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PlayOn.lnk [2010/01/11 00:05:29 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010/01/11 00:00:18 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/12/29 14:05:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/12/29 14:05:35 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/12/29 14:04:05 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/12/29 14:04:05 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/12/29 14:04:05 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/12/29 14:04:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/12/29 14:04:05 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/12/28 15:46:44 | 00,773,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\ycmjpcz.sys [2009/05/01 18:00:29 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/01/03 00:51:24 | 00,000,094 | ---- | C] () -- C:\WINDOWS\MusicRip.ini [2009/01/02 23:05:53 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\CMC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/09/11 19:54:11 | 00,006,999 | ---- | C] () -- C:\Documents and Settings\CMC\Application Data\PrimoPDFSet.xml [2008/09/11 19:47:01 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2008/07/27 19:40:23 | 00,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008/04/28 10:13:33 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2007/11/23 23:57:15 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/10/08 16:35:11 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006/09/20 17:42:54 | 00,000,125 | ---- | C] () -- C:\WINDOWS\PRBACKUP.INI [2006/09/07 18:57:56 | 00,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini [2006/09/06 13:40:24 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2006/08/10 19:41:52 | 00,000,036 | ---- | C] () -- C:\WINDOWS\PrmSymPk32.INI [2006/08/10 19:33:14 | 00,000,827 | ---- | C] () -- C:\WINDOWS\BTI.INI [2006/08/10 19:33:08 | 00,145,408 | ---- | C] () -- C:\WINDOWS\System32\DBU_UI.DLL [2006/08/10 19:33:08 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL [2006/08/10 19:33:06 | 00,100,864 | ---- | C] () -- C:\WINDOWS\System32\WDBUUI32.DLL [2006/08/10 19:33:06 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL [2006/08/10 19:33:05 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2006/08/10 19:31:38 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [2006/04/07 18:42:45 | 00,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2006/03/11 16:13:05 | 00,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll [2006/02/28 20:38:46 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2005/08/05 11:13:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/07/30 08:36:12 | 00,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini [2005/03/09 09:50:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2005/03/07 12:32:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/07 12:22:45 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005/03/07 12:15:13 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2005/03/07 12:07:16 | 00,083,997 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2005/03/07 12:07:04 | 00,201,667 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2005/03/07 12:01:50 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2005/03/07 12:01:47 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005/03/07 11:54:46 | 00,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2003/03/09 14:31:04 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2001/04/02 20:21:52 | 00,413,760 | ---- | C] () -- C:\WINDOWS\System32\MPG4c32.dll [1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1980/01/01 00:00:00 | 00,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI [1980/01/01 00:00:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [color=#E56717]========== LOP Check ==========[/color] [2010/01/22 23:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI [2005/08/02 20:04:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2006/06/24 11:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TDK [2007/07/28 11:59:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/02/23 17:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/01/01 21:43:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall [2009/04/19 19:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/10/22 20:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/12/22 14:31:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2005/08/18 18:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\MSNInstaller [2006/02/05 11:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Netscape [2006/07/13 09:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\ICAClient [2006/08/30 21:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Leadertech [2006/10/06 14:01:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Image Zone Express [2006/10/14 10:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Snapfish [2007/12/17 22:24:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Costco Photo Viewer US [2008/11/20 19:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Smith Micro [2009/05/24 23:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Red Kawa [2009/12/12 16:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\W Photo Studio Viewer [2009/12/15 15:23:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Costco Photo Organizer [2009/12/15 17:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\CMC\Application Data\Printer Info Cache [2010/01/26 17:01:56 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] OTL Extras logfile created on: 1/26/2010 5:12:40 PM - Run 1 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\CMC\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 26.38 Gb Total Space | 9.44 Gb Free Space | 35.79% Space Free | Partition Type: FAT32 Drive D: | 26.55 Gb Total Space | 10.02 Gb Free Space | 37.72% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CRAIG Current User Name: CMC Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = htmlfile] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF -- (activePDF) "C:\Program Files\Mozilla Firefox\FIREFOX.EXE" = C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( ) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqnrs08.exe:*:Disabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- () "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqscnvw.exe:*:Disabled:hpqscnvw.exe -- () "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\MediaMall\MediaMallServer.exe" = C:\Program Files\MediaMall\MediaMallServer.exe:*:Enabled:MediaMall Server -- (MediaMall