Slow system, CPU 100%, Malware releated issues

Recommended Software

(2 Pages)
1
2
>

You cannot start a new topic
You cannot reply to this topic

Slow system, CPU 100%, Malware releated issues

Tweet

#1 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 27 December 2009 - 11:09 PM

I have been having issues with my system for a while. It runs very slow at times, CPU will run at 100% many times a day, with Internet Explorer being the main culprit. I ran Malwarebytes and the log follows. I have also run HijackThis and posted the log as well. Can someone help me identify any issues?

Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/27/2009 9:41:26 AM
mbam-log-2009-12-27 (09-41-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 286105
Time elapsed: 4 hour(s), 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe acrobat speed launcher (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bill W\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill W\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1007\Dc130\acrobat_sl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**************************************************************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:39 AM, on 12/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [TFncKy] "C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe" /Type 20
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10529 bytes

This post has been edited by Hellogb: 27 December 2009 - 11:14 PM

#2 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 28 December 2009 - 03:56 AM

Hello, Hellogb
Welcome to the BestTechie Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

#3 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 28 December 2009 - 09:29 AM

Good Morning Tom: Thank you so much for helping me with this. I have run the program and posted the output below as you instructed. Gary

[OTL logfile created on: 12/28/2009 8:36:40 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 34.38 Gb Free Space | 36.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS

Computer Name: FIELDCOMPUTER
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2008/04/23 14:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2008/01/17 11:42:02 | 00,058,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/03/01 18:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2006/06/22 13:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/03/23 14:15:18 | 00,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/03/22 19:27:53 | 00,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2004/12/03 10:52:38 | 00,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2004/11/22 17:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/08/30 23:52:10 | 00,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2004/08/30 23:50:38 | 00,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2004/08/04 02:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/04 02:56:50 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2004/07/21 11:24:03 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2002/04/15 20:35:38 | 00,249,856 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2002/04/04 11:19:22 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2002/03/29 16:40:18 | 00,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2002/03/19 19:38:26 | 00,217,088 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPWRTRAY.EXE
PRC - [2001/08/03 19:08:28 | 00,073,728 | ---- | M] (Toshiba Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2001/07/13 12:44:24 | 00,032,768 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe

========== Modules (SafeList) ==========

MOD - [2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LexBceS)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/03 09:51:15 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/04/24 06:57:30 | 00,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/12/11 11:04:58 | 00,111,896 | ---- | M] (EMC Corporation) [Auto | Stopped] -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe -- (RetroExpLauncher)
SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/04/25 11:16:56 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/01/17 11:42:04 | 00,181,608 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/01/17 11:42:04 | 00,079,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2008/01/17 11:42:02 | 00,197,992 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/10/30 20:51:44 | 00,492,720 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 00,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/03/26 07:07:26 | 00,310,008 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/03/26 07:07:26 | 00,166,648 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/03/26 07:07:20 | 01,010,424 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/03/25 20:29:36 | 00,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/03/25 20:29:34 | 00,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/01 18:55:50 | 03,379,264 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2006/03/23 14:15:18 | 00,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/03/22 19:27:53 | 00,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)
SRV - [2005/10/19 12:54:52 | 00,046,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/12/03 10:52:38 | 00,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
SRV - [2004/11/22 17:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/30 23:52:10 | 00,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2004/08/30 23:50:38 | 00,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2004/08/04 02:56:42 | 00,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2004/07/29 02:53:58 | 00,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004/07/21 11:24:03 | 00,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: firefox-tagger@yapta.com:1.3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M]

[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions
[2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\firefox-tagger@yapta.com
[2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\moveplayer@movenetworks.com
[2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions
[2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/11/26 08:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/04/26 19:32:06 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53483750268338176)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/28 08:55:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/27 14:10:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 14:07:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 14:07:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 14:07:14 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/27 14:05:35 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT
[2009/12/27 14:05:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini
[2009/12/27 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls
[2009/12/21 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls
[2009/12/21 07:10:01 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls
[2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini
[2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI
[2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk
[2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML
[2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR
[2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI
[2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI
[2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini
[2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI
[2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv

