Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird symptoms, log included


  • This topic is locked This topic is locked
16 replies to this topic

#1 jeannen

jeannen

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 06 July 2009 - 10:40 AM

Hello,
I have a Compaq Presario with 3 gig of RAM and a 160 gig hard drive. Windows XP, service pack 3. I'm using Symantec Corporate AV, updated daily, and Webroot Spysweeper, which updates automatically . I've recently also run Spybot S&D, as well as Ad-Aware just to see if Spysweeper was overlooking something. Maxthon was my preferred browser until it started crashing repeatedly, so I switched to IE 8. Outlook Express is my mail program.

A few months ago, I started having odd symptoms. I can't open more than 2 or 3 emails at a time. If I do, I get the out of memory error. And I can't open more than two or three tabs in Outlook Express, or it will just sit there doing nothing. It doesn't seem to matter which program I try to open - Flashget, Quicken, Paint Shop Pro, etc., I'll get an error message that disappears when I close either outlook express or IE. Also, when I open and close programs, it takes a good 15-30 seconds for programs to finish closing out.

So, here is my hijack log. I hope you can help me. Thanks!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://welcome.hughesnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "C:\WINDOWS\ARPWRMSG.EXE"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DT LGE] "C:\Program Files\Portrait Displays\forteManager\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [HughesNetTools_McciTrayApp] "C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe"
O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe"
O4 - HKLM\..\Run: [NswUiTray] "C:\Program Files\Norton SystemWorks Premier Edition\NswUiTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [QuickenScheduledUpdates] "C:\Program Files\Quicken\bagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139890314395
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://traf2.murfreesborotn.gov/activex/AxisCamControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:01:34 PM

Posted 13 July 2009 - 03:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 14 July 2009 - 07:20 PM

Here is the information from DDS.txt. The other file is attached as instructed. An additional piece of info: tonight I had Outlook Express, Quicken and Excel open. I had to close OE to load Quicken. Then, I had to close Quicken to finish saving the Excel file. The save file dialog box just sat there and turned gray until I closed quicken. That's no different than I was before I installed another 2 gig of RAM. The system recognizes all the RAM but certainly doesn't act like it has even a GIG of RAM.

Thanks!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeanne at 19:09:27.29 on Tue 07/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2211 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall Pro *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Quicken\bagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jeanne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://welcome.hughesnet.com/
uInternet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [QuickenScheduledUpdates] "c:\program files\quicken\bagent.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "c:\windows\ARPWRMSG.EXE"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Logitech Utility] "c:\windows\Logi_MwX.Exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] "c:\progra~1\symant~1\VPTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SmcService] "c:\progra~1\sygate\spf\smc.exe" -startgui
mRun: [HughesNetTools_McciTrayApp] "c:\program files\hughesnettools\1\McciTrayApp_SSR.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [NSWosCheck] "c:\program files\norton systemworks premier edition\osCheck.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks premier edition\norton cleanup\WCQuick.lnk
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139890314395
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://traf2.murfreesborotn.gov/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeanne\applic~1\mozilla\firefox\profiles\tvqmol39.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-5 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-4-3 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2008-9-25 95600]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-4-21 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2008-11-7 1205760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-13 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090714.004\naveng.sys [2009-7-14 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090714.004\navex15.sys [2009-7-14 875728]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-07-06 06:42 <DIR> --d----- C:\HijackThis
2009-07-05 20:26 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-05 14:56 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-05 14:52 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-22 18:38 <DIR> --d----- c:\program files\USPS

==================== Find3M ====================

2009-05-27 11:13 34 a------- c:\documents and settings\jeanne\jagex_runescape_preferences.dat
2009-05-24 13:17 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-24 13:16 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-05-24 13:16 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-05-24 13:16 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-05-24 13:16 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-05-24 13:16 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-05-24 13:16 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-05-24 13:16 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-05-24 13:16 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2009-05-13 15:39 1,563,008 a------- c:\windows\WRSetup.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 16:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 16:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-25 00:30 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-18 10:09 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2008-10-15 23:29 247,798 a------- c:\documents and settings\jeanne\GoldSeamlessPatterns.zip
2008-10-15 23:26 3,938,357 a------- c:\documents and settings\jeanne\~B~ Flergs Desktop 1024x768.zip
2008-10-12 14:58 58,834 a------- c:\documents and settings\jeanne\Chic_Gradients_Psp_by_ElvenSword.zip
2008-10-12 14:56 114,894 a------- c:\documents and settings\jeanne\infinita_IMeg_ActionSnowman.zip
2008-10-12 14:56 110,572 a------- c:\documents and settings\jeanne\infinita_IMeg_ActionPine01.zip
2008-03-08 13:01 952 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:10:22.35 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 PM

Posted 16 July 2009 - 05:53 PM

Hi jeannen,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 17 July 2009 - 08:38 AM

Hi mOle,
I have subscribed to the topic as you requested, and I won't install or uninstall anything.

Thanks!
jeannen

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 PM

Posted 17 July 2009 - 04:38 PM

Okay jeannen,

Not found anything from the DDS log so let's look for something more sneaky.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Then

We need to create an OTL Report
  • Please download OTL from the mirror:
    [http://oldtimer.geekstogo.com/OTL.exe]This is THE Mirror[/url]
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 18 July 2009 - 07:00 AM

Here is the GMER log. I'll run the other scan next but it will be tonight before I can post the results. Thanks!


