USPS Virus Email Infected My Computer

Below is a message I originally posted on Bleeping Computer:

http://www.bleepingcomputer.com/forums/t/231799/usps-virus-email-infected-my-computer/


The other day, a co-worker of mine had her computer infected when she opened up a email from, a user claiming to be, the USPS. It stated that the package that was sent was undeliverable, and that the attached file contain more info. I found out later that this was a virus, which I assumed. My co-worker opened the attachment out of confusion. I have been trying to delete this virus, but one file continues to return. The file is in the SYSTEM32 folder and it is named sys.dat. We have run the following programs to try to remove this file, but none have worked. We ran Norton, HouseCall 7, Malwarebytes Anti Malware, and Hijack This. We have the Hijack This logs, and will be happy to post them if you need me to. We have also tried to follow the directions on the Symantec website. The computer is running slow at times, but I know that there are things going on in the background. Please help if you get a chance.

Thanks!

Here is the DDS File:

DDS (Ver_09-05-14.01) - NTFSx86
Run by colleen at 14:32:06.39 on Tue 06/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.682 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe
C:\Program Files\WinZip\WZQKPICK.EXE
svchost
svchost
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Colleen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNxdm86795US&fl=0&ptb=Jpj6kppNk2fwb5aIpiEefQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Google Audio Helper: {1b8c79a5-8840-437a-a623-5745086bfade} - %SystemRoot%\system32\apphelpk2.dll
BHO: GoodSearch Toolbar: {4e7bd74f-2b8d-469e-95ba-ed6db186be32} - c:\progra~1\goodse~1\GOODSE~1.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: GoodSearch Toolbar: {4e7bd74f-2b8d-469e-95ba-ed6db186be32} - c:\progra~1\goodse~1\GOODSE~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [PopularScreensaversWallpaper] rundll32 c:\progra~1\mywebs~1\bar\1.bin\F3SCRCTR.DLL,LES
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [AttuneClientEngine] c:\progra~1\aveo\attune\bin\attune_ce.exe
mRun: [pdfFactory Dispatcher v2] c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
StartupFolder: c:\docume~1\colleen\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{00020409-78e1-11d2-b60f-006097c998e7}\misc.exe
StartupFolder: c:\docume~1\colleen\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\documents and settings\colleen\start menu\programs\startup\printkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mywebs~1.lnk - c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\printkey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm069YYUS
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\office
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} - hxxp://www.solidedge.com/CFIDE/classes/CFJava.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214849190406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38138.3230555556
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {27C99982-D79F-45A7-850D-66AD5F4810BE} = 192.168.74.247,192.168.74.251
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-8-7 221184]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2001-9-24 9232]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2002-5-7 39680]
R2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2001-9-24 454656]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2002-5-7 23744]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-5-29 28762]

=============== Created Last 30 ================

2009-06-05 11:56 4,153 a------- c:\docume~1\colleen\applic~1\ntu3.dat
2009-06-05 11:45 40,960 a------- c:\windows\system32\sys.dat
2009-06-04 08:40 3,297 a------- c:\docume~1\colleen\applic~1\ntu1.dat
2009-06-04 08:40 0 a------- c:\docume~1\colleen\applic~1\ntu2.dat
2009-06-01 14:32 --d----- c:\program files\Trend Micro
2009-05-29 10:13 62 a------- c:\windows\system32\apphelp.bat
2009-05-29 09:52 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-05-29 09:52 --d----- c:\program files\MyWebSearch
2009-05-29 09:51 --d----- c:\program files\FunWebProducts
2009-05-29 09:22 --d----- c:\docume~1\colleen\applic~1\Malwarebytes
2009-05-29 09:22 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 09:22 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-29 09:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 09:22 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-28 11:11 --d----- c:\documents and settings\colleen\.housecall6.6
2009-05-28 10:01 --d----- c:\program files\Microsoft
2009-05-28 09:52 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-28 09:52 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-20 08:50 --d----- C:\SolidEdge License
2009-05-19 15:00 --d----- C:\Solid Edge Standard Parts
2009-05-19 14:44 --d----- c:\program files\Solid Edge ST

==================== Find3M ====================

2007-11-15 12:24 60,968 a------- c:\documents and settings\colleen\GoToAssistDownloadHelper.exe
2005-01-20 15:06 68,608 a------- c:\program files\ScriptMenu.fp5
2005-01-20 15:05 93,184 a------- c:\program files\LayoutMenu.fp5
2004-10-08 11:03 561,152 a------- c:\documents and settings\colleen\chatlnk.exe
2004-06-30 14:08 12,279,327 a------- c:\program files\StuffItStandard85Setup.exe
2004-06-28 12:05 13,020 a------- c:\program files\Lego.zip
2004-06-28 12:04 26,520 a------- c:\program files\loki-cola.zip
2004-06-28 12:04 22,174 a------- c:\program files\bazooka.zip
2004-06-28 12:03 96,131 a------- c:\program files\Royalacid.zip
2004-06-28 11:44 45,197 a------- c:\program files\rocketscript.sit
2004-06-28 11:43 16,912 a------- c:\program files\machinescript.zip
2004-06-03 14:22 37,464 a------- c:\program files\55438-Calendar.2.zip
2004-06-03 13:06 477,888 a------- c:\program files\GoogleToolbarInstaller.exe
2002-08-29 06:00 94,784 a--sh--- c:\windows\TWAIN.DLL
2008-04-13 20:12 50,688 a--sh--- c:\windows\twain_32.dll
2008-04-13 20:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 20:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 20:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 14:32:33.95 ===============

Attached Files

•  DDS.txt   13.94K   16 downloads
•  Attach.txt   3.97K   6 downloads

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying

our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it

takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the

following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so

far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in

working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect

from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Reopened at Member's request.
John

Now, it looks like this virus has disabled the Norton Antivirus. When we scan with Norton, we don't acquire any results. When we scan with Malwarebytes Anti Malware it brings up new infected files and the previous files as well. Please help.

