Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - angelab6067

Pages: [1] 2
1
Tech Clinic / Would Someone Please Check This HiJack This
« on: February 02, 2010, 12:20:35 AM »
Not sure why because I followed all your directions-but I cannot locate that file.

2
Tech Clinic / Would Someone Please Check This HiJack This
« on: February 01, 2010, 11:54:24 PM »
C:\System Volume Information\-restore{c642bec9-4251-420E-b217-42e9b65c7e163}\rp801\a0032387.dll

C:\windows\$NTService Pack Uninstall$\fxwzrd.dll

that is the 2 messages I get

3
Tech Clinic / Would Someone Please Check This HiJack This
« on: February 01, 2010, 11:41:36 PM »
Malwarebytes' Anti-Malware 1.44
Database version: 3675
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/1/2010 10:41:11 PM
mbam-log-2010-02-01 (22-41-11).txt

Scan type: Quick Scan
Objects scanned: 114510
Time elapsed: 6 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4
Tech Clinic / Would Someone Please Check This HiJack This
« on: February 01, 2010, 10:51:10 PM »
OTL TEXT:
OTL logfile created on: 2/1/2010 9:41:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1     Folder = C:\Documents and Settings\Angela\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 221.63 Gb Free Space | 95.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME
Current User Name: Angela
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/02/01 21:35:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angela\Desktop\OTL.exe
PRC - [2010/02/01 18:40:00 | 001,053,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/01 18:39:57 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/01 18:39:47 | 002,307,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/02/01 18:39:47 | 002,007,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/01 18:39:45 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/01 18:39:44 | 000,826,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/01 18:39:44 | 000,597,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/01 18:39:44 | 000,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/01 18:39:44 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/01 18:39:43 | 005,830,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/02/01 18:39:43 | 000,621,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/01/30 00:06:18 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/30 00:06:17 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/29 14:53:48 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2010/01/11 09:34:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/11 09:34:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/31 19:53:29 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/21 18:50:10 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/07/21 18:47:00 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/10 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/08/10 05:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/02/01 21:35:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angela\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (sdCoreService)
SRV - [2010/02/01 18:39:47 | 002,307,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/02/01 18:39:45 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/01 18:39:44 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/01 18:39:43 | 005,830,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/30 00:06:17 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/29 14:53:48 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/11 09:34:24 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/02/01 18:40:48 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/01 18:40:47 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/01 18:40:42 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/01 18:40:41 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/01 18:39:44 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/02/01 18:39:44 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/02/01 18:39:44 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/02/01 18:39:44 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/02/01 18:39:35 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/01 18:39:35 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/12/02 07:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/04/13 10:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/07/21 21:12:16 | 001,095,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/19 15:42:16 | 000,230,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/12 18:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/13 15:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/10 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/11/17 14:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 11:48:08 | 000,011,043 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Angela\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/30 19:43:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/02/01 21:35:05 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Angela\Desktop\OTL.exe
[2010/02/01 20:15:38 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Angela\Desktop\HijackThis.exe
[2010/02/01 18:40:48 | 000,161,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/01 18:40:48 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/01 18:40:47 | 000,356,616 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/01 18:40:41 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/01 18:40:41 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/01 18:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/01 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/01 18:39:44 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/01 18:39:35 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/01 18:39:35 | 000,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/01 18:36:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/01 18:36:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/01 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/01 18:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/01 18:32:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Angela\Recent
[2010/02/01 16:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\My Documents\My Pictures
[2010/02/01 14:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\My Documents\RYAN WEBER
[2010/01/31 16:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/01/31 16:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Yahoo!
[2010/01/31 16:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/01/30 00:07:31 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/30 00:02:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/30 00:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/30 00:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/01/29 23:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Desktop\Unused Desktop Shortcuts
[2010/01/29 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/29 23:14:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/01/29 23:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/01/29 14:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Google
[2010/01/29 14:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Local Settings\Application Data\Temp
[2010/01/29 14:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/29 14:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Local Settings\Application Data\Google
[2010/01/28 14:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\My Documents\CCC
[2010/01/25 14:53:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/25 14:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/01/25 14:34:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/01/25 14:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/01/25 14:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/01/25 14:16:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/01/25 13:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\PC Tools
[2010/01/25 13:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/25 13:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/25 13:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Valusoft
[2010/01/25 13:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\SpinTop
[2010/01/25 13:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/25 13:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/25 13:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Malwarebytes
[2010/01/25 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2010/01/25 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/25 13:23:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/21 03:13:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/01/21 03:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/01/21 03:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/01/21 03:12:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/01/21 03:12:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/01/21 03:12:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/01/21 03:12:13 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/01/21 03:12:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/01/21 03:12:11 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/01/21 03:12:07 | 000,000,000 | ---D | C] -- C:\a2a56acff4cf32ec0b3d34
[2010/01/21 03:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/01/20 10:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Application Data\Lexmark Productivity Studio
[2010/01/18 21:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/01/14 09:52:48 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/01/12 20:30:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/12 09:01:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/12 09:01:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/11 09:34:38 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/11 09:34:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/11 09:34:38 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/11 09:34:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/11 09:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/01/04 17:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2010/01/04 13:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/04 13:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/01/04 12:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/04 12:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\Local Settings\Application Data\Threat Expert
[2010/01/04 12:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Angela\My Documents\MISC
[2010/01/04 09:43:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/01/04 09:42:48 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2010/01/04 09:42:48 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/04 09:42:48 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/04 09:42:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/04 09:42:48 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/01/04 09:42:47 | 006,067,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/04 09:42:47 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2010/01/04 09:42:47 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/04 09:42:47 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/04 09:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/04 09:42:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/01/04 09:41:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/01/04 09:41:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/01/04 09:40:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/01/04 09:37:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/02/01 21:35:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Angela\Desktop\OTL.exe
[2010/02/01 21:34:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/01 21:34:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/01 21:34:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/01 21:34:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/01 21:34:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/01 21:33:13 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/01 21:32:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 21:31:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 21:31:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 21:30:33 | 003,145,728 | ---- | M] () -- C:\Documents and Settings\Angela\ntuser.dat
[2010/02/01 21:30:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Angela\ntuser.ini
[2010/02/01 21:30:21 | 003,224,292 | -H-- | M] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\IconCache.db
[2010/02/01 21:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/01 20:15:41 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Angela\Desktop\HijackThis.exe
[2010/02/01 18:44:55 | 000,562,709 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/01 18:44:54 | 054,966,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/01 18:44:52 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/01 18:44:52 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/01 18:40:49 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/01 18:40:48 | 000,161,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/01 18:40:48 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/01 18:40:47 | 000,356,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/01 18:40:42 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/01 18:40:41 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/01 18:40:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/01 18:40:24 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/01 18:39:44 | 000,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/01 18:39:35 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/01 18:39:35 | 000,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/01/31 16:41:34 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\CCleaner.lnk
[2010/01/30 14:51:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 00:07:03 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/30 00:02:10 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/29 23:38:08 | 000,009,572 | ---- | M] () -- C:\Documents and Settings\Angela\My Documents\COLLEGE.zip
[2010/01/29 17:21:54 | 001,199,757 | ---- | M] () -- C:\Documents and Settings\Angela\Desktop\montana floor plans.pdf
[2010/01/28 14:11:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 14:00:29 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/27 15:10:21 | 000,014,664 | ---- | M] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/25 14:58:24 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/25 14:58:24 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/25 14:58:24 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/25 14:56:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/01/25 14:56:21 | 000,014,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/25 14:23:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/25 13:56:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/11 09:34:24 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/11 09:34:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/11 09:34:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/11 09:34:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/11 09:34:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/10 20:06:54 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 04:00:29 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/01/05 04:00:28 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/01/05 04:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/01/05 04:00:28 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/01/05 04:00:28 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/01/05 04:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/01/05 04:00:28 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/01/05 04:00:28 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/01/05 04:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/01/05 04:00:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/01/05 04:00:27 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/01/05 04:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/01/05 04:00:27 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/01/05 04:00:26 | 003,599,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/01/05 04:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/01/05 04:00:25 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/01/05 04:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/01/05 04:00:24 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/01/05 04:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/01/05 04:00:24 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/01/05 04:00:24 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/01/05 04:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/01/05 04:00:24 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/01/05 04:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/01/05 04:00:24 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/01/05 04:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/01/05 04:00:24 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/01/05 04:00:23 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/01/05 04:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/01/05 04:00:21 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/01/05 04:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/01/05 04:00:21 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/01/05 04:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/01/05 04:00:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/01/05 04:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/01/05 04:00:21 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/01/05 04:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/01/05 04:00:21 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/01/05 04:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/05 04:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/01/05 04:00:21 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/01/05 04:00:21 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/01/05 04:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/01/05 04:00:20 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/01/05 04:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/01/05 04:00:20 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2010/01/05 04:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/01/05 04:00:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/01/04 17:11:11 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[3 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/02/01 18:43:53 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/01 18:40:49 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/01 18:40:40 | 000,562,709 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/01 18:40:40 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/01 18:40:24 | 054,966,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/01 18:40:24 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/01 18:40:24 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/01 18:40:23 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/30 14:51:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/30 00:08:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/30 00:08:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/30 00:08:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/30 00:08:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/30 00:08:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/30 00:02:10 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/29 23:33:16 | 000,009,572 | ---- | C] () -- C:\Documents and Settings\Angela\My Documents\COLLEGE.zip
[2010/01/29 17:21:52 | 001,199,757 | ---- | C] () -- C:\Documents and Settings\Angela\Desktop\montana floor plans.pdf
[2010/01/29 14:54:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/25 11:09:47 | 003,145,728 | ---- | C] () -- C:\Documents and Settings\Angela\ntuser.dat
[2010/01/10 17:30:10 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/04 17:11:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/04 13:03:05 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/01 16:18:34 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/01/01 16:18:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2009/12/31 20:43:11 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/30 20:31:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009/12/30 19:51:18 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Angela\Local Settings\Application Data\fusioncache.dat
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
 