Technologies, Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300 "{0677D6E4-6C60-43EE-8ABA-F08A363D0C4E}" = QuickConnect "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp "{178BAABD-0C95-4EB6-9E12-29A039EA27F6}" = Qwest eChat Support Tools "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17 "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{30D298A8-8588-48B3-A3FB-2BE6E6AB1245}" = TurboTax 2008 wcoiper "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35709580-CF4C-4BA3-9833-13B39389F48B}" = Play On Plugin Pack "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{788B97E8-D825-419A-8558-1C0B344C5371}" = Costco Photo Organizer "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8 "{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C6522325-92ED-4312-A45A-04E45896C130}" = WLTB Custom Buttons "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{C98DD20D-5AE4-4EC5-97D0-15CFBEE63D42}" = PlayOn "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential "{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant "{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 2.0 "{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update "{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "AviSynth" = AviSynth 2.5 "AXIS Media Control Embedded" = AXIS Media Control Embedded "DVD Decrypter" = DVD Decrypter (Remove Only) "EPSON Scanner" = EPSON Scan "HP Imaging Device Functions" = HP Imaging Device Functions 6.1 "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1 "HPExtendedCapabilities" = HP Extended Capabilities 6.1 "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold "InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "Opanda IExif_is1" = Opanda IExif 2.3 "Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial "SiS VGA Driver" = SiS VGA Utilities "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "SureTrak 3.0" = SureTrak 3.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TightVNC_is1" = TightVNC 1.3.9 "TurboTax 2008" = TurboTax 2008 "Videora iPod Converter" = Videora iPod Converter 4.08 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinZip" = WinZip [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 1/21/2010 2:27:29 PM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/21/2010 2:27:32 PM | Computer Name = CRAIG | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 1/22/2010 2:42:49 AM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/22/2010 3:11:35 AM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/22/2010 4:36:21 AM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/22/2010 2:07:26 PM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.44.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/22/2010 6:50:36 PM | Computer Name = CRAIG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/23/2010 1:26:35 PM | Computer Name = CRAIG | Source = MPSampleSubmission | ID = 5000 Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P2 2.0.6212.0, P3 timeout, P4 1.1.5405.0, P5 unspecified, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 1/24/2010 2:43:22 PM | Computer Name = CRAIG | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 2.0.6212.0, P5 mpsigdwn.dll, P6 2.0.6212.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL. Error - 1/24/2010 2:45:14 PM | Computer Name = CRAIG | Source = MSSecurityEssentials | ID = 5000 Description = [ System Events ] Error - 1/26/2010 6:10:01 PM | Computer Name = CRAIG | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.107 for the Network Card with network address 00C09FA51181 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 1/26/2010 6:32:45 PM | Computer Name = CRAIG | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.101 for the Network Card with network address 00C09FA51181 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 1/26/2010 7:54:23 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7034 Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s). Error - 1/26/2010 7:54:23 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7034 Description = The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s). Error - 1/26/2010 7:54:23 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7031 Description = The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Error - 1/26/2010 7:54:23 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7034 Description = The SNMP Service service terminated unexpectedly. It has done this 1 time(s). Error - 1/26/2010 7:54:24 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 1/26/2010 7:56:16 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000 Description = The osaio service failed to start due to the following error: %%2 Error - 1/26/2010 7:56:16 PM | Computer Name = CRAIG | Source = Service Control Manager | ID = 7000 Description = The osanbm service failed to start due to the following error: %%2 Error - 1/26/2010 7:56:43 PM | Computer Name = CRAIG | Source = DCOM | ID = 10005 Description = DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} [ Windows OneCare Events ] Error - 7/28/2007 3:30:42 PM | Computer Name = CRAIG | Source = WinSS | ID = 1005 Description = Error - 7/28/2007 5:44:33 PM | Computer Name = CRAIG | Source = WinSS | ID = 1005 Description = Error - 7/28/2007 5:44:37 PM | Computer Name = CRAIG | Source = WinSS | ID = 1005 Description = Error - 7/28/2007 5:47:15 PM | Computer Name = CRAIG | Source = WinSS | ID = 1005 Description = Error - 7/28/2007 5:47:16 PM | Computer Name = CRAIG | Source = WinSS | ID = 1005 Description = Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Enabled! `````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Spybot - Search & Destroy Java(TM) 6 Update 17 Adobe Flash Player 10 Adobe Reader 7.0.8 Adobe Reader 7.0.5 Language Support [color=red]Out of date Adobe Reader installed![/color] `````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Windows Defender MSMpEng.exe `````````````````````````````` [u]DNS Vulnerability Check:[/u] POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS) `````````End of Log``````````` ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=dbad1b39b5880a4baa40cca1825cbafd # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-01-27 01:13:08 # local_time=2010-01-26 06:13:08 (-0700, Mountain Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 45453947 45453947 0 0 # compatibility_mode=5891 16776869 100 100 0 18254911 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=64515 # found=0 # cleaned=0 # scan_time=2196]]> http://www.dslreports.com/forum/remark,23708724 2010-01-26 22:17:34 http://www.dslreports.com/forum/remark,23721460 http://www.dslreports.com/forum/remark,23721460 2010-01-29 07:30:44