========== LOP Check ==========

[2007/11/26 20:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/03/07 08:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/11/04 16:46:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2004/06/13 20:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/04/30 09:33:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compass Web Designs LLC
[2007/04/30 21:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LCSW
[2008/11/06 22:53:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/12/27 14:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2006/03/15 14:43:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/06/04 09:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/11/04 16:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Autodesk
[2008/01/31 12:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Blackberry Desktop
[2004/05/04 22:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Drag'n Drop CD
[2002/04/29 13:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterTrust
[2006/07/04 11:06:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\InterVideo
[2007/11/24 10:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\IsolatedStorage
[2007/10/09 10:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2007/09/27 07:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\OfficeUpdate12
[2008/01/31 12:07:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Research In Motion
[2006/03/15 16:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\ScanSoft
[2007/05/23 09:17:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Southwest Airlines
[2009/06/04 09:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TomTom
[2009/01/26 22:31:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2001/08/18 07:00:00 | 00,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2001/08/18 07:00:00 | 00,047,616 | ---- | M] (Microsoft Corporation) MD5=A510B91253544D56B5712D66BE8371E9 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2001/08/18 07:00:00 | 00,397,824 | ---- | M] (Microsoft Corporation) MD5=F41C1602DC79AB72035F2388FCA0255F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2001/08/18 07:00:00 | 00,174,080 | ---- | M] (Microsoft Corporation) MD5=73968C834C316ADC7A2F07DC4B5F3665 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 12/28/2009 8:36:40 AM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 34.38 Gb Free Space | 36.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS

Computer Name: FIELDCOMPUTER
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE -- File not found
"C:\Files from Toshiba 3000\TAX01-BUSINESS\32bit\ttax.exe" = C:\Files from Toshiba 3000\TAX01-BUSINESS\32bit\ttax.exe:*:Enabled:2001 TurboTax Business -- (Intuit, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Iomega StorCenter\retrospect\Retrospect.exe" = C:\Program Files\Iomega StorCenter\retrospect\Retrospect.exe:*:Enabled:Retrospect Express HD -- (EMC Corporation)
"C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe" = C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe:*:Enabled:Retrospect Express HD Launcher service -- (EMC Corporation)
"C:\Program Files\Iomega StorCenter\sohoclient.exe" = C:\Program Files\Iomega StorCenter\sohoclient.exe:*:Enabled:Storage Manager 2.0.10.42013 -- (EMC)
"C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\2006 Deluxe\TurboTax Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{011FDFFF-67D5-11D3-8CF4-0050048383FE}" = Excel 2000 Quattro Pro 7.0 Converter
"{098104AB-F9FF-4BF5-B909-071C60164E82}" = TileGem
"{0A8E3E6C-7A09-4D2F-9446-DBD4F65D32FA}" = Qlean$tart ProFile ™
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2b02f826-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Contractor Edition 2004
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{364F2A4B-C161-4E2C-8627-1440BC2E8030}" = Network Device Switch 3
"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4A5BED74-7167-48DC-8BA8-7366501B8B90}" = Remove Duplicates from Outlook Express
"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset
"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation
"{5864B49E-03FC-481E-89B7-A6664CC2ACB4}" = eDrawings 2008
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A600B935-50DC-476E-9432-95A13F416302}" = DBXpress
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}" = PENTAX USB DISK Device
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.1
"{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier
"{BCC57687-98A2-4C4C-B0F8-BC6B6F52D4E3}" = Retrospect Express HD 2.5
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C727AF2B-536C-4FA3-8671-4974B1F5C399}" = ConvertMe 2.4
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper
"{CFB93E3F-D045-4E78-9D35-CFA7AC35BE5D}" = Pinnacle InstantCD/DVD Suite
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine
"2001 TurboTax Business" = 2001 TurboTax Business
"2001 TurboTax Deluxe" = 2001 TurboTax Deluxe
"7-Zip" = 7-Zip 4.57
"ActiveTouchMeetingClient" = WebEx
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ALi Audio Accelerator WDM Driver" = ALi Audio Accelerator WDM Driver
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.5
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"BlackBerry_{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"GreenPower Order Entry" = GreenPower Order Entry
"HijackThis" = HijackThis 2.0.2
"Iomega Backup" = Iomega Backup 4.4
"Iomega StorCenter" = Iomega StorCenter
"IomegaWare" = IomegaWare 4.0.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"OEDMR_is1" = OE Duplicate Remover
"PhotoScape" = PhotoScape
"Precision Tile_is1" = Precision Tile 3.0.4
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Quicken 2001 New User Edition" = Quicken 2001 New User Edition
"RealPlayer 12.0" = RealPlayer
"ST4UNST #1" = CKPRO5
"SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks 2005 Premier (Symantec Corporation)
"TFNF5" = Toshiba Hotkey Utility for Display Devices
"TomTom HOME" = TomTom HOME 2.6.3.1609
"Toshiba Access" = Toshiba Access
"Toshiba Power Saver" = TOSHIBA Power Saver
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Software Upgrades" = Toshiba Software Upgrades
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"Toshiba WinXP Registration" = Toshiba WinXP Registration
"TouchED" = TOSHIBA TouchPad On/Off Utility V2.01.01
"TurboTax 2008" = TurboTax 2008
"TurboTax Business 2002" = TurboTax Business 2002
"TurboTax Business 2003" = TurboTax Business 2003
"TurboTax Business 2004" = TurboTax Business 2004
"TurboTax Business 2005" = TurboTax Business 2005
"TurboTax Business 2006" = TurboTax Business 2006
"TurboTax Business 2007" = TurboTax Business 2007
"TurboTax Business 2008" = TurboTax Business 2008
"TurboTax Deluxe 2002" = TurboTax Deluxe 2002
"TurboTax Deluxe 2003" = TurboTax Deluxe 2003
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Verizon Online Help and Support" = Verizon Online Help and Support
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VZBB" = Verizon Broadband Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZSoft Uninstaller" = ZSoft Uninstaller 2.4.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Pilot Desktop 2.0" = PalmPilot Desktop 2.0
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2009 8:18:50 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299
Description = simpleServer information: Error: Ignoring unknown directive "StartThread"
At
line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf

Make
sure the required module is loaded and the relevant handlers have been added. Ensure
the directive is after all LoadModule and AddHandler directives. .

Error - 12/22/2009 11:23:22 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2009 8:31:10 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299
Description = simpleServer information: Error: Ignoring unknown directive "StartThread"
At
line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf

Make
sure the required module is loaded and the relevant handlers have been added. Ensure
the directive is after all LoadModule and AddHandler directives. .

Error - 12/24/2009 9:38:54 AM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299
Description = simpleServer information: Error: Ignoring unknown directive "StartThread"
At
line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf

Make
sure the required module is loaded and the relevant handlers have been added. Ensure
the directive is after all LoadModule and AddHandler directives. .

Error - 12/24/2009 12:08:36 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2009 12:10:34 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 12/24/2009 8:11:22 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/24/2009 8:11:56 PM | Computer Name = FIELDCOMPUTER | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 12/27/2009 3:09:27 PM | Computer Name = FIELDCOMPUTER | Source = simpleServer | ID = 3299
Description = simpleServer information: Error: Ignoring unknown directive "StartThread"
At
line 6 in C:\Documents and Settings\Gary\Local Settings\Application Data\sohoclient\cfg/sohoclient.conf

Make
sure the required module is loaded and the relevant handlers have been added. Ensure
the directive is after all LoadModule and AddHandler directives. .

Error - 12/28/2009 12:27:22 AM | Computer Name = FIELDCOMPUTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x115c9934.

[ System Events ]
Error - 12/24/2009 8:13:22 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/25/2009 9:13:56 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 12/26/2009 9:57:00 AM | Computer Name = FIELDCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 12/26/2009 9:57:04 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 12/26/2009 9:57:04 AM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 12/27/2009 3:10:07 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7000
Description = The LexBce Server service failed to start due to the following error:
%%2

Error - 12/27/2009 3:10:08 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ppa3

Error - 12/27/2009 3:12:50 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The TomTomHOMEService service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/27/2009 3:13:52 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/27/2009 3:14:27 PM | Computer Name = FIELDCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The Retrospect Express HD Launcher service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

#4 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 29 December 2009 - 06:10 AM