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

• Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  
• Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  
• If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  
• Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  
• If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply .

Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then please post back here with the following:

• MBAM log
• log.txt
• info.txt

Thanks

Ok, I will try running the requested programs, and post the requested logs. Hopefully today.
Thanks,

I am attaching the requested logs. We ran the anti-malware on the 2nd and removed all items on the list. I have attached that log, and the recent log that show no infections. I don't believe this is true, but maybe I am wrong.

Thanks,

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

* Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
* Copy and paste all logs requested in you reply, Do not attach them unless asked too.
* If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
* Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
* If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Can you please read what I am posting, you don't need to repost these logs but don't attach them in future unless asked too.


We need to create an OTL Report

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Then please post back here with the following:

• OTListIt.txt
• Extra.txt
• Kaspersky report

Thanks

Sorry about the attaching. Here are the reports you requested.

OTL

OTL logfile created on: 7/7/2009 10:24:51 AM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Colleen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 615.43 Mb Available Physical Memory | 60.16% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.11 Gb Free Space | 51.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive H: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
Drive N: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive P: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive V: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS

Computer Name: MARKETDESIGN
Current User Name: colleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2009/05/28 09:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2000/09/18 17:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\MsgSys.EXE
PRC - [2009/05/28 09:51:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/10/29 10:18:24 | 00,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
PRC - [2003/02/20 17:45:40 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2002/12/17 13:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2001/09/24 07:59:00 | 00,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/07/03 09:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2003/11/10 23:06:02 | 00,385,024 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
PRC - [2001/07/03 09:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2008/07/15 09:23:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/03/15 05:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/15 10:41:34 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE
PRC - [1999/02/01 19:53:24 | 00,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
PRC - [2002/04/05 09:45:10 | 00,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/04/24 14:32:25 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/28 09:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/07/30 17:15:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/05/11 19:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2007/08/29 13:52:59 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 01:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/10 22:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [Auto | Running])
DRV - [2002/12/17 13:32:58 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2002/12/17 13:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/12/17 13:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/02/20 17:22:38 | 00,135,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/03/26 16:33:58 | 00,498,688 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/03/27 11:58:56 | 00,287,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/02/20 17:24:18 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/02/20 17:24:34 | 00,135,248 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
DRV - [2002/11/12 11:02:20 | 00,099,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2003/02/20 17:24:46 | 00,116,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2003/03/26 16:31:40 | 00,823,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/03/26 16:32:02 | 00,141,536 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2006/07/28 12:59:42 | 00,433,664 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/04/29 06:42:32 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/09/24 07:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP [On_Demand | Running])
DRV - [2001/09/24 07:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/07/01 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/01 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090701.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/05/07 17:05:56 | 00,039,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NetAlrt.sys -- (NetAlrt [Auto | Running])
DRV - [2002/07/30 17:15:40 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2003/12/16 11:02:00 | 01,331,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/03/26 16:32:32 | 00,189,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2001/11/15 10:41:34 | 00,012,338 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2003/03/06 10:10:34 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/05/07 17:06:36 | 00,023,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\PlatAlrt.sys -- (PlatAlrt [Auto | Running])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/29 06:42:32 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/09/23 22:59:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\S-1-5-21-515967899-1682526488-839522115-1123\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/28 09:51:57 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..\Toolbar\WebBrowser: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe File not found
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-515967899-1682526488-839522115-1123..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\WINDOWS\Installer\{00020409-78E1-11D2-B60F-006097C998E7}\misc.exe ()
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE File not found
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} http://www.solidedge.com/CFIDE/classes/CFJava.cab (CFForm Runtime)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1214849190406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8138.3230555556 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultra-met.com
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/07 09:08:29 | 00,000,178 | ---- | C] () -- C:\Documents and Settings\Colleen\Desktop\Kaspersky Online Scanner 7.0.url
[2009/07/07 09:07:31 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:44:35 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/02 14:50:42 | 00,049,225 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:55:07 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/01 14:55:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/07/01 14:55:06 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/01 14:55:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/01 14:55:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/01 14:55:06 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/01 14:55:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/01 14:55:03 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/01 14:55:03 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/01 14:55:02 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/01 14:55:00 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/07/01 14:54:58 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/07/01 14:54:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/07/01 14:53:35 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/07/01 14:53:30 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/07/01 14:52:57 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/07/01 14:52:51 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/07/01 14:52:39 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/07/01 14:49:59 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/07/01 14:49:43 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/01 14:49:04 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/06/24 09:20:45 | 00,030,888 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/24 08:53:06 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 11:11:49 | 00,056,036 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:14:51 | 00,037,072 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/16 16:54:47 | 00,166,400 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:32:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/15 11:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\Local Settings\Application Data\UGS
[2009/06/15 11:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\My Documents\SymbolLibrary
[2009/06/10 09:08:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/06/10 09:07:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/08/27 13:51:38 | 00,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/02/29 12:49:17 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/08/29 13:53:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006/03/31 13:53:43 | 00,000,286 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2004/08/30 11:57:39 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/08/30 11:57:38 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2004/08/30 11:56:58 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2004/08/19 09:53:55 | 00,000,397 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2004/06/08 14:43:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/02 11:26:46 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/06/02 11:26:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/06/02 10:37:31 | 00,000,007 | ---- | C] () -- C:\WINDOWS\mltp2p.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfipx.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfip.ini
[2004/06/01 08:57:34 | 00,000,625 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2004/05/31 13:18:28 | 00,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2004/05/31 13:18:28 | 00,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2004/05/31 13:18:23 | 00,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2004/05/31 12:27:31 | 00,000,407 | ---- | C] () -- C:\WINDOWS\ZETAFAX.INI
[2004/05/31 11:52:52 | 00,001,456 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2004/05/31 11:52:18 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
[2004/05/31 11:29:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/31 11:26:36 | 00,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/29 06:44:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 06:39:53 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 06:39:34 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/04/29 06:39:34 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 06:39:32 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/04/29 06:39:32 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/29 06:39:31 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/04/29 06:39:02 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 06:33:52 | 00,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/29 06:18:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/29 06:03:56 | 00,000,551 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/20 17:13:44 | 03,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2002/09/03 14:36:02 | 00,000,912 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 14:26:32 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/08/29 06:00:00 | 00,246,944 | ---- | C] () -- C:\WINDOWS\System32\apphelp01.dll
[2002/05/07 17:06:36 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\platmsg.dll
[2002/05/07 17:06:16 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/04/16 17:57:28 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/28 03:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/07 09:10:42 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/07 09:10:42 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/07/07 09:10:42 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/07/07 09:06:57 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
[2009/07/07 09:06:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/07 09:06:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/07 09:06:10 | 10,727,66976 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/07 09:06:10 | 01,153,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/07 09:03:58 | 00,000,178 | ---- | M] () -- C:\Documents and Settings\Colleen\Desktop\Kaspersky Online Scanner 7.0.url
[2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:56:23 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/06 14:56:23 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/06 14:56:23 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/06 14:56:23 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/06 14:56:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/06 14:56:23 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/06 14:56:23 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/06 14:56:23 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/06 14:55:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/06 14:48:35 | 04,481,358 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-0000000D-00001102-00000004-10031102}.CDF
[2009/07/06 14:48:02 | 00,000,912 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/07/06 13:03:04 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/02 14:50:45 | 00,049,225 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:40:35 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/29 10:34:16 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\JUNK.par
[2009/06/24 08:53:06 | 00,000,028 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 13:17:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/23 11:11:49 | 00,056,036 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:18:10 | 00,037,072 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 16:54:48 | 00,166,400 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:09:43 | 00,000,016 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\office2007.dat.nt2
[2009/06/15 15:24:14 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Colleen\Desktop\Engineering Status.lnk
[2009/06/11 16:29:33 | 01,409,024 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\INDEX of U.M. DWG.fp7
[2009/06/08 09:31:28 | 00,023,235 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Brent 06052009.pdf
< End of report >


