Thanks for replying back. I went ahead and ran the scan for you to look at. Here it is:
OTL Extras logfile created on: 6/16/2010 6:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\1000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 50.62 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AFLAC9UXG
Current User Name: 9UXG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\pcAnywhere\Winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\Winaw32.exe:*:Enabled:pcAnywhere Main Executable -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\AClient\Bin\XcListener.exe" = C:\Program Files\AClient\Bin\XcListener.exe:*:Enabled:Afaria Client Listener -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = B's CLiP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}" = WorksitePro
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{391651FA-D9B3-476E-AE37-6E0A22A27735}" = SmartPremium
"{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4A9D3562-9842-4061-A59A-BFE8C9943A8A}" = WorkSiteProUpdate
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87CFE0AD-EAF0-40D1-B5CF-EDC527DAB7D2}" = BHA B's Recorder GOLD 5.27
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BE365801-FB4B-49D7-87D2-9477EE371F1C}" = D1300_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEDF10-D314-41FF-BC2E-DF704505DFD0}" = BlackBoxInstall
"{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}" = SmartApp Next Generation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE37B13A-972B-46C3-8555-AC2F15D1604D}" = SmartAppRemoval
"{E05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{E1E58954-D885-44E7-B8C2-F0E9A6DA1652}" = O2Micro Flash Memory Card Windows Driver
"{E7FA5A9F-BAE0-499B-8CEA-48A502D2896D}" = CMG Windows Shield
"{EE267D8A-CC91-4DB4-A389-89776359046D}" = EncryptionByCredant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}" = SNG Prerequisites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afaria Client" = Afaria Client
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATT-RC" = ATT-RC Self Support Tool
"BlackBerry_{3AE87269-BD57-4A58-B13D-FC67664BCFB8}" = BlackBerry Desktop Software 4.3
"CANONBJ_Deinstall_CNMCP27.DLL" = BJC-85
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10F70000" = HDAUDIO V.92 Soft Data Fax Modem with SmartCP
"HumanConcepts OrgViewer 5" = HumanConcepts OrgViewer 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}" = SmartPremium
"InstallShield_{4A9D3562-9842-4061-A59A-BFE8C9943A8A}" = WorkSiteProUpdate
"InstallShield_{C5AEDF10-D314-41FF-BC2E-DF704505DFD0}" = BlackBoxInstall
"InstallShield_{C5BED10B-42A9-4142-B4C2-008C0FDE27D5}" = O2Micro Smartcard Driver
"InstallShield_{DE37B13A-972B-46C3-8555-AC2F15D1604D}" = SmartAppRemoval
"InstallShield_{E1E58954-D885-44E7-B8C2-F0E9A6DA1652}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}" = EncryptionByCredant
"Juniper Network Connect 6.0.0" = Juniper Networks Network Connect 6.0.0
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PanasonicHotkeyDriver" = Hotkey Driver for Panasonic PC
"Premium Quote" = Premium Quote
"QuickLink Mobile" = QuickLink Mobile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Topaz 4X5 WinTab Driver v2.20" = Topaz 4X5 WinTab Driver v2.20
"Topaz 4X5 Tablet WinTab Driver" = Topaz 4X5 Tablet WinTab Driver
"Topaz e-Signatures SigPlus 3.55" = Topaz e-Signatures SigPlus 3.55
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-184708185-3649356386-1762526241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WeatherTAP.com - RadarLab HD" = WeatherTAP.com - RadarLab HD
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/7/2010 9:35:47 AM | Computer Name = AFLAC9UXG | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 6/7/2010 9:40:48 AM | Computer Name = AFLAC9UXG | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 6/7/2010 10:05:58 AM | Computer Name = AFLAC9UXG | Source = MPSampleSubmission | ID = 5000
Description =
Error - 6/7/2010 10:06:00 AM | Computer Name = AFLAC9UXG | Source = MSSecurityEssentials | ID = 5000
Description =
Error - 6/7/2010 11:48:59 AM | Computer Name = AFLAC9UXG | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.
Error - 6/8/2010 10:36:03 AM | Computer Name = AFLAC9UXG | Source = Application Hang | ID = 1002
Description = Hanging application 9s4tpcuv.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/8/2010 11:52:23 PM | Computer Name = AFLAC9UXG | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/8/2010 11:52:40 PM | Computer Name = AFLAC9UXG | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17023, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/13/2010 9:21:13 PM | Computer Name = AFLAC9UXG | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 5.0.140.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/13/2010 9:21:18 PM | Computer Name = AFLAC9UXG | Source = Application Hang | ID = 1001
Description = Fault bucket 565066144.