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-18 06:59:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xBA182B30]
SSDT 8ADF75B8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT 8B1AA5B8 ZwCreateProcess
SSDT 8B1AA540 ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xBA1826F0]
SSDT 8B193180 ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB4D19800]
SSDT 8AD6AA48 ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xBA182470]
SSDT 8AD9ECD0 ZwOpenProcess
SSDT 8AD82170 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xBA182C50]
SSDT 8B1A9FA8 ZwQueueApcThread
SSDT 8B1A9E40 ZwReadVirtualMemory
SSDT 8B1ABC98 ZwRenameKey
SSDT 8B1AA1F8 ZwSetContextThread
SSDT 8B1D0270 ZwSetInformationKey
SSDT 8B1AA450 ZwSetInformationProcess
SSDT 8B1AA270 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4D19A50]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xBA182990]
SSDT 8B1AA3D8 ZwSuspendProcess
SSDT 8B1AA180 ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xBA1828D0]
SSDT 8B1AA2E8 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xBA182D60]

---- Kernel code sections - GMER 1.0.15 ----

.text tcpip.sys!IPTransmit + 10FC B4B54D3A 6 Bytes CALL BA58AFB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 B4B56690 6 Bytes CALL BA58AFB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 B4B6C454 6 Bytes CALL BA58AFB0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA9FD3FD 4 Bytes CALL BA58B100 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys BA9FD402 2 Bytes [90, 90] {NOP ; NOP }

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[2244] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [BA58BA40] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [BA58BC90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [BA58BDF0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [BA58BD50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Ip 8ADC6890
Device \Driver\Tcpip \Device\Ip 8AE4CFA8
Device \Driver\Tcpip \Device\Ip 8AFF2858
Device \Driver\Tcpip \Device\Ip 8B15A470

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp 8ADC6890
Device \Driver\Tcpip \Device\Tcp 8AE4CFA8
Device \Driver\Tcpip \Device\Tcp 8AFF2858
Device \Driver\Tcpip \Device\Tcp 8B15A470

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp 8ADC6890
Device \Driver\Tcpip \Device\Udp 8AE4CFA8
Device \Driver\Tcpip \Device\Udp 8AFF2858
Device \Driver\Tcpip \Device\Udp 8B15A470

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp 8ADC6890
Device \Driver\Tcpip \Device\RawIp 8AE4CFA8
Device \Driver\Tcpip \Device\RawIp 8AFF2858
Device \Driver\Tcpip \Device\RawIp 8B15A470

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST 8ADC6890
Device \Driver\Tcpip \Device\IPMULTICAST 8AE4CFA8
Device \Driver\Tcpip \Device\IPMULTICAST 8AFF2858
Device \Driver\Tcpip \Device\IPMULTICAST 8B15A470

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 18 July 2009 - 09:39 PM

I got an access violation message when I tried to run a full scan so I tried a quick scan and was able to run that. Here are the logs for those:

OTL.TXT:

OTL logfile created on: 7/18/2009 7:42:21 AM - Run 1
OTL by OldTimer - Version 3.0.9.0 Folder = C:\Documents and Settings\Jeanne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4509 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 97.64 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.96 Gb Free Space | 11.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 189.92 Gb Total Space | 123.17 Gb Free Space | 64.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: Jeanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/06/06 12:48:30 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/14 10:54:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/09/25 14:53:16 | 00,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE
PRC - [2005/08/03 02:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2003/03/04 04:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/11/20 16:36:25 | 01,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/03/14 10:54:48 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/13 15:40:08 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2005/09/27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe
PRC - [2007/08/15 21:20:04 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/25 14:53:32 | 00,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/10/27 18:30:34 | 00,087,328 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/08/30 10:50:28 | 00,975,528 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe
PRC - [2009/02/19 00:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2005/08/14 07:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/07/17 19:20:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/01 10:31:11 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2007/02/01 15:06:08 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC [Disabled | Stopped])
SRV - [2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/10/05 22:15:05 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/03/24 03:36:29 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/14 10:54:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/05 15:15:24 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2009/02/19 00:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/08/01 10:31:01 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 21:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/04/08 09:56:30 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/09/25 14:53:16 | 00,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/09/27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2008/09/25 14:53:32 | 00,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service [Auto | Running])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2009/06/06 12:48:30 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService [Auto | Running])
SRV - [2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe -- (wwSecSvc [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/14 10:54:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/12/20 14:27:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/17 21:28:09 | 00,000,000 | ---D | M]

[2009/07/11 10:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\mozilla\Firefox\Profiles\tvqmol39.default\extensions
[2007/10/27 21:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\mozilla\Firefox\Profiles\tvqmol39.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 10:39:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/20 14:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/14 21:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/05 23:03:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/10/26 22:54:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/14 10:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/03/26 23:17:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/20 14:26:58 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/20 14:26:58 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/20 14:26:58 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/20 14:26:59 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/20 14:26:59 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/14 10:54:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/12/20 14:27:06 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/09 22:48:37 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/02/09 22:48:37 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/02/09 22:48:37 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/02/09 22:48:37 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/02/09 22:48:37 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/02/09 22:48:37 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (224678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7885 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SpySweeper] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2826 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1139890314395 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://traf2.murfreesborotn.gov/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (...) - File not found
O30 - LSA: Security Packages - (ity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings..) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 12:41:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/01/26 23:53:38 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell - "" = AutoRun
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 14 Days ==========