Hi,

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step 1

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Step 2

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:commands
[emptytemp]
[resethosts]
```
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Step 3

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

Step 4

Please run a BitDefender Online Scan

Click I Agree to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click Click here to scan to begin the scan.
Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
When the scan is finished, click on Click here to export the scan results.
Save the report to your desktop so you can post it in your next reply.

#5 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 31 December 2009 - 04:57 PM

Hi Tom: Thanks again for the help so far. Here are the reports you requested:

1. Found and removed Viewpoint Media Player.

2. Removed all of the J2SE Runtime and Java 6 Updates you listed. I swear I removed Java SE once and then found it there again and removed it again. There is a Java™ 6 Update 17 in the program list. As you did not list it, I left it there.
3. Log file from OTL:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bill W
->Temp folder emptied: 107190 bytes
->Temporary Internet Files folder emptied: 45628496 bytes

User: Default User
->Temp folder emptied: 850426 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gary
->Temp folder emptied: 177601886 bytes
->Temporary Internet Files folder emptied: 194535726 bytes
->Java cache emptied: 71790088 bytes
->FireFox cache emptied: 146567893 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9424073 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 850426 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 324762 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 109640 bytes
%systemroot%\System32 .tmp files removed: 6485769 bytes
Windows Temp folder emptied: 713721 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 850426 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 889786 bytes
RecycleBin emptied: 743095357 bytes

Total Files Cleaned = 1,335.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.1.20.1 log created on 12302009_222541

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Gary\Local Settings\Temp\Temporary Internet Files\Content.IE5\SD6Z492F\2422251_728x90[2].com%2Fdocs%2F199794%2FBusiness-Corporations-Shareholders-Resolution-for-Blanket-Authority-to-Sell-Property&rfkwd=llc%2Bresolution%2Bto%2Bsell%2Bproperty&se=google not found!
File\Folder C:\Documents and Settings\Gary\Local Settings\Temp\Temporary Internet Files\Content.IE5\O1Q3O9EZ\2422251_728x90[2].com%2Fdocs%2F6565%2FShareholders-Resolution-For-Blanket-Authority-to-Sell-Corporate-Property&rfkwd=corporate%2Bresolution%2Bto%2Bsell%2Bproperty&se=google not found!

Registry entries deleted on Reboot...

4. From OTL.Txt:

OTL logfile created on: 12/30/2009 11:32:32 PM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 35.58 Gb Free Space | 38.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS

Computer Name: FIELDCOMPUTER
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LexBceS) -- File not found
SRV - (Iomega Activity Disk2) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com))
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS ()
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link )
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)
DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH)
DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems)
DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys ()
DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.)
DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: firefox-tagger@yapta.com:1.3.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M]

[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions
[2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\firefox-tagger@yapta.com
[2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\moveplayer@movenetworks.com
[2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions
[2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/30 22:11:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/12 07:13:29 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/30 23:45:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/12/30 22:46:56 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/30 22:45:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/30 22:45:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/30 22:45:10 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/30 22:44:03 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT
[2009/12/30 22:43:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini
[2009/12/30 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2009/12/28 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls
[2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls
[2009/12/21 07:10:01 | 00,194,560 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls
[2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls
[2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini
[2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI
[2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk
[2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML
[2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR
[2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI
[2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI
[2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini
[2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI
[2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
< End of report >

5. From Malwarebytes quick scan:

Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/31/2009 7:18:35 AM
mbam-log-2009-12-31 (07-18-35).txt

Scan type: Quick Scan
Objects scanned: 143786
Time elapsed: 13 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

6. From BitDefender:

BitDefender Online Scanner

Scan report generated at: Thu, Dec 31, 2009 - 15:36:47

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
07:54:23

Files
925794

Folders
8761

Boot Sectors
0

Archives
108745

Packed Files
30838

Results

Identified Viruses
7

Infected Files
15

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
16

Engines Info

Virus Definitions
4803415

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Nov 24 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll
Detected with: Gen:Adware.Heur.Fu8@WfGk9ski

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll
Disinfection failed

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\ss.dll
Deleted

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll
Detected with: Gen:Adware.Heur.Gu8@WnJ!hOji

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll
Disinfection failed

C:\Files from Toshiba 3000\TAX04-BUSINESS\32bit\tv.dll
Deleted

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll
Detected with: Gen:Adware.Heur.Fu8@WXXUnPgi

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll
Disinfection failed

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\ss.dll
Deleted

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll
Detected with: Gen:Adware.Heur.Gu8@WbRgAaji

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll
Disinfection failed

C:\Files from Toshiba 3000\TAX04-PERSONAL\32bit\tv.dll
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4B7675C4.tmp
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp=>(Quarantine-2)
Infected with: Trojan.Java.Classloader.AO

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp=>(Quarantine-2)
Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\64097D09.tmp
Deleted

C:\RECYCLER\NPROTECT\01135528.dll
Detected with: Gen:Adware.Heur.Fu8@WfGk9ski

C:\RECYCLER\NPROTECT\01135528.dll
Disinfection failed

C:\RECYCLER\NPROTECT\01135528.dll
Deleted

C:\RECYCLER\NPROTECT\01135529.dll
Detected with: Gen:Adware.Heur.Gu8@WnJ!hOji

C:\RECYCLER\NPROTECT\01135529.dll
Disinfection failed

C:\RECYCLER\NPROTECT\01135529.dll
Deleted

C:\RECYCLER\NPROTECT\01135530.dll
Detected with: Gen:Adware.Heur.Fu8@WXXUnPgi

C:\RECYCLER\NPROTECT\01135530.dll
Disinfection failed

C:\RECYCLER\NPROTECT\01135530.dll
Deleted

C:\RECYCLER\NPROTECT\01135531.dll
Detected with: Gen:Adware.Heur.Gu8@WbRgAaji

C:\RECYCLER\NPROTECT\01135531.dll
Disinfection failed

C:\RECYCLER\NPROTECT\01135531.dll
Deleted

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll
Detected with: Gen:Adware.Heur.Fu8@WfGk9ski

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll
Disinfection failed

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356112.dll
Deleted

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll
Detected with: Gen:Adware.Heur.Gu8@WnJ!hOji

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll
Disinfection failed

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356113.dll
Deleted

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll
Detected with: Gen:Adware.Heur.Fu8@WXXUnPgi

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll
Disinfection failed

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356114.dll
Deleted

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll
Detected with: Gen:Adware.Heur.Gu8@WbRgAaji

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll
Disinfection failed

C:\System Volume Information\_restore{C9DB71FE-DA25-40CC-86CE-BF78E88C61BC}\RP1396\A0356115.dll
Deleted

C:\WINDOWS\Downloaded Program Files\vzbb.dll
Detected with: Adware.Megasearch.H

C:\WINDOWS\Downloaded Program Files\vzbb.dll
Delete failed

So there is everything you requested, I believe. Please let me know how to proceed. Happy New Year to you, Gary

#6 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 01 January 2010 - 10:09 AM

Hi,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:files
C:\WINDOWS\Downloaded Program Files\vzbb.dll
c:\recycler
```
Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