Extras

OTL Extras logfile created on: 7/7/2009 10:24:51 AM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Colleen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 615.43 Mb Available Physical Memory | 60.16% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 87.94% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.11 Gb Free Space | 51.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive H: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
Drive N: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive P: | 136.72 Gb Total Space | 28.02 Gb Free Space | 20.50% Space Free | Partition Type: NTFS
Drive V: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS

Computer Name: MARKETDESIGN
Current User Name: colleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/05/31 11:32:30 | 02,228,224 | ---- | M] (FileMaker, Inc.) -- C:\Program Files\FileMaker\FileMaker Pro 6\FileMaker Pro.exe:*:Enabled:FileMaker Pro
"\\Vantage\EPICOR\prgs91d\bin\prowin32.exe" = \\Vantage\EPICOR\prgs91d\bin\prowin32.exe:*:Enabled:prowin32
[2008/04/13 20:12:15 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
[2002/07/19 21:27:44 | 00,462,848 | ---- | M] (Minolta Co., Ltd.) -- C:\Program Files\Minolta\PageScope Network Setup\nstool.exe:*:Disabled:PageScope Network Setup
[2006/06/20 20:00:48 | 05,005,312 | ---- | M] (FileMaker, Inc.) -- C:\Program Files\FileMaker\FileMaker Pro 8.5\FileMaker Pro.exe:*:Enabled:FileMaker Pro
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\Vantage\EPICOR\prgs91d\bin\prowin32.exe" = \\Vantage\EPICOR\prgs91d\bin\prowin32.exe:*:Disabled:prowin32
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/06/20 20:00:48 | 05,005,312 | ---- | M] (FileMaker, Inc.) -- C:\Program Files\FileMaker\FileMaker Pro 8.5\FileMaker Pro.exe:*:Enabled:FileMaker Pro
[2009/04/25 01:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{200813E6-F3F2-44EA-B4FE-B99C4EE061FE}" = Solid Edge Machinery Library
"{229EEB8E-F6A0-4F0D-BCF4-A6E6194D5054}" = Zetafax Client
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{261B4FA0-DBE3-11D2-AD92-006008A6ABE2}" = Fiery Downloader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33226264-1CA2-11D5-B5F7-00105A0D37A2}" = Graphite v6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{4CC40F30-FD5F-11D4-B809-00105AE77964}" = Fiery Email Port Monitor 1.0.0.13
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{5EB2FAEE-DB4A-4CB3-8C51-6876C6D1FF7E}" = eDrawings 2007
"{606D713C-B60C-11D6-A47A-00B0D03E4223}" = SolidWorks 2003 Viewer
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{60a73620-3618-11d2-ad1a-006008a6abe2}" = Command WorkStation 4 .0.20
"{66B4F24C-BE5D-423A-B56B-4013481F6801}" = Intel® Pro Alerting Agent, Version 3.2.0
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = File Viewer Utility 1.3.1
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7D863662-0AB4-40BD-AD9F-A2ED548C3187}" = StuffIt Standard
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{902261FB-61C7-11D5-A02B-00E081105A80}" = ColorWise Pro Tools 3.1.15
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D0C08AE-2882-11D5-A0CF-00E081105A80}" = DBPro
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BBD2EEA1-9D2F-467B-ACC4-BCE03393B02D}" = SolidWorks viewer
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{BD9B62A5-2A0A-11D6-B67C-00105A0D37A2}" = Graphite v6
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C89C4BEA-3B9A-414A-9392-9CE4EC5C63BF}" = Documents To Go
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7BCF606-5821-4D1D-889E-76AE9D00E439}" = Solid Edge ST
"{DC4C464D-416A-4F42-B212-8B744C1BB4AE}" = FileMaker Pro 8.5
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = RemoteCapture 2.7.4
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F137C0D3-1080-4B3B-BC7E-A3EE88F6622F}" = Graphite Share v7.4
"{F3AD8BC6-BDA6-464E-A0DE-A87216F8340D}" = Solid Edge Standard Parts Administrator
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcSoft PhotoImpression" = ArcSoft PhotoImpression
"Change Properties Now!" = Change Properties Now!
"CorelDRAW 10" = CorelDRAW 10
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"DYMO Label Software" = DYMO Label Software
"goodsearch" = GoodSearch Toolbar
"HijackThis" = HijackThis 2.0.2
"HP DeskScan II" = HP DeskScan II
"HP Photo Printing Software" = HP Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver
"InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{7D863662-0AB4-40BD-AD9F-A2ED548C3187}" = StuffIt Standard
"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Java Web Start" = Java Web Start
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manufacturing by Epicor" = Manufacturing by Epicor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PageScope Network Setup" = Minolta PageScope Network Setup
"pdfFactory" = pdfFactory
"PhotoRecord" = Canon PhotoRecord
"PROGRESS 9.1D Shared Network Installation" = PROGRESS 9.1D Shared Network Installation
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Video Edit Magic_is1" = Video Edit Magic 3.39
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WksExcelConverter" = MS Works Spreadsheet to XLS Converter
"Word to PDF Converter_is1" = Word to PDF Converter 3.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zetafax Workstation" = Zetafax Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2009 9:25:45 AM | Computer Name = MARKETDESIGN | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 5.0.0.327, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012c3d.