[2009/07/17 19:20:53 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe
[2009/07/17 19:18:05 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\gmer.zip
[2009/07/14 22:01:58 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\Jeanne\Desktop\CCleaner.lnk
[2009/07/14 22:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/14 19:44:52 | 03,252,640 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jeanne\My Documents\ccsetup221.exe
[2009/07/14 19:16:20 | 00,004,980 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\attach.zip
[2009/07/14 18:58:16 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Money spent.xls
[2009/07/11 22:02:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanne\My Documents\Sort
[2009/07/11 21:09:33 | 00,258,053 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Rebel luvs u.jpg
[2009/07/09 23:43:40 | 00,654,920 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\mtinst.exe
[2009/07/06 06:42:02 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/07/05 21:05:58 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/05 20:26:06 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/05 15:39:14 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\HiJackThis.zip
[2009/07/05 14:56:48 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/05 14:52:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/05 14:52:02 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 08:21:54 | 00,023,499 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Ash&Ass.jpg
[2009/07/04 23:29:45 | 00,033,780 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\horse with oat chips.jpg
[2009/07/04 23:17:46 | 00,128,681 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\WantedCoffeeMouse-top-TY22222222317.gif
[2009/07/04 23:17:46 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\winter_chocolatedrink_12_5.gif
[2009/07/04 23:17:46 | 00,052,494 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\wherewelove-vi.gif
[2009/07/04 23:17:46 | 00,049,013 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Vintage Tea Pot.jpg
[2009/07/04 23:17:45 | 00,171,521 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\topper3-23-0711.gif
[2009/07/04 23:17:45 | 00,094,301 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\topper_cupsofcheer.gif
[2009/07/04 23:17:45 | 00,082,551 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Teawithus-vi44.gif
[2009/07/04 23:17:45 | 00,037,836 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\TempsDeCafeLBM908Blank.jpg
[2009/07/04 23:17:45 | 00,029,576 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\TimeforTeaDD031709.jpg
[2009/07/04 23:17:45 | 00,028,261 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\time for tea-vi.jpg
[2009/07/04 23:17:45 | 00,025,502 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Untitled11121111.jpg

========== Files - Modified Within 14 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/07/17 20:43:29 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/17 19:20:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe
[2009/07/17 19:18:05 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\gmer.zip
[2009/07/17 18:00:00 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jeanne.job
[2009/07/17 15:09:58 | 00,000,200 | ---- | M] () -- C:\WINDOWS\tasks\defsgetter.job
[2009/07/17 02:00:02 | 00,001,564 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2009/07/16 23:00:02 | 00,001,668 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LB9697396EEB8407C8DF4F00B37BE2C76.job
[2009/07/16 22:13:52 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/16 21:43:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 21:41:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 21:41:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/16 21:38:31 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 22:01:58 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\CCleaner.lnk
[2009/07/14 19:44:52 | 03,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jeanne\My Documents\ccsetup221.exe
[2009/07/14 19:16:20 | 00,004,980 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\attach.zip
[2009/07/14 18:58:16 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Money spent.xls
[2009/07/13 21:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/12 17:39:31 | 00,113,121 | ---- | M] () -- C:\logfile
[2009/07/12 17:01:11 | 00,000,237 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\Photobucket Account.url
[2009/07/12 14:56:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/12 13:36:39 | 00,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/12 13:24:40 | 01,441,792 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/12 13:24:39 | 02,649,088 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/11 21:13:26 | 00,069,488 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelCandy.ttf
[2009/07/11 21:09:33 | 00,258,053 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Rebel luvs u.jpg
[2009/07/09 23:43:50 | 00,654,920 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\mtinst.exe
[2009/07/09 22:44:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/07 21:54:45 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/07/06 20:55:49 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/07/05 15:39:18 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\HiJackThis.zip
[2009/07/05 15:16:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/05 15:15:49 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/05 14:52:02 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 08:21:54 | 00,023,499 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Ash&Ass.jpg
[2009/07/04 23:29:45 | 00,033,780 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\horse with oat chips.jpg
[2009/07/04 23:17:46 | 00,128,681 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\WantedCoffeeMouse-top-TY22222222317.gif
[2009/07/04 23:17:46 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\winter_chocolatedrink_12_5.gif
[2009/07/04 23:17:46 | 00,052,494 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\wherewelove-vi.gif
[2009/07/04 23:17:46 | 00,049,013 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Vintage Tea Pot.jpg
[2009/07/04 23:17:45 | 00,171,521 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\topper3-23-0711.gif
[2009/07/04 23:17:45 | 00,094,301 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\topper_cupsofcheer.gif
[2009/07/04 23:17:45 | 00,082,551 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Teawithus-vi44.gif
[2009/07/04 23:17:45 | 00,037,836 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\TempsDeCafeLBM908Blank.jpg
[2009/07/04 23:17:45 | 00,029,576 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\TimeforTeaDD031709.jpg
[2009/07/04 23:17:45 | 00,028,261 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\time for tea-vi.jpg
[2009/07/04 23:17:45 | 00,025,502 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Untitled11121111.jpg
[2009/07/04 21:32:25 | 00,031,524 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\AbilityBlack.otf
[2009/07/04 21:13:01 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

========== LOP Check ==========

[2005/11/11 10:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2009/07/05 14:52:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/05 14:52:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/11/01 00:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/09/24 06:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/10/05 22:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/04/20 07:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/03 22:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/07/03 05:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/08/16 19:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/07/09 22:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed
[2009/04/18 10:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonSystemWorks
[2008/04/18 18:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/11/11 15:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/05 21:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/07 00:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/12 18:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/06/17 21:04:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/08/28 11:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2006/02/19 12:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2007/06/17 19:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\U3
[2009/05/06 15:52:05 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data
[2008/07/07 00:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Aim
[2008/03/04 18:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\ArcSoft
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Digital Interactive Systems Corporation
[2007/08/26 08:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\DisplayTune
[2007/07/04 00:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\funkitron
[2007/08/20 16:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\InterTrust
[2007/07/14 10:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\InterVideo
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Intuit
[2005/11/11 10:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intuit
[2009/06/11 23:04:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jeanne\Application Data
[2009/01/06 17:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Ahead
[2007/10/27 22:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\aignes
[2008/01/13 23:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Alien Skin
[2007/09/10 20:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\ArcSoft
[2008/03/08 12:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Corel
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Digital Interactive Systems Corporation
[2007/08/25 11:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\DisplayTune
[2007/09/30 15:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\EPSON
[2007/12/06 22:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\InterVideo
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Intuit
[2007/08/18 10:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Leadertech
[2009/05/10 10:56:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Mailbag Assistant
[2008/07/03 05:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Motive
[2009/04/25 16:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\MxBoost
[2007/09/01 20:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\MyFamily.com
[2008/10/25 21:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Noteega
[2008/10/25 21:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\NoteegaInstall
[2007/10/05 23:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Opera
[2008/04/18 18:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\PlayFirst
[2007/10/07 15:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Progeny
[2009/01/11 17:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Research In Motion
[2007/08/21 21:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Smart Panel
[2008/10/12 10:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Snapfish
[2008/08/06 21:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\TrojanHunter
[2008/06/10 23:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\U3
[2009/01/10 16:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\WinBatch
[2008/10/16 17:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/10/16 17:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit
[2009/03/26 18:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/03/26 18:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2008/03/12 19:12:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sonny\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\Digital Interactive Systems Corporation
[2008/03/12 19:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\DisplayTune
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\Intuit
[2009/07/12 14:56:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/07/13 21:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/07/17 15:09:58 | 00,000,200 | ---- | M] () -- C:\WINDOWS\Tasks\defsgetter.job
[2004/08/10 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/04 21:13:01 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2009/07/17 20:43:29 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/17 18:00:00 | 00,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Jeanne.job
[2009/07/06 20:55:49 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
[2009/07/16 21:41:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/17 02:00:02 | 00,001,564 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
[2009/07/16 23:00:02 | 00,001,668 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LB9697396EEB8407C8DF4F00B37BE2C76.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD39382
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
< End of report >


Extras.txt:

OTL Extras logfile created on: 7/18/2009 7:42:21 AM - Run 1
OTL by OldTimer - Version 3.0.9.0 Folder = C:\Documents and Settings\Jeanne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4509 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 97.64 Gb Free Space | 54.76% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.96 Gb Free Space | 11.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 189.92 Gb Total Space | 123.17 Gb Free Space | 64.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: Jeanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- File not found
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08365B6E-F1DC-458F-A47E-FD99109118CD}" = Kodak DIGITAL ROC Professional Plug-In 2.0.0
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0B53B71D-9E2F-42B8-9123-96354872D166}" = EPSON Photo Print
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{10B446B3-4DF4-4489-A168-8A98F7CD807E}" = Sygate Personal Firewall Pro
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1883A84D-94AA-432C-9519-FA31B6B118B9}" = forteManager
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.76
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F21D99-D525-4A09-826D-F61B3059C0CE}" = Kodak DIGITAL GEM Professional Plug-In 2.0.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69B02159-7626-4DBB-B9EE-F933039830AD}" = QuickBooks Premier: Contractor Edition 2006
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{840C4B66-63C7-485F-96E0-1C19EEA4578E}" = ArcSoft Scan-n-Stitch Deluxe
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97C72772-7343-4308-B665-D134855D733E}" = Cleanerzoomer 3.64a
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C13A8E73-7E98-4295-BA94-6931701CD1F9}" = Topaz Vivacity
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D7DBA21A-CDE5-42EC-BB1C-AE4B3E616B9A}_is1" = HP Support Overview
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E33350DF-0A12-4387-B6E8-128C08C0F1FF}" = Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks Premier Edition
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F45C0410-1348-4F25-8F28-F8E044E11222}" = Kodak DIGITAL SHO Professional Plug-In 2.0.0
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"20/20 v2.2" = 20/20 v2.2
"3D Maker by Lokas Software" = 3D Maker by Lokas Software
"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"aignesamdeadlink_is1" = AM-DeadLink 3.1
"Artistic Effects by Lokas Software" = Artistic Effects by Lokas Software
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 5.25
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner (remove only)
"Charting Companion for Family Tree Maker 1.0" = Charting Companion for Family Tree Maker
"Creative Jukebox Driver" = Creative Jukebox Driver
"DreamSuite" = Uninstall DreamSuite
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Duplicate Finder_is1" = Duplicate Finder
"EPSON Printer and Utilities" = EPSON Printer Software
"FlashGet" = FlashGet 1.9.2.1028
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"hughes.MCCInstall" = HughesNet Tools
"HughesNetTools" = HughesNetTools
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"Jasc Paint Shop Pro 9 GDI+ Patch" = Jasc Paint Shop Pro 9 GDI+ Patch
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"Logitech Resource Center" = Logitech Resource Center
"Mailbag Assistant_is1" = Mailbag Assistant (Remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Mystical" = Uninstall Mystical
"nik Sharpener Pro 2.0 Complete" = nik Sharpener Pro 2.0 Complete
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Plugin Commander Pro" = Plugin Commander Pro
"PS2" = PS2
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Setup Wizard EPIC" = EPSON EIC CX5400
"Silent Package Run-Time Sample" = EPSON RX500 Reference Guide
"SymSetup.{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}" = Norton SystemWorks (Symantec Corporation)
"SysInfo" = Creative System Information
"Unziplify_is1" = Unziplify v1.3
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Yahoo! Messenger" = Yahoo! Messenger
"YouTubeGet_is1" = YouTubeGet 4.9.7

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 8:51:40 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\DefWatch.exe Event Info: Open Process Action Taken: Blocked Actor Process:
C:\Documents and Settings\Jeanne\Desktop\gmer.exe (PID 4532) Time: Friday, July
17, 2009 7:51:40 PM

Error - 7/17/2009 11:39:17 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/18/2009 3:34:47 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/18/2009 3:34:47 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/18/2009 8:26:47 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 7/15/2009 9:37:44 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 7/15/2009 9:38:20 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/16/2009 6:59:39 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 7/16/2009 7:00:29 AM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/16/2009 7:44:58 AM | Computer Name = YOUR-55E5F9E3D2 | Source = SSIDRV | ID = 131098
Description = Failed to set monitor event rule.

Error - 7/16/2009 9:36:01 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 7/16/2009 9:36:50 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 7/16/2009 10:39:27 PM | Computer Name = YOUR-55E5F9E3D2 | Source = SSIDRV | ID = 131098
Description = Failed to set monitor event rule.