#7 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 03 January 2010 - 04:44 PM

Hello Tom:

1. OTL Log:

========== FILES ==========
C:\WINDOWS\Downloaded Program Files\vzbb.dll moved successfully.
c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1007 folder moved successfully.
c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1005\Dc3 folder moved successfully.
c:\RECYCLER\S-1-5-21-3042452539-3179742922-2167395947-1005 folder moved successfully.
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.20.1 log created on 01032010_155225

Files\Folders moved on Reboot...
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER scheduled to be moved on reboot.

Registry entries deleted on Reboot...

2. OTL.txt:

OTL logfile created on: 1/3/2010 4:12:58 PM - Run 3
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 35.78 Gb Free Space | 38.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS

Computer Name: FIELDCOMPUTER
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LexBceS) -- File not found
SRV - (Iomega Activity Disk2) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com))
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS ()
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link )
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)
DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH)
DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems)
DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys ()
DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.)
DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: firefox-tagger@yapta.com:1.3.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M]

[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions
[2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\firefox-tagger@yapta.com
[2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\moveplayer@movenetworks.com
[2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions
[2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/30 22:11:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/31 07:26:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/03 16:25:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/03 15:57:54 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/03 15:56:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/03 15:56:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/03 15:56:12 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/03 15:54:34 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT
[2010/01/03 15:54:34 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini
[2010/01/03 15:41:43 | 00,195,072 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls
[2010/01/01 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2009/12/31 15:36:54 | 00,028,066 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html
[2009/12/28 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls
[2009/12/21 07:10:10 | 00,211,968 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls
[2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls
[2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/31 16:26:30 | 00,028,066 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html
[2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini
[2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI
[2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML
[2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR
[2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI
[2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI
[2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini
[2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI
[2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
< End of report >

Thanks again, Gary

#8 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 04 January 2010 - 02:06 PM

Hi,

How is your system running?