[ System Events ]
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7001
Description = The Cisco Systems, Inc. VPN Service service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%31
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 6/13/2010 11:27:15 AM | Computer Name = AFLAC9UXG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD awlegacy eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SYMTDI
Tcpip
Error - 6/13/2010 11:28:00 AM | Computer Name = AFLAC9UXG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 6/13/2010 2:39:54 PM | Computer Name = AFLAC9UXG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 6/13/2010 2:40:20 PM | Computer Name = AFLAC9UXG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 6/13/2010 2:40:27 PM | Computer Name = AFLAC9UXG | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
OTL logfile created on: 6/16/2010 6:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\1000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 50.62 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AFLAC9UXG
Current User Name: 9UXG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/06/16 18:26:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1000\Desktop\OTL.exe
PRC - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/04/29 14:01:22 | 000,210,224 | ---- | M] (Credant Technologies, Inc.) -- C:\WINDOWS\system32\CmgShieldUI.exe
PRC - [2008/04/29 14:01:08 | 001,103,152 | ---- | M] (Credant Technologies, Inc.) -- C:\WINDOWS\system32\CmgShieldSvc.exe
PRC - [2008/04/29 14:00:14 | 000,644,400 | ---- | M] (CREDANT Technologies, Inc.) -- C:\WINDOWS\system32\EmsService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 17:51:10 | 000,106,496 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\AClient\Bin\XcListener.exe
PRC - [2007/09/14 14:20:42 | 000,552,960 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\AClient\Bin\XCGSTask.exe
PRC - [2006/11/30 23:03:50 | 000,167,936 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\AClient\Bin\XCDiffCache.exe
PRC - [2006/10/31 08:17:45 | 000,143,360 | RHS- | M] () -- C:\WINDOWS\IdleProc.exe
PRC - [2006/10/31 08:17:44 | 000,339,968 | RHS- | M] () -- C:\WINDOWS\system32\MsChkSys.exe
PRC - [2006/05/11 11:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/02/27 05:00:30 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2005/11/15 13:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2005/11/15 13:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 13:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/09/13 14:30:14 | 000,057,344 | ---- | M] (O2Micro International) -- C:\WINDOWS\system32\o2flash.exe
PRC - [2004/06/28 10:56:12 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2003/07/18 16:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2003/03/14 12:05:08 | 000,851,968 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\HKEYMAN.EXE
========== Modules (SafeList) ========== MOD - [2010/06/16 18:26:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1000\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (awhost32dsNcService)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/21 04:33:32 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/29 14:01:08 | 001,103,152 | ---- | M] (Credant Technologies, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\CmgShieldSvc.exe -- (CMGShield)
SRV - [2008/04/29 14:00:14 | 000,644,400 | ---- | M] (CREDANT Technologies, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\EmsService.exe -- (EMS)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/15 13:27:56 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 13:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 13:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 17:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 12:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/13 14:30:14 | 000,057,344 | ---- | M] (O2Micro International) [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2003/07/18 16:02:18 | 001,422,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
========== Driver Services (SafeList) ========== DRV - [2010/06/12 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/08 09:58:02 | 000,247,808 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/06/06 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/17 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100612.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/17 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100612.003\NAVENG.SYS -- (NAVENG)
DRV - [2008/06/24 17:35:06 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/04/29 14:05:34 | 000,089,656 | ---- | M] (Credant Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CmgShREG.sys -- (CMGShieldReg)
DRV - [2008/04/29 14:05:26 | 000,195,128 | ---- | M] (Credant Technologies, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CMGShCEF.sys -- (CmgShieldCEF)
DRV - [2008/04/29 14:04:58 | 000,156,976 | ---- | M] (CREDANT Technologies, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\CmgShieldNP.dll -- (CmgShieldNP)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/10/31 08:17:45 | 000,077,824 | -HS- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
DRV - [2006/02/26 00:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/27 05:21:38 | 001,099,336 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/12 03:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/09 03:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/08 19:48:00 | 000,243,712 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/11/25 11:50:44 | 000,010,112 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.SYS -- (HOTKEY)