[color=\"#E56717\"]========== Files - Unicode (All) ==========[/color]
[2010/01/30 03:28:55 | 000,000,072 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\눨–
[2010/01/30 03:28:55 | 000,000,072 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\눨–
[2010/01/19 21:42:54 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?¡) -- C:\WINDOWS\System32\铀¡
[2010/01/19 21:42:54 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?¡) -- C:\WINDOWS\System32\铀¡
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91FFEC32
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB77E2C4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDB75348
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A91EC54E
< End of report >


OTL Extras logfile created on: 2/1/2010 9:41:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1     Folder = C:\Documents and Settings\Angela\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,014.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 221.63 Gb Free Space | 95.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME
Current User Name: Angela
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\App4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4r.exe:*:Enabled:Lexmark Imaging Studio -- File not found
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" = C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- File not found
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- File not found
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(tm) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG 9.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ESPNMotion" = ESPNMotion
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 1/15/2010 10:47:43 PM | Computer Name = HOME | Source = ESENT | ID = 470
Description = Catalog Database (1460) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
 is partially attached. Attachment stage: 3. Error: -1032.
 
Error - 1/18/2010 12:58:47 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting applicat

5
Tech Clinic / Would Someone Please Check This HiJack This
« on: February 01, 2010, 09:35:52 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:52 PM, on 2/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Angela\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

--
End of file - 7512 bytes

6
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 06:08:34 PM »
[quote name=\'angelab6067\' post=\'466645\' date=\'Dec 2 2009, 09:39 AM\']Just in case it is worth noting the IOBIT picked up 4 Trojans yesterday too.[/quote]


Now it is picking up 24. Can anyone suggest a GOOD antivirus/internet security? Norton apparently sucks and Malware is not picking it up either.

7
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:54:35 AM »
Malwarebytes' Anti-Malware 1.41
Database version: 3277
Windows 5.1.2600 Service Pack 2

12/2/2009 8:54:11 AM
mbam-log-2009-12-02 (08-54-11).txt

Scan type: Quick Scan
Objects scanned: 101286
Time elapsed: 13 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

8
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:49:36 AM »
Ok it is running now. Will post immediately.

9
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:33:47 AM »
Here is the Hi Jack This Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:35 AM, on 12/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Escape%20the%20Museum/Images/stg_drm.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device -   - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8419 bytes

10
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:31:37 AM »
I didn't know if these would help but I uploaded the screen shot I took of the Spyware Doctor Report.
________________________________________________________________________________
______