#9 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 08 January 2010 - 08:03 AM

Hi Tom: I've been running for a couple of days now and honestly, I believe I am actually worse now. I am sorry to report this. Even writing this reply is interrupted (characters stop) while CPU is running 100%. What can you tell me about what you found or what you suggest I do. Thanks again, Gary

#10 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 08 January 2010 - 01:34 PM

Hm, let's have a look into a fresh OTL logfile. I think you get reinfected from the recycle bin.

#11 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 09 January 2010 - 12:32 PM

Hi Tom:

Yeh, system is really s-l-o-w and wanted to also tell you that several times when I tried to return here to post I got the following warning:

Norton Internet Worm protection has detected and blocked an intrusion attempt.
Intrusion: HTTP MSIE com object memory corruption
Intruder: www.besttechie.net (188.40.40.140)(http(80))
Risk Level: High
Protocol: TCP
Attacked: Field Computer (192.168.1.3.9)
Attacked Port: 1076, 1070, 1565 (varies)

Another observation: when system is "hanging" there is a lot of disk action (as observed by the onboard led).

Here's the information you requested:

1. OTL Log

========== FILES ==========
File\Folder C:\WINDOWS\Downloaded Program Files\vzbb.dll not found.
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.20.1 log created on 01092010_083939

Files\Folders moved on Reboot...
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER\NPROTECT scheduled to be moved on reboot.
Folder move failed. c:\RECYCLER scheduled to be moved on reboot.

Registry entries deleted on Reboot...

2. OTL.Txt

OTL logfile created on: 1/9/2010 10:59:06 AM - Run 4
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 35.52 Gb Free Space | 38.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 461.12 Gb Total Space | 449.92 Gb Free Space | 97.57% Space Free | Partition Type: NTFS

Computer Name: FIELDCOMPUTER
Current User Name: Gary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\TPWRTRAY.EXE (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TFNF5.exe (Toshiba Corp.)
PRC - C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LexBceS) -- File not found
SRV - (Iomega Activity Disk2) -- File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (RetroExpLauncher) -- C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe (EMC Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (Macrovision)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (SBService) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE (Symantec Corporation)
SRV - (NPFMntor) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (Norton Ghost) -- C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe (Symantec Corporation)
SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20081112.004\SymIDSCo.sys (Symantec Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070404.032\NAVENG.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software Inc (www.webroot.com))
DRV - (SSFS0509) -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS (Webroot Software Inc (www.webroot.com))
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS ()
DRV - (MDC8021X) WPA Security Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (SAVRTPEL) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (PQIMount) -- C:\WINDOWS\system32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQV2i) -- C:\WINDOWS\system32\drivers\PQV2i.sys (StorageCraft)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (D-Link )
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (SDdriver) -- C:\WINDOWS\system32\drivers\SdDriver.SYS (Symantec Corporation)
DRV - (ppa3) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (wlluc48) -- C:\WINDOWS\system32\drivers\wlluc48.sys (Lucent Technologies)
DRV - (GearAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (vobiw) -- C:\WINDOWS\system32\drivers\vobIW.sys (VOB Computersysteme GmbH)
DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems)
DRV - (Cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (VOB Computersysteme GmbH)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (tridxp) -- C:\WINDOWS\system32\drivers\tridxpm.sys (Trident Microsystems Inc.)
DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys ()
DRV - (ALiADWDM) -- C:\WINDOWS\system32\drivers\aliadwdm.sys (Acer Laboratories Inc.)
DRV - (vobcom) -- C:\WINDOWS\system32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (TOSHIBASoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (LT)
DRV - (TVALG) -- C:\WINDOWS\System32\DRIVERS\TVALG.SYS (TOSHIBA Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (EPUSBSTOR) -- C:\WINDOWS\system32\drivers\epusbsto.sys (SEIKO EPSON CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (TVALD) -- C:\WINDOWS\System32\DRIVERS\TVALD.SYS (Toshiba Corporation)
DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.4.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: firefox-tagger@yapta.com:1.3.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/12 06:52:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/26 12:54:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 12:55:22 | 00,000,000 | ---D | M]