Error - 6/10/2009 9:49:08 AM | Computer Name = MARKETDESIGN | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 5.0.0.327, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012c3d.

Error - 6/10/2009 9:49:44 AM | Computer Name = MARKETDESIGN | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 5.0.0.327, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012c3d.

Error - 6/10/2009 9:51:26 AM | Computer Name = MARKETDESIGN | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 5.0.0.327, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012c3d.

Error - 6/10/2009 9:51:54 AM | Computer Name = MARKETDESIGN | Source = Application Error | ID = 1000
Description = Faulting application Acrobat.exe, version 5.0.0.327, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012c3d.

Error - 6/12/2009 1:16:55 PM | Computer Name = MARKETDESIGN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Bredolab in File: C:\WINDOWS\SYSTEM32\WBEM\grpconv.exe
by: Scheduled scan. Action: Clean failed : Quarantine succeeded :

Error - 6/24/2009 4:37:32 PM | Computer Name = MARKETDESIGN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2009 12:37:20 PM | Computer Name = MARKETDESIGN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Packed.Generic.230 in File: C:\Documents and
Settings\Colleen\Local Settings\Temp\~TM11.tmp by: Scheduled scan. Action: Clean
failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230 in File:
C:\Documents and Settings\Colleen\Local Settings\Temp\~TM12.tmp by: Scheduled scan.
Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230
in File: C:\Documents and Settings\Colleen\Local Settings\Temp\~TM13.tmp by: Scheduled
scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230
in File: C:\Documents and Settings\Colleen\Local Settings\Temp\~TM14.tmp by: Scheduled
scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230
in File: C:\Documents and Settings\Colleen\Local Settings\Temp\~TM15.tmp by: Scheduled
scan. Action: Clean failed : Quarantine succeeded :

Error - 6/26/2009 1:19:03 PM | Computer Name = MARKETDESIGN | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Packed.Generic.230 in File: C:\Documents and
Settings\Colleen\Local Settings\Temp\~TM1C.tmp by: Scheduled scan. Action: Clean
failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230 in File:
C:\Documents and Settings\Colleen\Local Settings\Temp\~TM23.tmp by: Scheduled scan.
Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: Packed.Generic.230
in File: C:\WINDOWS\SYSTEM32\WBEM\proquota.exe by: Scheduled scan. Action: Clean
failed : Quarantine succeeded :

Error - 7/1/2009 2:44:06 PM | Computer Name = MARKETDESIGN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/5/2009 11:30:32 AM | Computer Name = MARKETDESIGN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/5/2009 11:31:30 AM | Computer Name = MARKETDESIGN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/5/2009 11:31:49 AM | Computer Name = MARKETDESIGN | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/25/2009 11:51:50 AM | Computer Name = MARKETDESIGN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/28/2009 1:31:01 PM | Computer Name = MARKETDESIGN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2009 1:32:05 PM | Computer Name = MARKETDESIGN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 5/28/2009 3:40:25 PM | Computer Name = MARKETDESIGN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/10/2009 9:07:05 AM | Computer Name = MARKETDESIGN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Genuine Advantage Notification (KB905474).