OTL logfile created on: 12/2/2009 8:18:40 AM - Run 1
OTL by OldTimer - Version 3.1.11.4     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 182.80 Mb Available Physical Memory | 18.03% Memory free
2.38 Gb Paging File | 1.10 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 210.00 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/12/02 07:19:58 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/24 13:43:00 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/11/20 13:51:34 | 02,335,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/11/14 11:57:00 | 03,426,064 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2009/11/14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/05 21:14:44 | 01,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/09/22 17:11:32 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/16 10:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 10:54:07 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 08:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
PRC - [2007/06/11 08:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiserv.exe
PRC - [2006/07/21 18:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/07/21 18:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2006/07/06 07:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/20 16:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/10 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/12/02 07:19:58 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/11/14 11:51:20 | 00,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2009/11/06 18:57:04 | 00,406,896 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\asOEHook.dll
MOD - [2009/09/29 16:30:56 | 00,147,992 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 00,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2004/08/10 05:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 05:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2004/08/10 05:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/11/24 13:43:00 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/10/08 11:31:44 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/23 13:33:42 | 01,141,200 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/09/23 12:17:22 | 00,358,600 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/06/11 08:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 08:14:42 | 00,099,248 | ---- | M] () -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/11/05 16:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/11/04 17:50:04 | 00,524,848 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/10/28 21:02:52 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/28 16:37:22 | 00,329,592 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/20 00:35:50 | 00,501,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 19:50:48 | 00,361,520 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1101000.013\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/08 20:55:01 | 00,171,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 20:54:25 | 00,114,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 20:54:10 | 00,325,168 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 20:54:10 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/09/23 16:10:06 | 00,207,280 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/29 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091201.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/29 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091201.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/05 22:48:42 | 00,054,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/07/21 21:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/19 15:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2006/03/20 16:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/13 15:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/04/09 13:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/28 21:03:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/10/28 21:03:27 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Escape%20the%20Museum/Images/stg_drm.ocx (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/03 11:13:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/12/02 07:46:39 | 01,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2009/12/02 07:46:39 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2009/12/02 07:46:39 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2009/12/02 07:43:28 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/12/02 07:43:17 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/12/02 07:43:17 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/12/02 07:43:05 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/12/02 07:42:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/02 07:42:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/02 07:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/12/02 07:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2009/12/02 07:19:57 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/02 07:18:00 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/12/02 07:16:48 | 33,827,984 | ---- | C] (PC Tools                                                    ) -- C:\Documents and Settings\Administrator\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/12/01 17:42:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/12/01 09:02:30 | 00,207,880 | ---- | C] (Big Fish Games) -- C:\Documents and Settings\Administrator\Desktop\fairy-nook_s1_l1_gF5191T1L1_d708997470.exe
[2009/11/29 18:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2009/11/29 15:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2009/11/29 15:21:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/11/29 12:00:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2009/11/23 15:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/11/22 04:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/11/12 12:02:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Saved Games
[2009/11/11 16:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2009/11/07 18:27:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Namco Networks
[2009/11/06 13:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Ryan
[2009/11/06 13:19:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Citi
[2008/12/12 19:45:02 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/12/12 19:45:02 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/12/12 19:45:01 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/12/12 19:45:01 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/12/12 19:45:01 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/12/12 19:45:00 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/12/12 19:45:00 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/12/12 19:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/12/12 19:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/12/12 19:44:58 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/12/12 19:44:57 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/12/12 19:44:57 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/12/02 07:43:14 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/02 07:20:12 | 33,827,984 | ---- | M] (PC Tools                                                    ) -- C:\Documents and Settings\Administrator\Desktop\7.0.0.508f-sdrevenue-setup.exe
[2009/12/02 07:19:58 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/12/02 07:18:01 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/12/01 16:45:46 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/01 14:23:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/01 14:23:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 14:20:14 | 01,105,654 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 13:14:24 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 12:38:23 | 00,003,358 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
[2009/12/01 09:02:31 | 00,207,880 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Administrator\Desktop\fairy-nook_s1_l1_gF5191T1L1_d708997470.exe
[2009/11/30 19:31:14 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/11/30 11:01:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/11/29 12:08:53 | 06,659,410 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/28 22:41:05 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/28 22:41:04 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/23 16:10:02 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 16:10:02 | 00,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 16:10:02 | 00,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/22 04:34:41 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/11/11 16:45:19 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/11/11 07:29:01 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/11/11 07:28:31 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 03:04:42 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 16:09:57 | 00,001,498 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Calculator.lnk
[2009/11/06 19:07:07 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\isolate.ini
[2009/11/05 16:07:13 | 00,007,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/11/05 16:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/11/05 16:06:13 | 00,002,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.inf
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2009/12/02 07:46:39 | 01,152,470 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2009/12/02 07:46:39 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/02 07:46:39 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2009/12/02 07:46:39 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2009/12/02 07:46:39 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2009/12/02 07:43:28 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/12/02 07:43:17 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/12/02 07:43:17 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/12/02 07:43:14 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2009/12/02 07:43:05 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/11/22 04:34:41 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/11/11 16:45:19 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/11/09 16:09:57 | 00,001,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Calculator.lnk
[2009/10/17 17:31:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/12 12:04:42 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/12 12:04:42 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/08/07 17:43:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/16 08:28:32 | 00,016,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\slot1.mm1
[2008/12/14 19:04:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/12 19:51:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/12/12 19:51:29 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/12/12 19:49:53 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/12/12 19:49:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/12/12 19:49:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/12/12 19:45:14 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/12/12 19:45:02 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/12/12 19:44:58 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/12/05 18:22:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/12/04 07:14:55 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/12/03 18:25:57 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 16:06:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/12/03 16:06:00 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2005/08/05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7158CB97
@Alternate Data Stream - 346 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE0E96C6
@Alternate Data Stream - 325 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AF3A05F
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2400EF3
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E74C26
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A085469
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06500394
@Alternate Data Stream - 296 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 295 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5801D472
@Alternate Data Stream - 290 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F56BCB0F
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C2010E2
@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B340BD5
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86725A4F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56C17A93
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F073D52C
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDBC3765
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0EC7A545
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F19AC49
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2495D97A
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E895790F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D97A9919
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B54B15
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1181620C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AE67195
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE0BAFE1
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FED25C29
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:115FA012
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6444B424
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F986CC21
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F7A10DD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A167A0BB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F45F3031
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C10635F6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E46A89F4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC85983B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:133CC4C3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA408F93
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB12FF2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7D224C1
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F155F1
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AF952105
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9331E9D2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63DBE157
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3D08545
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68EF6203
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D86A1047
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B7E2022
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0E8680
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25F2159D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE95471C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB757A9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9B5CB53
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA354EC0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FAC426
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAFA1398
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20685A31
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A7E6B73
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
< End of report >
________________________________________________________________________________
________

OTL Extras logfile created on: 12/2/2009 8:18:40 AM - Run 1
OTL by OldTimer - Version 3.1.11.4     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 182.80 Mb Available Physical Memory | 18.03% Memory free
2.38 Gb Paging File | 1.10 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 210.00 Gb Free Space | 90.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
&

11
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:17:48 AM »
[quote name=\'guestolo\' post=\'466636\' date=\'Dec 2 2009, 08:16 AM\']Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it

NOTE: If you are running Windows Vista-- right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"[/quote]


TY DOING IT NOW. GIVE ME TWO MINUTES.