[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2008/08/13 18:54:29 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/04 09:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\home2@tomtom.com
[2008/08/13 09:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions
[2008/07/21 22:06:49 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/05/19 06:25:34 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/04/13 07:10:58 | 00,000,000 | ---D | M] (Firefox Showcase) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2008/07/04 13:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\firefox-tagger@yapta.com
[2008/03/15 17:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\1xhrf6e8.default\extensions\moveplayer@movenetworks.com
[2009/06/27 07:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions
[2008/11/16 10:30:13 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\hc7il4jl.New GB Profile\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/12/31 16:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/14 20:38:23 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/12 06:54:35 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/27 08:43:28 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/10/03 09:59:58 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/26 08:27:25 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008/11/14 20:38:17 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2008/11/14 20:38:17 | 00,134,656 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/01/16 01:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2008/11/14 20:38:19 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/26 12:54:33 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/26 12:55:22 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/11/26 12:53:42 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/10/02 09:47:31 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2008/10/02 09:47:31 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/10/02 09:47:31 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/11/14 20:38:19 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2008/10/02 09:47:31 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/10/02 09:47:31 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/10/02 09:47:31 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [RetroExpress] C:\Program Files\Iomega StorCenter\retrospect\RetroExpress.exe (EMC Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (Toshiba Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tpwrtray] C:\WINDOWS\System32\TPWRTRAY.EXE (TOSHIBA Corporation)
O4 - HKCU..\Run: [Norton SystemWorks] C:\Program Files\Norton SystemWorks\cfgwiz.exe (Symantec Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe (EMC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: fatwallet.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{472416b9-9e64-11da-8522-00003911cd8a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{e56f9845-4f67-11de-8786-00003911cd8a}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/31 07:26:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/12/30 22:25:41 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/28 08:32:56 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/27 11:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/26 21:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Malwarebytes
[2009/12/26 21:29:54 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/26 21:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/26 21:29:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 21:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 20:06:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2008/04/26 07:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/11/26 20:14:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2006/10/26 12:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ahead
[2006/07/18 13:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2006/04/02 19:48:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2006/03/19 22:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/07/09 09:48:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/26 19:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/04/26 19:32:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/09 11:15:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/01/09 09:37:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/09 09:35:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/09 09:35:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/09 09:35:24 | 51,962,2656 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/09 09:33:45 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini
[2010/01/09 09:33:44 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT
[2010/01/06 12:14:59 | 00,202,752 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Punch List.xls
[2010/01/06 11:55:53 | 00,227,328 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Riverside - Plumbing Fixture Schedule.xls
[2010/01/04 12:00:00 | 00,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/01/01 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2009/12/31 15:36:54 | 00,028,066 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html
[2009/12/28 08:33:01 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2009/12/24 08:31:23 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/12/23 08:40:55 | 00,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2009/12/22 15:40:38 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Jenny-Danielle Due To Parents.xls
[2009/12/15 09:45:25 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\GBB Cash Receipts 09-30-2006.xls
[2009/12/12 11:51:20 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 20:25:58 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Credit Card Coding Sheet.xls
[8 C:\Documents and Settings\Gary\My Documents\*.tmp files -> C:\Documents and Settings\Gary\My Documents\*.tmp -> ]
[58 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/31 16:26:30 | 00,028,066 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\BitDefender 12-31-2009.html
[2009/12/24 08:31:23 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\12-24-09.doc
[2009/10/25 22:46:44 | 00,000,258 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/06/10 15:46:32 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/04/27 17:59:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/02/12 08:15:46 | 00,000,332 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/02/12 08:10:33 | 00,000,212 | ---- | C] () -- C:\WINDOWS\rs_run.ini
[2009/02/12 08:10:15 | 00,010,409 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI
[2009/01/26 18:48:51 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/01/24 15:40:43 | 00,000,622 | ---- | C] () -- C:\Program Files\Shortcut to uTorrent.exe.lnk
[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/04/25 11:17:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/04 17:21:45 | 00,008,144 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).EML
[2008/02/04 15:52:36 | 00,025,340 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (DOS).ADR
[2008/02/03 23:20:16 | 00,024,098 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Comma Separated Values (Windows).ADR
[2007/04/02 04:58:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/18 22:17:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/10/28 10:16:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/27 14:47:42 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/25 09:01:34 | 00,001,192 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2006/10/22 09:22:35 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\oestore.dll
[2006/10/10 20:50:17 | 00,000,083 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2006/07/18 13:12:20 | 00,026,688 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
[2006/07/18 13:12:19 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/07/18 13:12:19 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/05/01 20:11:37 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2006/03/30 13:45:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/30 13:45:25 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/03/23 14:50:23 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2006/03/23 14:49:17 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2006/03/22 21:58:38 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2006/03/22 21:36:01 | 00,001,676 | ---- | C] () -- C:\WINDOWS\MPCWIN02.INI
[2006/03/22 21:18:07 | 00,001,483 | ---- | C] () -- C:\WINDOWS\MPCWIN01.INI
[2006/03/22 19:27:55 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2006/03/22 19:27:51 | 00,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2006/03/22 19:27:37 | 00,001,900 | ---- | C] () -- C:\WINDOWS\BPMWIN02.INI
[2006/03/22 19:23:33 | 00,000,691 | ---- | C] () -- C:\WINDOWS\Bpmwty02.ini
[2006/03/22 18:54:17 | 00,001,610 | ---- | C] () -- C:\WINDOWS\BPMWIN01.INI
[2006/03/15 14:51:24 | 00,000,798 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/03/15 14:51:24 | 00,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/03/15 14:51:24 | 00,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/03/15 14:51:24 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/03/15 14:44:39 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/03/12 07:23:08 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/03/12 07:23:07 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/02/07 21:26:26 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/13 20:32:39 | 00,000,518 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/22 16:38:57 | 00,050,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/01/17 08:36:21 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2004/01/17 08:36:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2003/12/19 19:43:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2003/12/19 19:42:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/04/24 12:06:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/22 07:00:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/04/29 18:28:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/29 14:14:53 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\getnode.dll
[2002/04/29 12:19:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.ini
[2002/04/29 12:18:52 | 00,000,901 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/29 12:18:52 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/29 12:15:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2002/04/29 11:50:03 | 00,121,905 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2002/04/29 11:50:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2002/04/29 11:50:03 | 00,008,831 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2002/04/29 11:50:03 | 00,006,793 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2002/04/29 11:48:13 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TVCtrl.dll
[2002/04/29 11:48:13 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\LCDCtrl.dll
[2002/04/29 11:48:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\Multview.dll
[2002/04/29 11:48:12 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ColorCtr.dll
[2002/04/29 11:48:12 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GenCtrl.dll
[2002/04/29 11:48:12 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\CRTCtrl.dll
[2002/04/29 11:46:07 | 00,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2002/04/26 19:33:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/26 19:27:22 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2002/04/26 19:02:34 | 00,000,285 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/03/04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/27 17:28:16 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1999/03/09 14:53:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/01/13 03:22:30 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 14:53:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/24 14:53:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
< End of report >