< End of report >

Kapersky Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, July 7, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, July 07, 2009 17:00:56
Records in database: 2437526
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 99632
Threat name: 6
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 01:40:11


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.vmq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40002.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.vmq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0000.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0002.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0004.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0006.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C0008.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C000A.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C000C.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\053C000E.VBN Infected: Trojan.Win32.Agent.ckuo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40000.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.vmq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40002.VBN Infected: not-a-virus:AdWare.Win32.SuperJuan.vmq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0CB80000.VBN Infected: Trojan.Win32.Agent.cjlh 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\323DC8D3-5067-427E-8E7B-3010E8CC147D\backup\0 Infected: not-a-virus:AdWare.Win32.SuperJuan.vte 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\323DC8D3-5067-427E-8E7B-3010E8CC147D\sourcing\0 Infected: not-a-virus:AdWare.Win32.SuperJuan.vte 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\backup\0 Infected: not-a-virus:AdWare.Win32.SuperJuan.vte 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\backup\1 Infected: Trojan.Win32.Agent.cjlh 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\backup\2 Infected: Trojan.Win32.Agent.cjlh 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\sourcing\0 Infected: not-a-virus:AdWare.Win32.SuperJuan.vte 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\sourcing\1 Infected: Trojan.Win32.Agent.cjlh 1
C:\Documents and Settings\Colleen\Local Settings\Temp\HouseCall\log\472CBE1C-92A3-453A-A41F-68CAD7670621\sourcing\2 Infected: Trojan.Win32.Agent.cjlh 1
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\WINDOWS\SYSTEM32\apphelp01.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.vxb 1

The selected area was scanned.

Hi new_mm,

Please let me no in your next reply how you computer is running and if you are having anymore problems.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
  IE - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com
  O4 - HKLM..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe File not found
  O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE File not found
  O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE File not found
  O7 - HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
  O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
  O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8138.3230555556 (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  :Files
  C:\Program Files\Internet Explorer\msimg32.dll
  C:\WINDOWS\SYSTEM32\apphelp01.dll 
  Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• You will get a log that shows the results of the fix. Please post it.
• Then also run and post a new OTL log.

Next

Go to Start then Run the copy and paste the following code into the box and click ok.

cmd /c copy "c:\WINDOWS\ServicePackFiles\i386\proquota.exe" "c:\WINDOWS\system32"

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
• Click the Download button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Then please post back with a new OTL log and let me no how thing are running.

Thanks

Well, the computer is still running slow, but with some tasks it ran ok. This has been the trend since this virus. Sometimes the computer will work, as if nothing was wrong, and other times it runs really slow. I ran the requested logs in the order listed, deleted all old Java JRE applications, and installed the most recent JRE 6 14. I will paste the requested logs below:

Fix Log

All processes killed
========== OTL ==========
Unable to set value : HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E!
Unable to set value : HKU\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AttuneClientEngine deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully.
C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully.
Registry value HKEY_USERS\S-1-5-21-515967899-1682526488-839522115-1123\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableProfileQuota deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== FILES ==========
DllUnregisterServer procedure not found in C:\Program Files\Internet Explorer\msimg32.dll
C:\Program Files\Internet Explorer\msimg32.dll NOT unregistered.
C:\Program Files\Internet Explorer\msimg32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\apphelp01.dll
C:\WINDOWS\SYSTEM32\apphelp01.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\apphelp01.dll moved successfully.
File\Folder Commands not found.
File\Folder [emptytemp] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.0.6.5 log created on 07082009_131522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Log

OTL logfile created on: 7/8/2009 1:22:44 PM - Run 2
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Colleen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 626.49 Mb Available Physical Memory | 61.24% Memory free
2.40 Gb Paging File | 2.14 Gb Available in Paging File | 88.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 19.03 Gb Free Space | 51.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.35 Gb Free Space | 72.22% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 136.72 Gb Total Space | 27.99 Gb Free Space | 20.47% Space Free | Partition Type: NTFS
Drive H: | 136.72 Gb Total Space | 27.99 Gb Free Space | 20.47% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
Drive N: | 136.72 Gb Total Space | 27.99 Gb Free Space | 20.47% Space Free | Partition Type: NTFS
Drive P: | 136.72 Gb Total Space | 27.99 Gb Free Space | 20.47% Space Free | Partition Type: NTFS
Drive V: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS

Computer Name: MARKETDESIGN
Current User Name: colleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2009/05/28 09:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2000/09/18 17:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\MsgSys.EXE
PRC - [2009/05/28 09:51:54 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/10/29 10:18:24 | 00,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
PRC - [2003/02/20 17:45:40 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2002/12/17 13:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2001/09/24 07:59:00 | 00,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/07/03 09:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2003/11/10 23:06:02 | 00,385,024 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
PRC - [2001/07/03 09:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2008/07/15 09:23:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/03/15 05:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/15 10:41:34 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE
PRC - [2002/04/05 09:45:10 | 00,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [1999/02/01 19:53:24 | 00,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
PRC - [2000/01/21 04:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OSA9.EXE
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/04/24 14:32:25 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/28 09:51:53 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/07/30 17:15:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/05/11 19:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2007/08/29 13:52:59 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 01:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/10 22:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [Auto | Running])
DRV - [2002/12/17 13:32:58 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2002/12/17 13:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/12/17 13:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/02/20 17:22:38 | 00,135,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/03/26 16:33:58 | 00,498,688 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/03/27 11:58:56 | 00,287,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/02/20 17:24:18 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/02/20 17:24:34 | 00,135,248 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
DRV - [2002/11/12 11:02:20 | 00,099,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2003/02/20 17:24:46 | 00,116,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2003/03/26 16:31:40 | 00,823,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/03/26 16:32:02 | 00,141,536 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2006/07/28 12:59:42 | 00,433,664 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/04/29 06:42:32 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/09/24 07:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP [On_Demand | Running])
DRV - [2001/09/24 07:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/07/08 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090708.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/08 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090708.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/05/07 17:05:56 | 00,039,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NetAlrt.sys -- (NetAlrt [Auto | Running])
DRV - [2002/07/30 17:15:40 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2003/12/16 11:02:00 | 01,331,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/03/26 16:32:32 | 00,189,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2001/11/15 10:41:34 | 00,012,338 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2003/03/06 10:10:34 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/05/07 17:06:36 | 00,023,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\PlatAlrt.sys -- (PlatAlrt [Auto | Running])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/29 06:42:32 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/09/23 22:59:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/28 09:51:57 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\WINDOWS\Installer\{00020409-78E1-11D2-B60F-006097C998E7}\misc.exe ()
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} http://www.solidedge.com/CFIDE/classes/CFJava.cab (CFForm Runtime)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1214849190406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultra-met.com
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/08 13:19:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/08 13:18:34 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:44:35 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/02 14:50:42 | 00,049,225 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:55:07 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/01 14:55:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/07/01 14:55:06 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/01 14:55:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/01 14:55:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/01 14:55:06 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/01 14:55:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/01 14:55:03 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/01 14:55:03 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/01 14:55:02 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/01 14:55:00 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/07/01 14:54:58 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/07/01 14:54:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/07/01 14:53:35 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/07/01 14:53:30 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/07/01 14:52:57 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/07/01 14:52:51 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/07/01 14:52:39 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/07/01 14:49:59 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/07/01 14:49:43 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/01 14:49:04 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/06/24 09:20:45 | 00,030,888 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/24 08:53:06 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 11:11:49 | 00,056,036 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:14:51 | 00,037,072 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/16 16:54:47 | 00,166,400 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:32:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/15 11:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\Local Settings\Application Data\UGS
[2009/06/15 11:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\My Documents\SymbolLibrary
[2009/06/10 09:08:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/06/10 09:07:33 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/08/27 13:51:38 | 00,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/02/29 12:49:17 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/08/29 13:53:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006/03/31 13:53:43 | 00,000,286 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2004/08/30 11:57:39 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/08/30 11:57:38 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2004/08/30 11:56:58 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2004/08/19 09:53:55 | 00,000,397 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2004/06/08 14:43:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/02 11:26:46 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/06/02 11:26:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/06/02 10:37:31 | 00,000,007 | ---- | C] () -- C:\WINDOWS\mltp2p.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfipx.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfip.ini
[2004/06/01 08:57:34 | 00,000,625 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2004/05/31 13:18:28 | 00,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2004/05/31 13:18:28 | 00,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2004/05/31 13:18:23 | 00,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2004/05/31 12:27:31 | 00,000,407 | ---- | C] () -- C:\WINDOWS\ZETAFAX.INI
[2004/05/31 11:52:52 | 00,001,456 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2004/05/31 11:52:18 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
[2004/05/31 11:29:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/31 11:26:36 | 00,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/29 06:44:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 06:39:53 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 06:39:34 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/04/29 06:39:34 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 06:39:32 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/04/29 06:39:32 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/29 06:39:31 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/04/29 06:39:02 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 06:33:52 | 00,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/29 06:18:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/29 06:03:56 | 00,000,551 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/20 17:13:44 | 03,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2002/09/03 14:36:02 | 00,000,912 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 14:26:32 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/05/07 17:06:36 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\platmsg.dll
[2002/05/07 17:06:16 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/04/16 17:57:28 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/28 03:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/08 13:22:14 | 00,000,912 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/07/08 13:21:09 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
[2009/07/08 13:20:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/08 13:20:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/08 13:20:33 | 10,727,66976 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/08 13:19:55 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/08 13:19:55 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/08 13:19:55 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/08 13:19:55 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/08 13:19:55 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/08 13:19:55 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/08 13:19:55 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/08 13:19:55 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/08 13:10:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/07 09:10:42 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/07 09:10:42 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/07/07 09:10:42 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/07/07 09:06:10 | 01,153,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:55:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/02 14:50:45 | 00,049,225 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:40:35 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/29 10:34:16 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\JUNK.par
[2009/06/24 08:53:06 | 00,000,028 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 13:17:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/23 11:11:49 | 00,056,036 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:18:10 | 00,037,072 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 16:54:48 | 00,166,400 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:09:43 | 00,000,016 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\office2007.dat.nt2
[2009/06/15 15:24:14 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Colleen\Desktop\Engineering Status.lnk
[2009/06/11 16:29:33 | 01,409,024 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\INDEX of U.M. DWG.fp7
< End of report >

Hello,

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Reg
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  "SearchMigratedDefaultName"=""
  [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
  "SearchMigratedDefaultUrl"=""
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• You will get a log that shows the results of the fix. Please post it.

Then please post back with the OTL results and a new DDS log.

Thanks

I ran the requested fix and then ran a new OTL scan again. I will paste the logs below. I will not be around to work on this issue tomorrow or over the weekend. I will return on Monday, so if you do not hear anything from me between today and Monday, that is why. Thanks for all your help on this issue.