12
Tech Clinic / My Computer Is Infected
« on: December 02, 2009, 09:10:49 AM »
These were picked up by Spyware Doctor but I do not have a paid version to remove them . Does anyone know another way? MY NORTON did not pick these up so it is obvious I am using the wrong anti-virus.

Adware.BHO.GEN (21 infections) Threat Level:   High
Adware.AdMedia  (5 infections) Threat Level:   High
Trojan.Generic (8 Infections) Threat Level:   High

13
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 29, 2009, 05:49:54 PM »
[quote name=\'guestolo\' post=\'466019\' date=\'Oct 29 2009, 04:15 PM\']I actually wanted to see the fix log from OTL
But that's ok, I can see the entries are gone

What about the following?[/quote]


i can't seem to find them.

14
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 29, 2009, 01:32:19 PM »
OTL logfile created on: 10/29/2009 1:28:17 PM - Run 6
OTL by OldTimer - Version 3.0.22.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 514.07 Mb Available Physical Memory | 50.71% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 210.44 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/29 13:22:40 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/06 04:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 11:54:07 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
PRC - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
PRC - [2006/07/21 19:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/07/21 19:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2006/03/20 17:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS [Unknown | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device [Auto | Running])
SRV - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/28 22:02:52 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/10/09 16:38:04 | 00,508,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/09/10 15:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [On_Demand | Running])
DRV - [2009/08/29 19:17:21 | 00,361,392 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009/08/29 19:17:20 | 00,169,008 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/08/29 19:17:18 | 00,328,752 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMDS.SYS -- (SymDS [Boot | Running])
DRV - [2009/08/29 19:16:50 | 00,114,736 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\Ironx86.SYS -- (SymIRON [System | Running])
DRV - [2009/08/29 19:16:41 | 00,325,168 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/08/29 19:16:41 | 00,043,696 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/08/29 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091028.050\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/08/29 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/08/29 04:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/08/29 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091028.050\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/08/24 17:50:39 | 00,501,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2006/07/21 22:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/19 16:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2006/03/20 17:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/05/12 19:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/10/29 13:22:40 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/09/01 03:23:05 | 00,405,872 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\ASOEHOOK.DLL
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\Microsoft.VC90.CRT\MSVCR90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\Microsoft.VC90.CRT\MSVCP90.dll
MOD - [2004/08/10 06:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/10 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 17:13:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/28 22:03:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/10/28 22:03:27 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.ocx (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/03 12:13:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/05 14:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/30 16:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/09/29 20:04:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/10/27 16:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/10/12 12:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/10/28 22:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/28 22:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/28 22:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/20 10:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 16:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/29 13:23:09 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/29 13:22:39 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/29 08:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/28 22:02:53 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/28 22:02:52 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/28 22:02:46 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.sys
[2009/10/28 22:02:46 | 00,361,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdi.sys
[2009/10/28 22:02:46 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdiv.sys
[2009/10/28 22:02:46 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.sys
[2009/10/28 22:02:46 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.sys
[2009/10/28 22:02:46 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.sys
[2009/10/28 22:02:46 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Ironx86.sys
[2009/10/28 22:02:46 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.sys
[2009/10/28 22:02:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1100000.088
[2009/10/27 13:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY RED MOUSE
[2009/10/20 14:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW MERCH
[2009/10/20 14:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW GRAPHICS
[2009/10/20 14:28:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY CONTRACTS
[2009/10/18 17:31:26 | 00,000,000 | ---D | C] -- C:\My Games
[2009/10/04 16:59:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/10/04 13:41:53 | 00,000,000 | ---D | C] -- C:\users
[2009/09/30 16:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
[2009/09/30 16:44:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2008/12/12 20:45:02 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/12/12 20:45:02 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/12/12 20:45:01 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/12/12 20:45:01 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/12/12 20:45:01 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/12/12 20:45:00 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/12/12 20:45:00 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/12/12 20:44:58 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/12/12 20:44:57 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/12/12 20:44:57 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[11 C:\WINDOWS\*.tmp files]
[2009/10/29 13:25:55 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 13:25:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/29 13:23:45 | 13,816,824 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/29 13:22:40 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/29 10:35:39 | 00,048,879 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 4.jpg
[2009/10/29 10:35:21 | 00,052,870 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 3.jpg
[2009/10/29 10:35:00 | 00,047,957 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 2.jpg
[2009/10/29 10:34:39 | 00,043,736 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI).jpg
[2009/10/29 09:25:10 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/29 09:01:47 | 01,098,102 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/29 07:42:57 | 00,039,195 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr4.jpg
[2009/10/29 07:42:42 | 00,057,690 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr3.jpg
[2009/10/29 07:42:27 | 00,044,461 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr2.jpg
[2009/10/29 07:41:59 | 00,062,203 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr1.jpg
[2009/10/28 23:11:40 | 00,055,594 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JR.jpg
[2009/10/28 22:02:52 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/28 22:02:52 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/28 22:02:52 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/28 22:02:52 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/28 22:02:48 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/28 21:56:12 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2009/10/28 21:45:37 | 01,113,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/28 18:32:56 | 00,092,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pre-Registration for Current Students.pdf
[2009/10/28 18:31:23 | 00,026,864 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Student Class Schedule Worksheet Grenada.pdf
[2009/10/28 18:31:22 | 00,331,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Registration Quick Guide for Students-Web Registration.pdf
[2009/10/28 18:31:17 | 00,508,346 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Quick Guide for Students.pdf
[2009/10/28 18:31:10 | 00,343,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Grade, Transcript, Degree Evaluation Tips for Students.pdf
[2009/10/28 13:02:49 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/10/27 17:01:15 | 00,035,003 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:50 | 04,530,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:44 | 24,594,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:32 | 01,698,461 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/27 13:13:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/27 12:38:04 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/17 18:31:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Game.INI
[2009/10/17 03:16:54 | 00,505,950 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/17 03:16:54 | 00,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/17 03:16:54 | 00,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 12:35:35 | 00,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/13 12:35:30 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 08:42:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/30 14:05:49 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 16:24:36 | 00,024,288 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/29 10:35:39 | 00,048,879 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 4.jpg
[2009/10/29 10:35:21 | 00,052,870 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 3.jpg
[2009/10/29 10:35:00 | 00,047,957 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI) 2.jpg
[2009/10/29 10:34:39 | 00,043,736 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW Silver Fox (WI).jpg
[2009/10/29 07:42:57 | 00,039,195 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr4.jpg
[2009/10/29 07:42:42 | 00,057,690 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr3.jpg
[2009/10/29 07:42:27 | 00,044,461 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr2.jpg
[2009/10/29 07:41:59 | 00,062,203 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr1.jpg
[2009/10/28 23:11:36 | 00,055,594 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JR.jpg
[2009/10/28 22:02:55 | 01,098,102 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/28 22:02:53 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/28 22:02:53 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/28 22:02:48 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/28 22:02:29 | 00,003,375 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.inf
[2009/10/28 22:02:29 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.inf
[2009/10/28 22:02:29 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.inf
[2009/10/28 22:02:29 | 00,001,475 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNetV.inf
[2009/10/28 22:02:29 | 00,001,447 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.inf
[2009/10/28 22:02:29 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.inf
[2009/10/28 22:02:29 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.inf
[2009/10/28 22:02:29 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Iron.inf
[2009/10/28 22:02:18 | 00,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symnetv.cat
[2009/10/28 22:02:18 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.cat
[2009/10/28 22:02:18 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.cat
[2009/10/28 22:02:18 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.cat
[2009/10/28 22:02:18 | 00,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.cat
[2009/10/28 22:02:18 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\iron.cat
[2009/10/28 22:02:18 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\cchpx86.cat
[2009/10/28 22:02:18 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.cat
[2009/10/28 22:02:18 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\isolate.ini
[2009/10/28 21:56:12 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2009/10/28 18:32:56 | 00,092,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pre-Registration for Current Students.pdf
[2009/10/28 18:31:23 | 00,026,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Student Class Schedule Worksheet Grenada.pdf
[2009/10/28 18:31:19 | 00,331,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Registration Quick Guide for Students-Web Registration.pdf
[2009/10/28 18:31:15 | 00,508,346 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Quick Guide for Students.pdf
[2009/10/28 18:31:10 | 00,343,534 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Grade, Transcript, Degree Evaluation Tips for Students.pdf
[2009/10/27 17:01:15 | 00,035,003 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:47 | 04,530,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:38 | 24,594,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:30 | 01,698,461 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/19 10:59:41 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/17 18:31:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/12 13:04:42 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/12 13:04:42 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/06 11:24:21 | 01,113,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/08/07 18:43:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/16 09:28:32 | 00,016,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\slot1.mm1
[2008/12/14 20:04:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/12 20:51:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/12/12 20:51:29 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/12/12 20:49:53 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/12/12 20:49:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/12/12 20:49:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/12/12 20:45:14 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/12/12 20:45:02 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/12/12 20:44:58 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/12/05 19:22:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/12/04 08:14:55 | 00,000,201 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/12/03 19:25:57 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 17:06:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/12/03 17:06:00 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/12/03 14:43:37 | 13,816,824 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/03 13:08:59 | 00,024,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:00:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/03 05:52:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 06:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7158CB97
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06500394
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B340BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:115FA012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:133CC4C3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB12FF2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9331E9D2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D86A1047
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25F2159D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE95471C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB757A9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9B5CB53
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA354EC0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FAC426
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAFA1398
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20685A31
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A7E6B73
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
< End of report >