Error - 7/16/2009 10:42:36 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Creative Service for CDROM Access service failed to start due
to the following error: %%2

Error - 7/16/2009 10:43:23 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >

I tried running a full scan again and was able to do that, but it only produced the OTL.Txt file, and not the extras file. Here is that one:

OTL logfile created on: 7/18/2009 9:24:27 PM - Run 1
OTL by OldTimer - Version 3.0.9.0 Folder = C:\Documents and Settings\Jeanne\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4509 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 97.58 Gb Free Space | 54.73% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.96 Gb Free Space | 11.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 189.92 Gb Total Space | 123.17 Gb Free Space | 64.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-55E5F9E3D2
Current User Name: Jeanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/06 12:48:30 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/14 10:54:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005/08/05 23:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/09/25 14:53:16 | 00,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE
PRC - [2005/08/03 02:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
PRC - [2003/03/04 04:50:00 | 00,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Logi_MwX.Exe
PRC - [2005/04/08 15:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/04/17 12:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/11/20 16:36:25 | 01,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2005/02/02 17:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/03/14 10:54:48 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/13 15:40:08 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2005/09/27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe
PRC - [2007/08/15 21:20:04 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/25 14:53:32 | 00,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/10/27 18:30:34 | 00,087,328 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\bagent.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/08/30 10:50:28 | 00,975,528 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2004/02/11 09:00:00 | 00,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe
PRC - [2009/02/19 00:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/08/05 23:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2005/08/14 07:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2009/07/17 19:20:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe
PRC - [2009/04/25 00:27:50 | 00,636,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 02:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/14 00:29:40 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/01 10:31:11 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Disabled | Stopped])
SRV - [2005/04/08 15:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (Creative Service for CDROM Access [Auto | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2007/02/01 15:06:08 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC [Disabled | Stopped])
SRV - [2005/10/11 18:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/10/05 22:15:05 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/03/24 03:36:29 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 13:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/14 10:54:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/05 15:15:24 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2009/02/19 00:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2005/10/23 08:46:44 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/08/01 10:31:01 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/10/15 16:34:44 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 21:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/04/08 09:56:30 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/01/22 11:13:26 | 00,275,752 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/09/25 14:53:16 | 00,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
SRV - [2003/07/28 22:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/09/27 12:16:00 | 02,635,472 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2008/09/25 14:53:32 | 00,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier Edition\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service [Auto | Running])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004/11/03 02:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2005/08/04 04:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009/04/21 18:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running])
SRV - [2009/06/06 12:48:30 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService [Auto | Running])
SRV - [2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe -- (wwSecSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/09/23 15:26:40 | 01,094,751 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/08/29 17:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/08/14 00:35:54 | 01,313,792 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/26 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/07/15 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2003/12/03 04:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2005/03/07 23:43:25 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/07 23:43:26 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/07 23:43:27 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/09/30 01:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2008/12/18 23:43:12 | 00,063,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042mou.Sys -- (L8042mou [On_Demand | Stopped])
DRV - [2003/03/04 04:50:00 | 00,053,870 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
DRV - [2009/07/05 15:15:49 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/12/18 23:43:18 | 00,010,384 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
DRV - [2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2003/03/04 04:50:00 | 00,025,214 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Stopped])
DRV - [2003/03/04 04:50:00 | 00,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Stopped])
DRV - [2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2003/03/04 04:50:00 | 00,073,134 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Stopped])
DRV - [2008/12/18 23:43:54 | 00,079,248 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Stopped])
DRV - [2007/10/15 16:36:07 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2004/11/22 11:36:40 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
DRV - [2007/10/15 16:36:07 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2009/07/18 02:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090718.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/07/18 02:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090718.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2008/09/25 14:53:14 | 00,087,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
DRV - [2006/11/16 17:31:40 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Running])
DRV - [2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2005/07/04 02:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/29 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2004/08/10 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2005/03/04 13:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 07:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2005/02/04 20:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2008/09/25 14:53:36 | 00,095,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\sddriver.sys -- (SDdriver [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2009/04/21 18:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD [Boot | Running])
DRV - [2009/04/21 18:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV [Boot | Running])
DRV - [2009/04/18 10:09:42 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2005/09/27 11:43:10 | 00,061,008 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running])
DRV - [2005/09/27 12:16:06 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2005/09/27 12:16:06 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2005/09/27 12:16:08 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2005/09/27 12:16:08 | 00,014,944 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2005/09/27 11:44:56 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1;;127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/14 10:54:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/12/20 14:27:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/03/17 21:28:09 | 00,000,000 | ---D | M]

[2009/07/11 10:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\mozilla\Firefox\Profiles\tvqmol39.default\extensions
[2007/10/27 21:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\mozilla\Firefox\Profiles\tvqmol39.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/11 10:39:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/12/20 14:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/14 21:21:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/05 23:03:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/10/26 22:54:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/14 10:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2008/03/26 23:17:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/20 14:26:58 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/20 14:26:58 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/20 14:26:58 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/20 14:26:59 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/20 14:26:59 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/14 10:54:48 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/12/20 14:27:06 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/12/18 05:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/10/13 21:31:24 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/09 22:48:37 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/02/09 22:48:37 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/02/09 22:48:37 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/02/09 22:48:37 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/02/09 22:48:37 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/02/09 22:48:37 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (224678 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7885 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier Edition\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SpySweeper] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier Edition\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 2826 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2236202740-443752698-3365651452-1009\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1139890314395 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://traf2.murfreesborotn.gov/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (EM\) - File not found
O30 - LSA: Security Packages - (...) - File not found
O30 - LSA: Security Packages - (ity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings..) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 12:41:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/01/26 23:53:38 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell - "" = AutoRun
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2f05c5b0-1d32-11dc-8568-0015f2a5c919}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/07/17 19:20:53 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe
[2009/07/17 19:18:05 | 00,278,221 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\gmer.zip
[2009/07/14 22:01:58 | 00,001,556 | ---- | C] () -- C:\Documents and Settings\Jeanne\Desktop\CCleaner.lnk
[2009/07/14 22:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/14 19:44:52 | 03,252,640 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jeanne\My Documents\ccsetup221.exe
[2009/07/14 19:16:20 | 00,004,980 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\attach.zip
[2009/07/14 18:58:16 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Money spent.xls
[2009/07/11 22:02:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeanne\My Documents\Sort
[2009/07/11 21:09:33 | 00,258,053 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Rebel luvs u.jpg
[2009/07/09 23:43:40 | 00,654,920 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\mtinst.exe
[2009/07/08 18:51:03 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Jeanne\My Documents\IE7-WindowsXP-x86-enu.exe
[2009/07/06 06:42:02 | 00,000,000 | ---D | C] -- C:\HijackThis
[2009/07/05 21:05:58 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/05 20:26:06 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/05 15:39:14 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\HiJackThis.zip
[2009/07/05 14:56:48 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/05 14:52:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/05 14:52:02 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 08:21:54 | 00,023,499 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Ash&Ass.jpg
[2009/07/04 23:29:45 | 00,033,780 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\horse with oat chips.jpg
[2009/07/04 23:17:46 | 00,128,681 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\WantedCoffeeMouse-top-TY22222222317.gif
[2009/07/04 23:17:46 | 00,071,680 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\winter_chocolatedrink_12_5.gif
[2009/07/04 23:17:46 | 00,052,494 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\wherewelove-vi.gif
[2009/07/04 23:17:46 | 00,049,013 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Vintage Tea Pot.jpg
[2009/07/04 23:17:45 | 00,171,521 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\topper3-23-0711.gif
[2009/07/04 23:17:45 | 00,094,301 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\topper_cupsofcheer.gif
[2009/07/04 23:17:45 | 00,082,551 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Teawithus-vi44.gif
[2009/07/04 23:17:45 | 00,037,836 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\TempsDeCafeLBM908Blank.jpg
[2009/07/04 23:17:45 | 00,029,576 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\TimeforTeaDD031709.jpg
[2009/07/04 23:17:45 | 00,028,261 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\time for tea-vi.jpg
[2009/07/04 23:17:45 | 00,025,502 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Untitled11121111.jpg
[2009/07/03 11:59:40 | 00,033,668 | ---- | C] () -- C:\Documents and Settings\Jeanne\Desktop\252button.gif
[2009/07/03 09:03:37 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Culinary notes Week1.wps
[2009/06/28 22:28:23 | 02,191,360 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\The_Price_of_Children.pps
[2009/06/28 22:28:12 | 02,747,663 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\DumbBuck.wmv
[2009/06/28 22:27:48 | 03,780,473 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\GasPoweredLa-Z-Boy.wmv
[2009/06/28 22:27:40 | 05,374,784 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\PerhapstheBestFordCommercialEve_.wmv
[2009/06/28 22:22:12 | 00,016,136 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\bilde.jpg
[2009/06/28 22:19:17 | 00,011,776 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\budget.xls
[2009/06/28 22:10:55 | 00,150,127 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\foal pillow.jpg
[2009/06/28 22:09:42 | 00,017,801 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\floss.jpg
[2009/06/24 22:55:00 | 00,071,404 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelCrunch.TTF
[2009/06/24 22:55:00 | 00,069,488 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelCandy.ttf
[2009/06/24 22:55:00 | 00,068,312 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelNuggets.ttf
[2009/06/24 22:54:33 | 00,074,808 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Cooper Black.ttf
[2009/06/22 23:31:16 | 02,958,927 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\summerfabrics.zip
[2009/06/22 18:38:42 | 00,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
[2009/06/22 18:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\USPS
[2009/06/22 18:03:24 | 00,064,512 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\NE_Perf_Mgmt_Form1.doc
[2009/06/22 18:03:19 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Jeanne Performance Evaluation revised.xls
[2009/06/22 18:03:19 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Ben 2009 Objectives.xls
[2009/06/22 18:03:19 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Ben 2k9_perfman_eval_form.xls
[2009/06/22 18:03:19 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Edith 2k9_perfman_eval_form.xls
[2009/06/22 16:37:39 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/20 22:39:32 | 00,003,718 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\soldiers angels logo.gif
[2009/06/19 22:44:30 | 37,893,838 | ---- | C] () -- C:\Documents and Settings\Jeanne\My Documents\Ad-Aware_2009_Pro_8.0.4.rar
[2009/04/21 18:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/01/10 17:01:04 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/01/10 16:37:03 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/01/10 16:34:14 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/08/06 19:50:14 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/03/08 13:00:47 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/26 20:15:45 | 00,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2008/01/24 23:20:11 | 00,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/01/19 21:15:30 | 00,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2007/12/15 14:55:30 | 02,510,848 | --S- | C] () -- C:\WINDOWS\System32\tlpsplib10.dll
[2007/11/17 09:56:31 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/09/25 22:02:39 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/01 21:36:28 | 00,000,011 | ---- | C] () -- C:\WINDOWS\3DShadow.INI
[2007/09/01 20:13:01 | 00,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/08/21 21:39:33 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/08/18 11:32:12 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/08/18 10:05:32 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/08/18 10:05:32 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/08/18 09:54:34 | 00,000,196 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
[2007/07/14 10:42:50 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/19 21:51:12 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2007/02/25 04:29:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2006/05/21 10:03:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/02/19 12:50:27 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2006/02/19 12:21:18 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2006/02/19 12:16:31 | 00,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2005/11/11 16:57:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 16:36:25 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 16:31:25 | 00,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 16:31:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 16:28:57 | 00,000,165 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 16:26:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 16:22:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 16:22:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 16:22:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 16:22:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 16:22:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 16:22:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 16:17:29 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 16:16:33 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 16:10:40 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 15:55:07 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 15:48:53 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 15:48:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 15:48:35 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 15:50:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/27 12:15:46 | 00,235,144 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2005/08/06 00:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/01/28 12:41:20 | 00,000,659 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/28 04:30:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 07:00:00 | 00,006,353 | ---- | C] () -- C:\WINDOWS\System32\wntnrnte.dll
[2004/07/27 00:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/07/22 17:31:38 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2003/12/15 11:03:26 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\msvgkas.dll
[2003/01/08 01:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 21:57:48 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/23 10:33:36 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1998/11/04 02:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[1998/05/06 08:19:58 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/07/18 21:20:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/18 21:13:01 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/07/18 15:10:06 | 00,000,200 | ---- | M] () -- C:\WINDOWS\tasks\defsgetter.job
[2009/07/17 19:20:56 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeanne\Desktop\OTL.exe
[2009/07/17 19:18:05 | 00,278,221 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\gmer.zip
[2009/07/17 18:00:00 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Jeanne.job
[2009/07/17 02:00:02 | 00,001,564 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[2009/07/16 23:00:02 | 00,001,668 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LB9697396EEB8407C8DF4F00B37BE2C76.job
[2009/07/16 22:13:52 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/07/16 21:43:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 21:41:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 21:41:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/16 21:38:31 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 22:01:58 | 00,001,556 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\CCleaner.lnk
[2009/07/14 19:44:52 | 03,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jeanne\My Documents\ccsetup221.exe
[2009/07/14 19:16:20 | 00,004,980 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\attach.zip
[2009/07/14 18:58:16 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Money spent.xls
[2009/07/13 21:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/12 17:39:31 | 00,113,121 | ---- | M] () -- C:\logfile
[2009/07/12 17:01:11 | 00,000,237 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\Photobucket Account.url
[2009/07/12 14:56:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/12 13:36:39 | 00,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/12 13:24:40 | 01,441,792 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/12 13:24:39 | 02,649,088 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/11 21:13:26 | 00,069,488 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelCandy.ttf
[2009/07/11 21:09:33 | 00,258,053 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Rebel luvs u.jpg
[2009/07/09 23:43:50 | 00,654,920 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\mtinst.exe
[2009/07/09 22:44:44 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/08 18:51:03 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jeanne\My Documents\IE7-WindowsXP-x86-enu.exe
[2009/07/07 21:54:45 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Zone.Identifier
[2009/07/07 10:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 20:55:49 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2009/07/05 15:39:18 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\HiJackThis.zip
[2009/07/05 15:16:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/05 15:15:49 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/05 14:52:02 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/05 08:21:54 | 00,023,499 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Ash&Ass.jpg
[2009/07/04 23:29:45 | 00,033,780 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\horse with oat chips.jpg
[2009/07/04 23:17:46 | 00,128,681 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\WantedCoffeeMouse-top-TY22222222317.gif
[2009/07/04 23:17:46 | 00,071,680 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\winter_chocolatedrink_12_5.gif
[2009/07/04 23:17:46 | 00,052,494 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\wherewelove-vi.gif
[2009/07/04 23:17:46 | 00,049,013 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Vintage Tea Pot.jpg
[2009/07/04 23:17:45 | 00,171,521 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\topper3-23-0711.gif
[2009/07/04 23:17:45 | 00,094,301 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\topper_cupsofcheer.gif
[2009/07/04 23:17:45 | 00,082,551 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Teawithus-vi44.gif
[2009/07/04 23:17:45 | 00,037,836 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\TempsDeCafeLBM908Blank.jpg
[2009/07/04 23:17:45 | 00,029,576 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\TimeforTeaDD031709.jpg
[2009/07/04 23:17:45 | 00,028,261 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\time for tea-vi.jpg
[2009/07/04 23:17:45 | 00,025,502 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Untitled11121111.jpg
[2009/07/04 21:32:25 | 00,031,524 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\AbilityBlack.otf
[2009/07/04 00:26:09 | 00,000,224 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\Odd Holidays.url
[2009/07/03 13:48:23 | 00,068,312 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelNuggets.ttf
[2009/07/03 11:59:40 | 00,033,668 | ---- | M] () -- C:\Documents and Settings\Jeanne\Desktop\252button.gif
[2009/07/03 09:58:26 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Culinary notes Week1.wps
[2009/07/02 06:13:39 | 00,054,652 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\MonAmourScriptPro.otf
[2009/06/28 22:28:23 | 02,191,360 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\The_Price_of_Children.pps
[2009/06/28 22:28:12 | 02,747,663 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\DumbBuck.wmv
[2009/06/28 22:27:48 | 03,780,473 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\GasPoweredLa-Z-Boy.wmv
[2009/06/28 22:27:40 | 05,374,784 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\PerhapstheBestFordCommercialEve_.wmv
[2009/06/28 22:22:09 | 00,016,136 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\bilde.jpg
[2009/06/28 22:19:17 | 00,011,776 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\budget.xls
[2009/06/28 22:10:44 | 00,150,127 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\foal pillow.jpg
[2009/06/28 22:09:42 | 00,017,801 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\floss.jpg
[2009/06/24 22:55:00 | 00,071,404 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\CaramelCrunch.TTF
[2009/06/24 22:54:33 | 00,074,808 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Cooper Black.ttf
[2009/06/22 23:31:41 | 02,958,927 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\summerfabrics.zip
[2009/06/22 18:38:42 | 00,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shipping Assistant.lnk
[2009/06/22 18:03:24 | 00,064,512 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\NE_Perf_Mgmt_Form1.doc
[2009/06/22 18:03:19 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Jeanne Performance Evaluation revised.xls
[2009/06/22 18:03:19 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Ben 2009 Objectives.xls
[2009/06/22 18:03:19 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Ben 2k9_perfman_eval_form.xls
[2009/06/22 18:03:19 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Edith 2k9_perfman_eval_form.xls
[2009/06/22 16:37:39 | 00,000,133 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/21 19:19:40 | 00,477,404 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/21 19:19:40 | 00,405,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/21 19:19:40 | 00,064,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/20 22:39:08 | 00,003,718 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\soldiers angels logo.gif
[2009/06/19 22:51:48 | 37,893,838 | ---- | M] () -- C:\Documents and Settings\Jeanne\My Documents\Ad-Aware_2009_Pro_8.0.4.rar

========== LOP Check ==========

[2005/11/11 10:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intuit
[2009/07/05 14:52:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/05 14:52:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/11/01 00:53:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2007/09/24 06:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2007/10/05 22:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/04/20 07:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/03 22:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2008/07/03 05:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/08/16 19:18:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/07/09 22:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\namesuppressed
[2009/04/18 10:10:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonSystemWorks
[2008/04/18 18:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2005/11/11 15:56:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/05/05 21:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/07 00:23:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/12 18:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2007/06/17 21:04:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/08/28 11:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2006/02/19 12:22:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2007/06/17 19:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\U3
[2009/05/06 15:52:05 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data
[2008/07/07 00:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Aim
[2008/03/04 18:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\ArcSoft
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Digital Interactive Systems Corporation
[2007/08/26 08:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\DisplayTune
[2007/07/04 00:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\funkitron
[2007/08/20 16:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\InterTrust
[2007/07/14 10:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\InterVideo
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\Intuit
[2005/11/11 10:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intuit
[2009/06/11 23:04:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jeanne\Application Data
[2009/01/06 17:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Ahead
[2007/10/27 22:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\aignes
[2008/01/13 23:03:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Alien Skin
[2007/09/10 20:58:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\ArcSoft
[2008/03/08 12:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Corel
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Digital Interactive Systems Corporation
[2007/08/25 11:19:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\DisplayTune
[2007/09/30 15:30:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\EPSON
[2007/12/06 22:13:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\InterVideo
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Intuit
[2007/08/18 10:11:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Leadertech
[2009/05/10 10:56:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Mailbag Assistant
[2008/07/03 05:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Motive
[2009/04/25 16:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\MxBoost
[2007/09/01 20:13:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\MyFamily.com
[2008/10/25 21:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Noteega
[2008/10/25 21:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\NoteegaInstall
[2007/10/05 23:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Opera
[2008/04/18 18:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\PlayFirst
[2007/10/07 15:56:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Progeny
[2009/01/11 17:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Research In Motion
[2007/08/21 21:41:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Smart Panel
[2008/10/12 10:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\Snapfish
[2008/08/06 21:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\TrojanHunter
[2008/06/10 23:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\U3
[2009/01/10 16:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeanne\Application Data\WinBatch
[2008/10/16 17:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/10/16 17:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit
[2009/03/26 18:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/03/26 18:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intuit
[2008/03/12 19:12:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sonny\Application Data
[2005/11/11 16:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\Digital Interactive Systems Corporation
[2008/03/12 19:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\DisplayTune
[2005/11/11 16:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sonny\Application Data\Intuit
[2009/07/12 14:56:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/07/13 21:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/07/18 15:10:06 | 00,000,200 | ---- | M] () -- C:\WINDOWS\Tasks\defsgetter.job
[2004/08/10 21:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/18 21:13:01 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2009/07/18 21:20:05 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/17 18:00:00 | 00,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for Jeanne.job
[2009/07/06 20:55:49 | 00,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
[2009/07/16 21:41:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/07/17 02:00:02 | 00,001,564 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeperFullSweep.job
[2009/07/16 23:00:02 | 00,001,668 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LB9697396EEB8407C8DF4F00B37BE2C76.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCD39382
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 PM

Posted 19 July 2009 - 09:19 AM

Hi,

No malware in those logs but the events viewer shows that you may have installed the IE8 beta with all of its bugs.

Is this the case? If so, there is a fix I can guide you on :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 July 2009 - 09:40 AM

Hi,

No malware in those logs but the events viewer shows that you may have installed the IE8 beta with all of its bugs.

Is this the case? If so, there is a fix I can guide you on :thumbup2:


I did have it installed at one time but I uninstalled it a few weeks ago and went back to 7. Do you think it could be a problem lingering from that? Thanks!

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 PM

Posted 19 July 2009 - 10:02 AM

Could be jeannen. There was a bug caused by the uninstall.

We are going to look into the registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D
    7B849a69-220F-451E-B3FE-2CB811AF94AE
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 July 2009 - 10:27 AM

Here are the results. Thanks!

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 10:23 on 19/07/2009 by Jeanne (Administrator - Elevation successful)

========== regfind ==========

Searching for "CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]

Searching for "7B849a69-220F-451E-B3FE-2CB811AF94AE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

-=End Of File=-

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:34 PM

Posted 19 July 2009 - 11:11 AM

Right, let's remove these entries.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as fixit.reg In the same open notepad, at the bottom select:(filetype = any).

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

Has that solved the problem?
Posted Image
m0le is a proud member of UNITE

#14 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 July 2009 - 12:05 PM

The registry fix did merge correctly. I'm off now to test and see if this fixed the problem. Back very shortly. Thanks!

#15 jeannen

jeannen
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:34 PM

Posted 19 July 2009 - 12:09 PM

HALLELUJAH!!!!!!! It's fixed!!!!! I was able to open 22 emails at once - I haven't been able to open more than 3 at a time (at most) in weeks. And when I told XP to close the group, they closed so fast it looked like the space shuttle countdown. And the taskbar updated instantly. Thank you thank you thank you!!!!!!!

Edited by jeannen, 19 July 2009 - 12:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users