Fix Log

All processes killed
========== REGISTRY ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\"SearchMigratedDefaultName"|"" /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\"SearchMigratedDefaultUrl"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: administrator.ULTRA-MET
->Temp folder emptied: 17902649 bytes
->Temporary Internet Files folder emptied: 67130823 bytes

User: ADMINI~1~ULT

User: All Users

User: barb
->Temp folder emptied: 2114629 bytes
->Temporary Internet Files folder emptied: 152626 bytes

User: brent
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Colleen
->Temp folder emptied: 999752377 bytes
->Temporary Internet Files folder emptied: 10716030 bytes
->Java cache emptied: 81207300 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: lisa
->Temp folder emptied: 147411 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 6698515 bytes

User: MFGWORK61

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: nwallace
->Temp folder emptied: 143 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: tara
->Temp folder emptied: 1219135 bytes
->Temporary Internet Files folder emptied: 4337095 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 860782 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 242649 bytes
RecycleBin emptied: 181552 bytes

Total Files Cleaned = 1137.57 mb


OTL by OldTimer - Version 3.0.6.5 log created on 07092009_095750

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL

OTL logfile created on: 7/9/2009 10:04:19 AM - Run 3
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Colleen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.00 Mb Total Physical Memory | 621.66 Mb Available Physical Memory | 60.77% Memory free
2.40 Gb Paging File | 2.13 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 20.52 Gb Free Space | 55.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.35 Gb Free Space | 72.27% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
Drive G: | 136.72 Gb Total Space | 27.98 Gb Free Space | 20.46% Space Free | Partition Type: NTFS
Drive H: | 136.72 Gb Total Space | 27.98 Gb Free Space | 20.46% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive M: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
Drive N: | 136.72 Gb Total Space | 27.98 Gb Free Space | 20.46% Space Free | Partition Type: NTFS
Drive P: | 136.72 Gb Total Space | 27.98 Gb Free Space | 20.46% Space Free | Partition Type: NTFS
Drive V: | 136.66 Gb Total Space | 91.69 Gb Free Space | 67.09% Space Free | Partition Type: NTFS