15
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 29, 2009, 09:34:56 AM »
NEW EXTRAS
OTL Extras logfile created on: 10/29/2009 9:32:08 AM - Run 5
OTL by OldTimer - Version 3.0.22.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 432.59 Mb Available Physical Memory | 42.67% Memory free
2.38 Gb Paging File | 1.87 Gb Available in Paging File | 78.61% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 210.34 Gb Free Space | 90.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ESPNMotion" = ESPNMotion
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/28/2009 4:14:48 PM | Computer Name = | Source = WindowsLiveMessenger | ID = 15728647
Description =
 
Error - 9/30/2009 2:48:19 PM | Computer Name =  | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
 teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.
 
Error - 9/30/2009 3:08:44 PM | Computer Name = | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.250, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
 
Error - 10/15/2009 8:17:35 PM | Computer Name =  | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
 state. This indicates a potential instability in the process that could be caused
 by the custom components running in the COM+ application, the components they make
 use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
 hr = 8007041d: InitEventCollector fail
 
Error - 10/19/2009 11:35:32 AM | Computer Name = | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 4.531.9.1, faulting module
 safari.dll, version 4.531.9.1, fault address 0x00080343.
 
Error - 10/20/2009 3:01:35 PM | Computer Name = | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 10/23/2009 12:48:23 PM | Computer Name =  | Source = Application Error | ID = 1000
Description = Faulting application sallysquickclips.exe, version 0.0.0.0, faulting
 module sallysquickclips.exe, version 0.0.0.0, fault address 0x0008d99d.
 
Error - 10/28/2009 8:56:24 PM | Computer Name =  | Source = Application Error | ID = 1000
Description = Faulting application ccsvchst.exe, version 108.1.1.10, faulting module
 ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.
 
Error - 10/28/2009 11:03:07 PM | Computer Name =  | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: A connection with the server could not be established  
 
Error - 10/28/2009 11:04:07 PM | Computer Name =  | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
[ System Events ]
Error - 10/28/2009 8:59:55 PM | Computer Name = | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/28/2009 10:00:13 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/28/2009 10:48:27 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/28/2009 10:51:52 PM | Computer Name = ANGELA-7380FCA6 | Source = Service Control Manager | ID = 7000
Description = The AVG8 WatchDog service failed to start due to the following error:
   %%3
 
Error - 10/28/2009 10:51:52 PM | Computer Name =| Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 10/28/2009 11:05:15 PM | Computer Name =  | Source = Service Control Manager | ID = 7000
Description = The Symantec Real Time Storage Protection service failed to start
due to the following error:   %%2
 
Error - 10/29/2009 7:36:42 AM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/29/2009 10:05:50 AM | Computer Name =| Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   Lbd
 
Error - 10/29/2009 10:07:49 AM | Computer Name = | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.
 
Error - 10/29/2009 10:07:49 AM | Computer Name = | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
 following error:   %%1053
 
 
< End of report >

16
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 29, 2009, 09:30:33 AM »
NEW LOG.....