#12 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 10 January 2010 - 09:07 AM

Hi,

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
```
Folders to delete:
C:\Recycler
```
In the avenger window, click the Paste Script from Clipboard, button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.

#13 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 14 January 2010 - 11:27 AM

Tom: Here's the latest. System remains s-l-o-w. Even like writing this post took 10 minutes while waiting for 100% cpu. 99% was on iexplore.exe with only this window open in IE. Gary

1. Avenger

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Recycler" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

2. Malware log

Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/14/2010 11:07:31 AM
mbam-log-2010-01-14 (11-07-31).txt

Scan type: Quick Scan
Objects scanned: 156339
Time elapsed: 27 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\NPROTECT\00000356.exe (Trojan.Banker) -> Quarantined and deleted successfully.

#14 Hellogb

Member

Group: Members
Posts: 9
Joined: 27-December 09

Posted 14 January 2010 - 11:29 AM

#15 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 15 January 2010 - 02:24 PM

Did you scan with Malwarebytes before or after running the Avenger?

(2 Pages)
1
2
>

You cannot start a new topic
You cannot reply to this topic

BestTechie Forums: Slow system, CPU 100%, Malware releated issues - BestTechie Forums

Recommended Software

Slow system, CPU 100%, Malware releated issues

Tweet

#1 Hellogb

#2 schrauber

#3 Hellogb

#4 schrauber

#5 Hellogb

#6 schrauber

#7 Hellogb

#8 schrauber

#9 Hellogb

#10 schrauber

#11 Hellogb

#12 schrauber

#13 Hellogb

#14 Hellogb

#15 schrauber

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

BestTechie Forums: Slow system, CPU 100%, Malware releated issues - BestTechie Forums

Recommended Software

Slow system, CPU 100%, Malware releated issues Tweet

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

Slow system, CPU 100%, Malware releated issues

Tweet

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users