Computer Name: MARKETDESIGN
Current User Name: colleen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2009/07/08 13:59:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/10/29 10:18:24 | 00,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 02:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
PRC - [2003/02/20 17:45:40 | 00,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2000/09/18 17:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\MsgSys.EXE
PRC - [2002/12/17 13:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
PRC - [2001/09/24 07:59:00 | 00,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/07/03 09:11:52 | 00,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2003/11/10 23:06:02 | 00,385,024 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
PRC - [2009/07/08 13:59:55 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2001/07/03 09:17:04 | 00,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2008/07/15 09:23:59 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/03/15 05:18:18 | 00,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/11/15 10:41:34 | 00,299,008 | ---- | M] (Palm, Inc.) -- C:\Palm\HOTSYNC.EXE
PRC - [2002/04/05 09:45:10 | 00,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [1999/02/01 19:53:24 | 00,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
PRC - [2000/01/21 04:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\OSA9.EXE
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2002/08/07 06:34:26 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2001/09/24 07:59:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch [Auto | Running])
SRV - [2009/04/24 14:32:25 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/07/08 13:59:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2002/07/30 17:15:24 | 01,118,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NMSSvc.exe -- (NMSSvc [On_Demand | Stopped])
SRV - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])
SRV - [2003/12/16 11:02:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/05/11 19:15:50 | 00,052,736 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2007/08/29 13:52:59 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2004/08/11 02:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/08/11 01:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) -- c:\program files\windows media connect\mswmccds.exe -- (WmcCds [Unknown | Stopped])
SRV - [2004/08/10 22:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1997/12/22 21:02:46 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [Auto | Running])
DRV - [2002/12/17 13:32:58 | 00,061,424 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2002/12/17 13:32:46 | 00,023,436 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2002/12/17 13:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2003/02/20 17:22:38 | 00,135,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2003/03/26 16:33:58 | 00,498,688 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2003/03/27 11:58:56 | 00,287,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2003/02/20 17:24:18 | 00,006,144 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2003/02/20 17:24:34 | 00,135,248 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
DRV - [2002/11/12 11:02:20 | 00,099,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2001/08/17 13:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])
DRV - [2003/02/20 17:24:46 | 00,116,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2003/03/26 16:31:40 | 00,823,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2003/03/26 16:32:02 | 00,141,536 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2006/07/28 12:59:42 | 00,433,664 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2004/08/04 01:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 01:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/04/29 06:42:32 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/09/24 07:59:00 | 00,176,208 | ---- | M] () -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP [On_Demand | Running])
DRV - [2001/09/24 07:59:00 | 00,009,232 | ---- | M] () -- C:\Program Files\NavNT\NAVAPEL.SYS -- (NAVAPEL [Auto | Running])
DRV - [2009/07/08 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090708.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/08 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090708.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2002/05/07 17:05:56 | 00,039,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NetAlrt.sys -- (NetAlrt [Auto | Running])
DRV - [2002/07/30 17:15:40 | 00,009,868 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NMSCFG.SYS -- (NMSCFG [On_Demand | Stopped])
DRV - [2003/12/16 11:02:00 | 01,331,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/03/26 16:32:32 | 00,189,504 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2001/11/15 10:41:34 | 00,012,338 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2003/03/06 10:10:34 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2002/05/07 17:06:36 | 00,023,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\PlatAlrt.sys -- (PlatAlrt [Auto | Running])
DRV - [2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/04/29 06:42:32 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/09/23 22:59:00 | 00,057,696 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/04/29 06:42:32 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/08 13:59:57 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (GoodSearch Toolbar) - {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - C:\Program Files\goodsearch\goodsearch.dll (GoodSearch LLC )
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk = C:\WINDOWS\Installer\{00020409-78E1-11D2-B60F-006097C998E7}\misc.exe ()
O4 - Startup: C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\printkey.exe (Fred's Software Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} http://www.solidedge.com/CFIDE/classes/CFJava.cab (CFForm Runtime)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1214849190406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultra-met.com
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/08 14:00:15 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 14:00:15 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 14:00:15 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 14:00:15 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 13:38:40 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/07/08 13:38:40 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/07/08 13:19:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/08 13:18:34 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:44:35 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/02 14:50:42 | 00,049,225 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:55:07 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/07/01 14:55:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/07/01 14:55:06 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/07/01 14:55:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/07/01 14:55:06 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/07/01 14:55:06 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/07/01 14:55:04 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/07/01 14:55:03 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/07/01 14:55:03 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/07/01 14:55:02 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/07/01 14:55:00 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/07/01 14:54:58 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/07/01 14:54:55 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/07/01 14:53:35 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/07/01 14:53:30 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/07/01 14:52:57 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/07/01 14:52:51 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/07/01 14:52:39 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/07/01 14:49:59 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/07/01 14:49:43 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/07/01 14:49:04 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/06/24 09:20:45 | 00,030,888 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/24 08:53:06 | 00,000,028 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 11:11:49 | 00,056,036 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:14:51 | 00,037,072 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/16 16:54:47 | 00,166,400 | ---- | C] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:32:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/15 11:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\Local Settings\Application Data\UGS
[2009/06/15 11:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Colleen\My Documents\SymbolLibrary
[2009/06/10 09:08:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/08/27 13:51:38 | 00,000,077 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2008/02/29 12:49:17 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2007/08/29 13:53:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006/03/31 13:53:43 | 00,000,286 | ---- | C] () -- C:\WINDOWS\CorelDRAW.ini
[2004/08/30 11:57:39 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/08/30 11:57:38 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2004/08/30 11:56:58 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2004/08/19 09:53:55 | 00,000,397 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2004/06/08 14:43:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/02 11:26:46 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2004/06/02 11:26:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2004/06/02 10:37:31 | 00,000,007 | ---- | C] () -- C:\WINDOWS\mltp2p.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfipx.ini
[2004/06/02 10:37:31 | 00,000,005 | ---- | C] () -- C:\WINDOWS\mltconfip.ini
[2004/06/01 08:57:34 | 00,000,625 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2004/05/31 13:18:28 | 00,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll
[2004/05/31 13:18:28 | 00,000,687 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpscan16.sys
[2004/05/31 13:18:23 | 00,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI
[2004/05/31 12:27:31 | 00,000,407 | ---- | C] () -- C:\WINDOWS\ZETAFAX.INI
[2004/05/31 11:52:52 | 00,001,456 | ---- | C] () -- C:\WINDOWS\PhotoImpression.ini
[2004/05/31 11:52:18 | 00,000,018 | ---- | C] () -- C:\WINDOWS\as_setup.ini
[2004/05/31 11:29:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2004/05/31 11:26:36 | 00,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/29 06:44:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/29 06:39:53 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/04/29 06:39:34 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/04/29 06:39:34 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/04/29 06:39:32 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2004/04/29 06:39:32 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2004/04/29 06:39:31 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/04/29 06:39:02 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/04/29 06:33:52 | 00,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/29 06:18:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/29 06:03:56 | 00,000,551 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/20 17:13:44 | 03,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2002/09/03 14:36:02 | 00,000,912 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 14:26:32 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/05/07 17:06:36 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\platmsg.dll
[2002/05/07 17:06:16 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll
[2002/04/16 17:57:28 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\aolninst.dll
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/10/28 03:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001/09/24 07:59:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 17:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[2000/04/14 16:50:02 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 13:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Documents and Settings\Colleen\My Documents\*.tmp files]
[2009/07/09 10:03:03 | 00,002,457 | ---- | M] () -- C:\Documents and Settings\Colleen\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
[2009/07/09 10:02:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/09 10:02:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/09 10:02:30 | 10,727,66976 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/09 10:01:48 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/09 10:01:48 | 00,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/09 10:01:48 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/09 10:01:48 | 00,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-0000000D-00001102-00000004-10031102}.rfx
[2009/07/09 10:01:48 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/07/09 10:01:48 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/07/09 10:01:48 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/09 10:01:48 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000D-00001102-00000004-10031102}.dat
[2009/07/08 13:59:55 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/08 13:59:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/08 13:59:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/08 13:59:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/08 13:59:54 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/08 13:37:57 | 00,000,912 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/07/08 13:10:15 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/07 09:10:42 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/07 09:10:42 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/07/07 09:10:42 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/07/07 09:06:10 | 01,153,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/07 08:19:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colleen\Desktop\OTL.exe
[2009/07/06 14:55:44 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/02 14:50:45 | 00,049,225 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Logo Revised 2009.jpg
[2009/07/01 14:40:35 | 00,030,888 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger3.dat
[2009/06/29 10:34:16 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\JUNK.par
[2009/06/24 08:53:06 | 00,000,028 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger4.dat
[2009/06/23 14:59:44 | 00,585,534 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\OLSON.bmp
[2009/06/23 14:04:04 | 00,294,827 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Nick_0001.jpg
[2009/06/23 13:17:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger2.dat
[2009/06/23 11:11:49 | 00,056,036 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.dxf
[2009/06/23 11:10:05 | 00,007,846 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\WCRX.wmf
[2009/06/18 09:05:40 | 00,015,899 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\chipbreaker.pdf
[2009/06/17 16:18:10 | 00,037,072 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\Ramstar.pdf
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/16 16:54:48 | 00,166,400 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\FSC LAYOUT.par
[2009/06/16 08:32:56 | 00,003,297 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\messanger1.dat
[2009/06/16 08:09:43 | 00,000,016 | ---- | M] () -- C:\Documents and Settings\Colleen\Application Data\office2007.dat.nt2
[2009/06/15 15:24:14 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Colleen\Desktop\Engineering Status.lnk
[2009/06/11 16:29:33 | 01,409,024 | ---- | M] () -- C:\Documents and Settings\Colleen\My Documents\INDEX of U.M. DWG.fp7
< End of report >

I did ask for a DDS log but never mind, I probably won't get to look at your log till later tonight so thanks
for letting me no you are going to be unavailable for a few days.

Syler