OTL logfile created on: 10/29/2009 9:26:40 AM - Run 5
OTL by OldTimer - Version 3.0.22.1     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 442.48 Mb Available Physical Memory | 43.64% Memory free
2.38 Gb Paging File | 1.93 Gb Available in Paging File | 80.89% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 210.36 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/29 09:26:30 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009/08/06 10:01:18 | 01,794,856 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 11:54:07 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
PRC - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
PRC - [2006/07/21 19:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/07/21 19:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2006/03/20 17:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/08/24 17:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS [Unknown | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device [Auto | Running])
SRV - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/28 22:02:52 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/10/09 16:38:04 | 00,508,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/09/10 15:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [On_Demand | Running])
DRV - [2009/08/29 19:17:21 | 00,361,392 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009/08/29 19:17:20 | 00,169,008 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/08/29 19:17:18 | 00,328,752 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SYMDS.SYS -- (SymDS [Boot | Running])
DRV - [2009/08/29 19:16:50 | 00,114,736 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\Ironx86.SYS -- (SymIRON [System | Running])
DRV - [2009/08/29 19:16:41 | 00,325,168 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/08/29 19:16:41 | 00,043,696 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/08/29 04:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091028.050\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/08/29 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/08/29 04:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9 [On_Demand | Running])
DRV - [2009/08/29 04:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091028.050\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/08/24 17:50:39 | 00,501,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1100000.088\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2006/07/21 22:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/19 16:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2006/03/20 17:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/05/12 19:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/10/29 09:26:30 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2009/09/01 03:23:05 | 00,405,872 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\ASOEHOOK.DLL
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\Microsoft.VC90.CRT\MSVCR90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\17.0.0.136\Microsoft.VC90.CRT\MSVCP90.dll
MOD - [2004/08/10 06:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/10 06:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\serwvdrv.dll
MOD - [2004/08/10 06:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\umdmxfrm.dll
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 17:13:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/28 22:03:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/10/28 22:03:27 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.ocx (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/03 12:13:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/29 08:25:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/10/05 14:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/30 16:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/09/29 20:04:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/10/27 16:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/10/12 12:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/10/28 22:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/29 08:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\iWin.com
[2009/10/28 22:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/10/28 22:02:52 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/20 10:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 16:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/29 09:26:30 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/29 08:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/29 08:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BlitPop
[2009/10/28 22:02:53 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/28 22:02:52 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/28 22:02:46 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.sys
[2009/10/28 22:02:46 | 00,361,392 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdi.sys
[2009/10/28 22:02:46 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symtdiv.sys
[2009/10/28 22:02:46 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.sys
[2009/10/28 22:02:46 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.sys
[2009/10/28 22:02:46 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.sys
[2009/10/28 22:02:46 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Ironx86.sys
[2009/10/28 22:02:46 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.sys
[2009/10/28 22:02:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1100000.088
[2009/10/27 13:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY RED MOUSE
[2009/10/20 14:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW MERCH
[2009/10/20 14:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW GRAPHICS
[2009/10/20 14:28:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY CONTRACTS
[2009/10/18 17:31:26 | 00,000,000 | ---D | C] -- C:\My Games
[2009/10/04 16:59:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/10/04 13:41:53 | 00,000,000 | ---D | C] -- C:\users
[2009/09/30 16:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
[2009/09/30 16:44:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2008/12/12 20:45:02 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/12/12 20:45:02 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/12/12 20:45:01 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/12/12 20:45:01 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/12/12 20:45:01 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/12/12 20:45:00 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/12/12 20:45:00 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/12/12 20:44:58 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/12/12 20:44:57 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/12/12 20:44:57 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[11 C:\WINDOWS\*.tmp files]
[2009/10/29 09:26:30 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/29 09:25:10 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/29 09:05:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/29 09:05:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/29 09:01:47 | 01,098,102 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/29 09:00:04 | 13,265,798 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/29 07:42:57 | 00,039,195 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr4.jpg
[2009/10/29 07:42:42 | 00,057,690 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr3.jpg
[2009/10/29 07:42:27 | 00,044,461 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr2.jpg
[2009/10/29 07:41:59 | 00,062,203 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jr1.jpg
[2009/10/28 23:11:40 | 00,055,594 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JR.jpg
[2009/10/28 22:02:52 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/28 22:02:52 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/28 22:02:52 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/28 22:02:52 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/28 22:02:48 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/28 21:56:12 | 00,000,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2009/10/28 21:45:37 | 01,113,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/28 18:32:56 | 00,092,286 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Pre-Registration for Current Students.pdf
[2009/10/28 18:31:23 | 00,026,864 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Student Class Schedule Worksheet Grenada.pdf
[2009/10/28 18:31:22 | 00,331,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Registration Quick Guide for Students-Web Registration.pdf
[2009/10/28 18:31:17 | 00,508,346 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Quick Guide for Students.pdf
[2009/10/28 18:31:10 | 00,343,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Grade, Transcript, Degree Evaluation Tips for Students.pdf
[2009/10/28 13:02:49 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/10/27 17:01:15 | 00,035,003 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:50 | 04,530,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:44 | 24,594,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:32 | 01,698,461 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/27 13:13:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/27 12:38:04 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/25 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/17 18:31:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Game.INI
[2009/10/17 03:16:54 | 00,505,950 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/17 03:16:54 | 00,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/17 03:16:54 | 00,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/13 12:35:35 | 00,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/13 12:35:30 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 08:42:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/30 14:05:49 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 16:24:36 | 00,024,288 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/29 09:35:43 | 00,024,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/29 07:42:57 | 00,039,195 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr4.jpg
[2009/10/29 07:42:42 | 00,057,690 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr3.jpg
[2009/10/29 07:42:27 | 00,044,461 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr2.jpg
[2009/10/29 07:41:59 | 00,062,203 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\jr1.jpg
[2009/10/28 23:11:36 | 00,055,594 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JR.jpg
[2009/10/28 22:02:55 | 01,098,102 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Cat.DB
[2009/10/28 22:02:53 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/28 22:02:53 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/28 22:02:48 | 00,001,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/10/28 22:02:29 | 00,003,375 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.inf
[2009/10/28 22:02:29 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.inf
[2009/10/28 22:02:29 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\ccHPx86.inf
[2009/10/28 22:02:29 | 00,001,475 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNetV.inf
[2009/10/28 22:02:29 | 00,001,447 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.inf
[2009/10/28 22:02:29 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.inf
[2009/10/28 22:02:29 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.inf
[2009/10/28 22:02:29 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\Iron.inf
[2009/10/28 22:02:18 | 00,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\symnetv.cat
[2009/10/28 22:02:18 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtsp.cat
[2009/10/28 22:02:18 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymEFA.cat
[2009/10/28 22:02:18 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\srtspx.cat
[2009/10/28 22:02:18 | 00,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymDS.cat
[2009/10/28 22:02:18 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\iron.cat
[2009/10/28 22:02:18 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\cchpx86.cat
[2009/10/28 22:02:18 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\SymNet.cat
[2009/10/28 22:02:18 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1100000.088\isolate.ini
[2009/10/28 21:56:12 | 00,000,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2009/10/28 18:32:56 | 00,092,286 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pre-Registration for Current Students.pdf
[2009/10/28 18:31:23 | 00,026,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Student Class Schedule Worksheet Grenada.pdf
[2009/10/28 18:31:19 | 00,331,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Registration Quick Guide for Students-Web Registration.pdf
[2009/10/28 18:31:15 | 00,508,346 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Quick Guide for Students.pdf
[2009/10/28 18:31:10 | 00,343,534 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Doghouse Grade, Transcript, Degree Evaluation Tips for Students.pdf
[2009/10/27 17:01:15 | 00,035,003 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:47 | 04,530,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:38 | 24,594,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:30 | 01,698,461 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/19 10:59:41 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/17 18:31:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/12 13:04:42 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/12 13:04:42 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/06 11:24:21 | 01,113,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/08/07 18:43:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/16 09:28:32 | 00,016,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\slot1.mm1
[2008/12/14 20:04:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/12 20:51:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/12/12 20:51:29 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/12/12 20:49:53 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/12/12 20:49:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/12/12 20:49:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/12/12 20:45:14 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/12/12 20:45:02 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/12/12 20:44:58 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/12/05 19:22:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/12/04 08:14:55 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/12/03 19:25:57 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 17:06:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/12/03 17:06:00 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/12/03 14:43:37 | 13,265,798 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/03 13:08:59 | 00,024,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:00:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/03 05:52:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 06:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7158CB97
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06500394
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B340BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CDC1B76E
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:115FA012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:133CC4C3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB12FF2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9331E9D2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D86A1047
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25F2159D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE95471C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB757A9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9B5CB53
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA354EC0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FAC426
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAFA1398
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20685A31
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A7E6B73
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
< End of report >