DRV - [2005/11/08 11:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 11:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 11:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/19 17:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 17:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/09/23 07:48:44 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/17 00:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 14:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 14:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/07/28 14:13:14 | 000,190,592 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/07/08 14:06:50 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2005/06/10 09:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/07/04 19:25:54 | 000,103,391 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/10/24 09:53:08 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/07/18 16:01:28 | 000,268,360 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/05/01 14:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/04/21 14:08:44 | 000,010,901 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/04/21 13:00:32 | 000,013,898 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2003/03/19 15:42:02 | 000,389,888 | ---- | M] (B.H.A Co.,Ltd.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BsUDF.sys -- (BsUDF)
DRV - [2003/03/03 15:08:56 | 000,176,896 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/12/09 02:44:32 | 000,010,270 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/08/26 18:09:42 | 000,138,916 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2002/06/06 01:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BsStor.sys -- (BsStor)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-184708185-3649356386-1762526241-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://login.yahoo.com/config/login?.src=m...mp;.partner=sbcIE - HKU\S-1-5-21-184708185-3649356386-1762526241-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2009/12/28 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1000\Application Data\Mozilla\Extensions
[2009/12/28 23:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1000\Application Data\Mozilla\Extensions\home2@tomtom.com
O1 HOSTS File: ([2010/05/08 00:12:02 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [!SysInit] C:\WINDOWS\system32\MsChkSys.exe ()
O4 - HKLM..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [Afaria Client Generic Scheduler] C:\Program Files\AClient\Bin\XCGSTask.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [Afaria Client Listener] C:\Program Files\AClient\Bin\XcListener.exe (iAnywhere Solutions, Inc.)
O4 - HKLM..\Run: [Aflac_Do_Not_Remove] C:\Aflac2000\WSPInfo.exe (AFLAC)
O4 - HKLM..\Run: [CmgShieldUI] C:\WINDOWS\system32\CmgShieldUI.exe (Credant Technologies, Inc.)
O4 - HKLM..\Run: [Hotkey] C:\WINDOWS\system32\HKEYMAN.EXE (Matsubleepa Electric Industrial Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [VerifyAfariaDownload] C:\Program Files\AFLAC\SNG\VerifyAfariaDownload.exe ( )
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WSPPurge] C:\Program Files\AFLAC\Common\WSPPurge.exe (AFLAC)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Afaria Client Generic Scheduler.lnk = C:\Program Files\AClient\Bin\XCGSTask.exe (iAnywhere Solutions, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-184708185-3649356386-1762526241-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\NPJPI150_14.dll (Sun Microsystems, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
http://download.microsoft.com/download/0/f...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1173465087258 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {C73881A0-E7F5-4CE4-B199-307EB127FE15}
http://download.humanconcepts.com/download.../hcinstall5.cab (HumanConcepts Organization(5))
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}
http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CmgShieldGina.dll) - C:\WINDOWS\System32\CmgShieldGina.dll (Credant Technologies, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\AFLAC Logo 3.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\AFLAC Logo 3.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/11 14:32:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dc5b47d4-37bf-11db-aa28-001302327d89}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{dc5b47d7-37bf-11db-aa28-001302327d89}\Shell\AutoRun\command - "" = H:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{ee73ab3e-f425-11de-b637-000b97a06038}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/06/16 18:26:49 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1000\Desktop\OTL.exe
[2010/06/13 12:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1000\Desktop\Log Files
[2010/06/13 11:13:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1000\Recent
[2010/06/07 16:07:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/06/01 10:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/05/31 14:58:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/30 08:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/28 17:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/28 17:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/21 21:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/06/16 18:26:56 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1000\Desktop\OTL.exe
[2010/06/16 18:22:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 18:22:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/16 18:22:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 18:22:26 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 23:49:05 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\1000\NTUSER.DAT
[2010/06/13 23:49:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\1000\ntuser.ini
[2010/06/13 23:48:58 | 004,308,000 | -H-- | M] () -- C:\Documents and Settings\1000\Local Settings\Application Data\IconCache.db
[2010/06/13 19:40:11 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Afaria Client Generic Scheduler.lnk