17
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 28, 2009, 09:08:35 PM »
[quote name=\'guestolo\' post=\'465997\' date=\'Oct 28 2009, 06:55 PM\']I see leftovers of AVG, did you just recently uninstall it and install Norton Internet Security?
It looks like it didn't completely remove

Also, did you just recently uninstall Ad-Aware?[/quote]


I did but it would not completely un-install. Also I see traces of Kapersky, Panda, and Sophos on there. My daughter played a game called "Mortimer beckett and I cannot remove all of it or an Iwin.hook.

Oh Ad-Aware i uninstalled as well. It was not working properly so I just removed it or so I thought.

18
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 27, 2009, 07:49:47 PM »
OTL Extras logfile created on: 10/27/2009 7:50:29 PM - Run 4
OTL by OldTimer - Version 3.0.21.0     Folder = C:\Documents and Settings\Administrator\My Documents\FIX IT PROGRAMS
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 245.58 Mb Available Physical Memory | 24.22% Memory free
2.54 Gb Paging File | 0.69 Gb Available in Paging File | 27.36% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 209.94 Gb Free Space | 90.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = SafariHTML] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLED.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 3500-4500 Series\App4R.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
"C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(tm) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(tm) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ESPNMotion" = ESPNMotion
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 9/17/2009 1:43:06 PM | Computer Name =  | Source = WindowsLiveMessenger | ID = 15728647
Description =
 
Error - 9/24/2009 8:03:47 AM | Computer Name =  | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 9/28/2009 4:14:42 PM | Computer Name =  | Source = WindowsLiveMessenger | ID = 15728647
Description =
 
Error - 9/28/2009 4:14:48 PM | Computer Name =  | Source = WindowsLiveMessenger | ID = 15728647
Description =
 
Error - 9/30/2009 2:48:19 PM | Computer Name = A| Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
 teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.
 
Error - 9/30/2009 3:08:44 PM | Computer Name =  | Source = Application Error | ID = 1000
Description = Faulting application iobitupdate.exe, version 1.0.0.250, faulting
module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.
 
Error - 10/15/2009 8:17:35 PM | Computer Name =  | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
 state. This indicates a potential instability in the process that could be caused
 by the custom components running in the COM+ application, the components they make
 use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
 hr = 8007041d: InitEventCollector fail
 
Error - 10/19/2009 11:35:32 AM | Computer Name =  | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 4.531.9.1, faulting module
 safari.dll, version 4.531.9.1, fault address 0x00080343.
 
Error - 10/20/2009 3:01:35 PM | Computer Name =  | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 10/23/2009 12:48:23 PM | Computer Name = | Source = Application Error | ID = 1000
Description = Faulting application sallysquickclips.exe, version 0.0.0.0, faulting
 module sallysquickclips.exe, version 0.0.0.0, fault address 0x0008d99d.
 
[ System Events ]
Error - 10/25/2009 6:12:26 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/25/2009 7:13:22 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 3:02:08 PM | Computer Name = | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 4:06:29 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 5:16:13 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 6:16:40 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 10:17:42 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/26/2009 11:42:08 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
Error - 10/27/2009 8:31:23 PM | Computer Name =  | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 DELL  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF575C7C-B021-4D91-90EC.
The
 master browser is stopping or an election is being forced.
 
 
< End of report >

19
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 27, 2009, 07:43:58 PM »
Here is OTL.txt

OTL logfile created on: 10/27/2009 7:37:21 PM - Run 2
OTL by OldTimer - Version 3.0.21.0     Folder = C:\Documents and Settings\Administrator\My Documents\FIX IT PROGRAMS
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.84 Mb Total Physical Memory | 234.50 Mb Available Physical Memory | 23.13% Memory free
2.54 Gb Paging File | 0.71 Gb Available in Paging File | 28.08% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 209.94 Gb Free Space | 90.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:

Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/20 10:56:46 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\FIX IT PROGRAMS\OTL.exe
PRC - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/06 10:01:18 | 01,794,856 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/07/16 11:54:10 | 00,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 11:54:07 | 00,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe
PRC - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
PRC - [2007/04/02 15:53:17 | 00,024,576 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.exe
PRC - [2006/07/21 19:50:10 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/07/21 19:47:00 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2006/07/06 08:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
PRC - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2006/03/20 17:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/08/10 06:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found --  -- (avg8wd [Auto | Stopped])
SRV - [2009/08/22 02:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security [Auto | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/06/11 09:14:51 | 00,517,040 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device [Auto | Running])
SRV - [2007/06/11 09:14:42 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe -- (lxdiCATSCustConnectService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/07/06 08:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2005/10/11 09:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/10 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/08/10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/10/04 17:00:13 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/10/04 16:59:46 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2009/09/30 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.025\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/09/30 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/09/30 03:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/09/30 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091027.025\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/09/10 15:10:19 | 00,329,080 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091021.001\IDSxpx86.sys -- (IDSxpx86 [System | Running])
DRV - [2009/09/03 11:17:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/09/03 11:17:39 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/09/03 11:17:38 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/22 02:21:19 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/08/22 02:21:19 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/08/22 02:21:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2009/08/22 02:21:19 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009/08/22 02:21:19 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/08/22 02:21:19 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/08/22 02:21:19 | 00,036,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2009/08/22 02:21:19 | 00,033,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2009/08/22 02:21:06 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP [On_Demand | Running])
DRV - [2009/08/22 02:21:06 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM [On_Demand | Stopped])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2006/07/21 22:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/19 16:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2006/07/06 07:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2006/03/20 17:06:04 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2005/05/12 19:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/12/13 16:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2004/08/12 18:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/10 06:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/20 17:13:58 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Hide%20&%20Secret/Images/stg_drm.ocx (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Mortimer Beckett and the Time Paradox\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/03 12:13:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/10/27 08:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2009/10/05 14:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/30 16:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/09/29 20:04:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/10/27 16:07:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XLab
[2009/10/12 12:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/09/30 16:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/10/24 22:42:50 | 00,000,000 | ---D | C] -- C:\Program Files\iWin Games
[2009/09/29 09:28:39 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/09/30 16:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/09/30 16:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/20 10:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/30 16:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/27 13:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\FIX IT PROGRAMS
[2009/10/27 13:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY RED MOUSE
[2009/10/20 14:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW MERCH
[2009/10/20 14:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RW GRAPHICS
[2009/10/20 14:28:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RY CONTRACTS
[2009/10/18 17:31:26 | 00,000,000 | ---D | C] -- C:\My Games
[2009/10/04 17:00:12 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/10/04 17:00:12 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/10/04 17:00:12 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/10/04 17:00:12 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009/10/04 17:00:11 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/10/04 17:00:11 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/10/04 17:00:11 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/10/04 17:00:11 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/10/04 17:00:11 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/10/04 16:59:46 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/04 16:59:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/10/04 13:41:53 | 00,000,000 | ---D | C] -- C:\users
[2009/09/30 16:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
[2009/09/30 16:45:57 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/09/30 16:45:34 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/09/30 16:45:34 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/09/30 16:44:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/09/30 15:54:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2008/12/12 20:45:02 | 00,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
[2008/12/12 20:45:02 | 00,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
[2008/12/12 20:45:01 | 01,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
[2008/12/12 20:45:01 | 00,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
[2008/12/12 20:45:01 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
[2008/12/12 20:45:00 | 00,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
[2008/12/12 20:45:00 | 00,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
[2008/12/12 20:45:00 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
[2008/12/12 20:44:58 | 00,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
[2008/12/12 20:44:57 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
[2008/12/12 20:44:57 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[11 C:\WINDOWS\*.tmp files]
[2009/10/27 17:01:15 | 00,035,003 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:50 | 04,530,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:44 | 24,594,456 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:32 | 01,698,461 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/27 13:13:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/27 12:38:04 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/26 16:19:49 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2009/10/25 19:33:53 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/25 11:46:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/21 11:51:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 11:51:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/21 11:51:11 | 01,113,646 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/17 18:31:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Game.INI
[2009/10/17 03:16:54 | 00,505,950 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/17 03:16:54 | 00,444,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/17 03:16:54 | 00,072,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/15 19:12:57 | 12,711,844 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/13 12:35:35 | 00,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/13 12:35:30 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/06 11:25:35 | 00,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/10/04 17:00:13 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/04 17:00:13 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/04 17:00:13 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/04 17:00:13 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/04 16:59:46 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/10/04 16:59:44 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/10/04 16:59:44 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/10/04 16:59:44 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 08:42:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/01 08:15:42 | 42,040,164 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/01 08:15:19 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/01 08:15:19 | 00,002,202 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/30 14:05:49 | 00,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/29 16:24:36 | 00,024,288 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/29 09:35:43 | 00,024,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/28 15:33:18 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
 
[color=\"#E56717\"]========== Files - No Company Name ==========[/color]
[2009/10/27 17:01:15 | 00,035,003 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RY MISC.zip
[2009/10/27 17:00:47 | 04,530,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW EDIT1.zip
[2009/10/27 17:00:38 | 24,594,456 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW MUSIC.zip
[2009/10/27 17:00:30 | 01,698,461 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\RW ORIG PICTS.zip
[2009/10/19 10:59:41 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\QUOTES.doc
[2009/10/17 18:31:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/10/12 13:04:42 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/12 13:04:42 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\0094102FF9.sys
[2009/10/06 13:10:42 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Live Messenger .lnk
[2009/10/06 11:24:21 | 01,113,646 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/10/04 17:00:12 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/10/04 17:00:12 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/10/04 17:00:11 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/10/04 17:00:11 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/10/04 17:00:11 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/10/04 17:00:11 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/10/04 17:00:11 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/10/04 17:00:11 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/10/04 17:00:11 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/10/04 17:00:11 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/10/04 17:00:11 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/10/04 17:00:11 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/10/04 16:59:44 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/10/04 16:59:44 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/10/04 16:59:44 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/09/30 16:45:34 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/09/30 16:45:34 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/09/30 16:45:28 | 00,001,973 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/08/07 18:43:51 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/02/16 09:28:32 | 00,016,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\slot1.mm1
[2008/12/14 20:04:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/12 20:51:33 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
[2008/12/12 20:51:29 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
[2008/12/12 20:49:53 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
[2008/12/12 20:49:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
[2008/12/12 20:49:53 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
[2008/12/12 20:45:14 | 00,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
[2008/12/12 20:45:02 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
[2008/12/12 20:44:58 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
[2008/12/05 19:22:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2008/12/04 08:14:55 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/12/03 19:25:57 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 17:06:01 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2008/12/03 17:06:00 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/12/03 14:43:37 | 12,711,844 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/03 13:08:59 | 00,024,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/03 13:00:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/03 05:52:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 06:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7158CB97
@Alternate Data Stream - 313 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1387592D
@Alternate Data Stream - 308 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52D3C91
@Alternate Data Stream - 297 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:06500394
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B340BD5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:123A86B5
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B4296D
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6017A808
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32ED8AE7
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55C54F7C
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF1334B0
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C28CF6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5025C6E4
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027789A
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D53344E0
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:115FA012
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8101D728
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE67221
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D390A6A7
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0F0F1BE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:737160C1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:122B409D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA321CD4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E082023
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7B49FBF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1D597D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0EB578B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F55D468
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9026FFAC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FD903D7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:133CC4C3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD000392
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB12FF2B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2593961
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80802C7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED2998F5
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4076A3B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9331E9D2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D59C23
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69E3AF64
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B210DD3
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9732698E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:506E1E25
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D86A1047
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55374FBA
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC2D0F32
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5FEFEAEF
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B1EA607
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DAD93FF
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25F2159D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D52F295
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04CE8640
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB52BE62
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE95471C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB757A9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E9B5CB53
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA354EC0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:551BED5F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4FAC426
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAFA1398
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20685A31
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C9CD455
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59C113EC
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A7E6B73
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96C05DC7
< End of report >

20
Tech Clinic / Could Someone Please Check Hi Jack This Log
« on: October 27, 2009, 07:34:57 PM »
Sorry I am just now getting back to you I had a family emergency. I will do the OTL now and post it.

Pages: [1] 2