[2010/06/13 11:11:43 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/13 11:04:41 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 11:04:41 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 11:04:41 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 10:48:59 | 000,000,917 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/13 10:18:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\gmer.zip
[2010/06/13 10:17:49 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\dds.scr
[2010/06/09 12:24:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet D1300 series.job
[2010/06/08 21:49:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\1000\defogger_reenable
[2010/06/08 14:17:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\jwzb2r0x.exe
[2010/06/08 09:58:02 | 000,247,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/06/08 09:47:33 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\tdsskiller.zip
[2010/06/07 07:34:15 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\Suspicious modification c windows.doc
[2010/06/01 12:28:57 | 2097,156,096 | ---- | M] () -- C:\Protected.sdsk
[2010/05/31 15:05:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/31 09:28:16 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\State Call In Report.xls
[2010/05/30 08:30:51 | 000,162,531 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\Listening .pdf
[2010/05/29 12:04:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/29 12:04:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/28 14:25:44 | 000,000,145 | --S- | M] () -- C:\WINDOWS\System32\3415658313.dat
[2010/05/27 17:24:49 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\1000\Desktop\CCleaner.lnk
[2010/05/27 15:58:22 | 000,014,468 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\Regnotes Kredensor may 21 2010].docx
[2010/05/25 17:14:14 | 000,206,630 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\STRATEGIC_INVENTORY_MANAGEMENT__BUSINESS_PLAN[1].pdf
[2010/05/25 15:39:26 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\Books to Read.doc
[2010/05/25 14:47:30 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\King Arthur Court Asset Management Plan.doc
[2010/05/20 11:46:54 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\1000\My Documents\kickoff May 2010.ppt
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/06/13 14:41:34 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/13 10:18:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\1000\Desktop\gmer.zip
[2010/06/13 10:17:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\1000\Desktop\dds.scr
[2010/06/08 21:49:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\1000\defogger_reenable
[2010/06/08 14:17:14 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\1000\Desktop\jwzb2r0x.exe
[2010/06/08 09:47:16 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\1000\Desktop\tdsskiller.zip
[2010/06/07 07:34:15 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\1000\Desktop\Suspicious modification c windows.doc
[2010/05/31 15:05:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/30 08:30:47 | 000,162,531 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\Listening .pdf
[2010/05/28 14:24:24 | 000,000,145 | --S- | C] () -- C:\WINDOWS\System32\3415658313.dat
[2010/05/27 15:58:21 | 000,014,468 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\Regnotes Kredensor may 21 2010].docx
[2010/05/25 17:14:11 | 000,206,630 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\STRATEGIC_INVENTORY_MANAGEMENT__BUSINESS_PLAN[1].pdf
[2010/05/25 15:39:26 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\Books to Read.doc
[2010/05/23 22:24:24 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\King Arthur Court Asset Management Plan.doc
[2010/05/20 11:46:54 | 000,190,464 | ---- | C] () -- C:\Documents and Settings\1000\My Documents\kickoff May 2010.ppt
[2009/09/05 21:28:59 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/07 10:46:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/11/05 14:52:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/11/05 14:50:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_CX5000.ini
[2007/10/19 20:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/19 20:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/19 20:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 05:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/08/26 14:22:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/08/26 14:22:42 | 000,000,638 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/21 12:50:49 | 000,031,936 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006/11/07 16:37:57 | 000,002,646 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2006/10/31 08:17:45 | 000,200,704 | RHS- | C] () -- C:\WINDOWS\MsCae32.dll
[2006/10/31 08:17:45 | 000,172,032 | RHS- | C] () -- C:\WINDOWS\System32\MsChkSys.dll
[2006/10/31 08:17:45 | 000,022,528 | RHS- | C] () -- C:\WINDOWS\System32\Optic32.dll
[2006/09/08 22:42:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 22:05:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/09/06 15:07:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2006/09/06 15:00:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS27.DLL
[2006/07/19 13:11:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\InstShDialog.dll
[2006/07/18 22:08:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/18 21:35:08 | 000,004,379 | ---- | C] () -- C:\WINDOWS\SigPlus.ini
[2006/07/18 20:02:16 | 000,000,294 | ---- | C] () -- C:\WINDOWS\SA_ESS32.ini
[2006/07/18 19:31:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/07/11 15:48:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/11 14:44:39 | 000,000,524 | ---- | C] () -- C:\WINDOWS\WinTab.ini
[2006/07/11 14:41:52 | 000,136,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/05/16 09:28:53 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >