Thank you, again, for the clear instructions.
I completed Malwarebytes, with the following message: "Scan completed successfully. No malicious items were detected."
HERE IS THE MBAM LOG:Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4216
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
6/19/2010 2:44:18 PM
mbam-log-2010-06-19 (14-44-18).txt
Scan type: Quick scan
Objects scanned: 128586
Time elapsed: 8 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
--------------------------------
I next ran the ESET Online Scan. Very near the end of the scan, a NORTON window opened, stating, "Norton Antivirus has detected threats that require your attention. Backdoor Tidserv!inf requires manual removal".
I let the Norton window remain until the ESET Scan was complete. At that time, I "applied" recommended fix from Norton, and Norton replied that the system was secure.
HERE IS THE ESETScan LOG:C:\Documents and Settings\Bill O'Connell\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\BANK AND M.L.dbx HTML/StealPal trojan unable to clean
C:\Documents and Settings\Bill O'Connell\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.bak Win32/Mimail.J worm unable to clean
C:\Documents and Settings\Bill O'Connell\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx Win32/Mimail.J worm unable to clean
C:\Documents and Settings\Bill O'Connell\My Documents\dbx files 4-17-07\BANK AND M.L.dbx HTML/StealPal trojan unable to clean
C:\Documents and Settings\Bill O'Connell\My Documents\dbx files 4-17-07\Sent Items.dbx Win32/Mimail.J worm unable to clean
C:\Documents and Settings\Bill O'Connell\My Documents\dbx files from 5-24-08\BANK AND M.L.dbx HTML/StealPal trojan unable to clean
C:\Documents and Settings\Bill O'Connell\My Documents\dbx files from 5-24-08\Sent Items.bak Win32/Mimail.J worm unable to clean
C:\Documents and Settings\Bill O'Connell\My Documents\dbx files from 5-24-08\Sent Items.dbx Win32/Mimail.J worm unable to clean
C:\DOWNLOADS\eMusicDownloadManagerBundle.exe Win32/Adware.Comet application deleted - quarantined
I should note that some of these ESET items (above) were detected when it was scanning some VERY OLD backup files from email ... which have been on the system for several years -- way before this incident occurred. Just thought I'd let you know that.
--------------------------------
Finally, I ran the OTL program, and here are the two logs:
OTL.txt follows:OTL logfile created on: 6/19/2010 6:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Bill O'Connell\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 89.92 Gb Free Space | 61.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DFVZZTC1
Current User Name: Bill O'Connell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/06/19 18:19:01 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill O'Connell\Desktop\OTL.exe
PRC - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/04/26 03:45:44 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/04/04 15:06:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/04/04 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/04/04 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ========== MOD - [2010/06/19 18:19:01 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill O'Connell\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - [2010/06/17 07:07:09 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/01 15:34:08 | 002,478,640 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3697.dll -- (Akamai)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/22 01:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2009/02/03 15:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/04/04 15:06:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
========== Driver Services (SafeList) ========== DRV - [2010/06/10 07:03:05 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/28 14:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100617.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100619.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100619.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/27 19:00:28 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 01:37:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 01:37:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 01:37:16 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 01:37:16 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 01:37:16 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 01:37:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 01:37:16 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 01:37:16 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/18 21:06:18 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 13:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 13:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/14 19:30:37 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2009/02/03 15:23:46 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/16 11:30:32 | 000,026,912 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/26 17:53:42 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/25 21:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/08/23 12:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/14 06:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/02 17:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070417
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070417
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.rte.ie/news/index.htmlIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/26 03:46:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/07 22:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 09:40:36 | 000,000,000 | ---D | M]
[2010/06/10 05:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Mozilla\Firefox\Profiles\yymepc98.default\extensions
[2009/12/22 18:32:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bill O'Connell\Application Data\Mozilla\Firefox\Profiles\yymepc98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/10 05:57:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Bill O'Connell\Application Data\Mozilla\Firefox\Profiles\yymepc98.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/10 05:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Mozilla\Firefox\Profiles\yymepc98.default\extensions\staged-xpis
[2010/06/19 14:23:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/26 03:44:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/26 03:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/26 03:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
O1 HOSTS File: ([2010/06/19 09:04:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DWABrowserHlprObj Class) - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\system32\dwabho.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: footballfanatics.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: secureserver.net ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089}
http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309}
http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab (Automatic Driver Installation Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325}
https://ctsmail02.harte-hanks.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566}
https://outofoffice.harte-hanks.com/CACHE/s...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550}
https://ctsmail02.harte-hanks.com/download/dolcontrol.cab (LotusDRSControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}
https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7}
http://app.onlinephotofiler.com/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82}
https://outofoffice.harte-hanks.com/CACHE/s...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232}
https://outofoffice.harte-hanks.com/+CSCOL+/cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B}
https://ctsmail02.harte-hanks.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://harte-hanks.webex.com/client/T26L/nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691}
http://www.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O16 - DPF: Web-Based Email Tools
http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill O'Connell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill O'Connell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/10 12:52:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ========== [2010/06/19 18:18:55 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill O'Connell\Desktop\OTL.exe
[2010/06/19 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/19 08:46:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/19 08:41:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/19 08:41:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/19 08:41:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/19 08:41:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/19 08:39:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/19 08:37:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/19 08:27:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/16 18:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill O'Connell\Desktop\Try1
[2010/06/15 01:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/06/14 06:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2010/06/14 06:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2010/06/11 18:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill O'Connell\Desktop\MAKING SPACE
[2010/06/11 09:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/06/10 19:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/06/10 07:05:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/10 07:05:25 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 06:49:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/10 06:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/10 06:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/09 18:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/09 18:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/09 07:12:13 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/06/09 07:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/06/08 19:27:58 | 000,000,000 | ---D | C] -- C:\iolo
[2010/06/08 07:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill O'Connell\Application Data\Malwarebytes
[2010/06/08 07:43:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 07:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/08 07:43:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 07:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/08 07:40:14 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill O'Connell\Desktop\mbam-setup.exe
[2010/06/08 06:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/08 06:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/06 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/06/06 16:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/06/06 16:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill O'Connell\Application Data\iolo
[2010/06/06 16:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/06/06 12:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/06 12:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/06 09:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill O'Connell\Desktop\PubJustice
[2010/05/20 18:09:01 | 000,000,000 | ---D | C] -- C:\VideoOutput
[2010/05/20 18:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Converter
[2010/05/07 23:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/01 16:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/01 16:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe
[2010/05/01 15:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/04/02 17:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/02 17:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/06/19 18:19:01 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill O'Connell\Desktop\OTL.exe
[2010/06/19 18:02:08 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/19 14:26:20 | 000,001,186 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Search hijacks and strange popups (sysinternals).url
[2010/06/19 14:25:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/19 14:23:09 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/19 14:23:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/19 14:22:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/19 14:22:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/19 14:22:43 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/19 14:20:56 | 017,825,792 | -H-- | M] () -- C:\Documents and Settings\Bill O'Connell\NTUSER.DAT
[2010/06/19 14:20:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bill O'Connell\ntuser.ini
[2010/06/19 13:18:46 | 000,001,822 | -H-- | M] () -- C:\Documents and Settings\Bill O'Connell\My Documents\Default.rdp
[2010/06/19 09:04:53 | 000,000,252 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/19 09:04:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/19 08:46:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/19 08:25:02 | 003,715,012 | R--- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\schrauber.exe
[2010/06/19 08:21:36 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.url
[2010/06/19 08:19:37 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/18 19:26:24 | 004,575,232 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\My Money.mny
[2010/06/18 19:04:19 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Files containing text .exe.fnd
[2010/06/18 06:34:35 | 000,022,780 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\fake_message.gif
[2010/06/18 02:00:05 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DFVZZTC1-Bill O'Connell.job
[2010/06/16 18:33:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\xf3egzj7.exe
[2010/06/16 17:29:08 | 000,000,681 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/15 18:50:59 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill O.doc
[2010/06/14 18:06:34 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Lotto_demo_script.doc
[2010/06/13 19:19:40 | 000,137,991 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Team_Foto.jpg
[2010/06/13 13:19:00 | 000,065,673 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\bkgchk.gif
[2010/06/12 19:58:45 | 000,293,854 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill and Sara.gif
[2010/06/12 19:52:45 | 000,949,776 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill and Sara.JPG
[2010/06/11 20:49:12 | 000,019,754 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Consent for background Form-12-10-08[4].pdf
[2010/06/11 20:33:08 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/06/11 19:03:01 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 18:49:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\defogger_reenable
[2010/06/11 18:06:41 | 000,001,162 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows XP Backup Made Easy.url
[2010/06/11 09:05:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/10 07:05:18 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/10 07:05:09 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/10 07:03:05 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/10 06:49:13 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/10 06:14:24 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Strange pop-ups and other malware Suspicious results and strange behavior - Web Search Help.url
[2010/06/09 19:51:28 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\YouTube - Sysinternals Antivirus Removal.url
[2010/06/09 19:45:32 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How to enable-disable Spybot Tea timer Malware Help. Org.url
[2010/06/09 17:43:00 | 000,028,004 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\iolosystemservice.gif
[2010/06/09 07:13:38 | 000,043,077 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\could_not_call_proc.gif
[2010/06/09 07:12:18 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\System Mechanic.lnk
[2010/06/09 07:06:02 | 000,018,341 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Failure_code_323-A.gif
[2010/06/09 06:50:05 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/06/08 19:05:46 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Web Cast.url
[2010/06/08 18:59:01 | 004,027,429 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\20100607-d.mp4
[2010/06/08 18:57:58 | 006,481,028 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\20100607-n.mp4
[2010/06/08 07:43:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 07:40:14 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bill O'Connell\Desktop\mbam-setup.exe
[2010/06/08 07:36:37 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\rkill.com
[2010/06/07 20:41:21 | 000,000,219 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Infected by Https Tidserv Request 2.url
[2010/06/07 07:18:39 | 000,135,497 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\index.html
[2010/06/07 06:55:08 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows cannot find CWINDOWSsystem32rundll32.exe.url
[2010/06/07 06:54:45 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows XP File Assocation Fixes.url
[2010/06/06 17:07:27 | 000,559,709 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How to start the System Restore tool by using the safe mode option with the Command prompt in Windows XP.mht
[2010/06/06 15:45:10 | 000,690,959 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Remove Sysinternals Antivirus (Removal Instructions) 411 on Spyware.mht
[2010/06/04 07:22:18 | 000,051,882 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\AutoIDCards.pdf
[2010/05/22 04:20:47 | 000,713,309 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\PP400_P0492_M_EN.pdf
[2010/05/21 18:56:59 | 000,035,574 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\add.csv
[2010/05/20 19:56:45 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2010/05/20 19:56:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\018153
[2010/05/18 21:36:21 | 000,011,247 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/13 06:03:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/05/13 03:01:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/09 09:53:35 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Application Data\dvd.bmk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/21 14:46:38 | 000,093,096 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/04/21 14:46:28 | 002,316,712 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/04/14 07:51:11 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Bill O'Connell\Desktop\MONTBLANC - Writing Instruments - Meisterstück - 149 Fountain Pen.url
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/06/19 08:46:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/19 08:46:50 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/19 08:41:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/19 08:41:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/19 08:41:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/19 08:41:51 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/19 08:41:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/19 08:25:01 | 003,715,012 | R--- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\schrauber.exe
[2010/06/19 08:21:36 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.url
[2010/06/18 19:04:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Files containing text .exe.fnd
[2010/06/18 06:34:35 | 000,022,780 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\fake_message.gif
[2010/06/16 21:59:25 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/16 18:32:55 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\xf3egzj7.exe
[2010/06/15 18:50:09 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill O.doc
[2010/06/14 18:06:34 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Lotto_demo_script.doc
[2010/06/13 19:16:34 | 000,137,991 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Team_Foto.jpg
[2010/06/13 13:19:00 | 000,065,673 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\bkgchk.gif
[2010/06/12 19:58:45 | 000,293,854 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill and Sara.gif
[2010/06/12 19:52:45 | 000,949,776 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Bill and Sara.JPG
[2010/06/12 09:57:50 | 000,001,186 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Search hijacks and strange popups (sysinternals).url
[2010/06/11 20:49:12 | 000,019,754 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Consent for background Form-12-10-08[4].pdf
[2010/06/11 18:49:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\defogger_reenable
[2010/06/11 17:57:56 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\BleepingComputer.com - Virus, Trojan, Spyware, and Malware Removal Logs.url
[2010/06/11 17:57:40 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.url
[2010/06/11 17:57:21 | 000,001,162 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows XP Backup Made Easy.url
[2010/06/10 18:46:10 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/10 07:14:58 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/10 06:49:13 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/09 19:51:03 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\YouTube - Sysinternals Antivirus Removal.url
[2010/06/09 19:45:26 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How to enable-disable Spybot Tea timer Malware Help. Org.url
[2010/06/09 17:43:00 | 000,028,004 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\iolosystemservice.gif
[2010/06/09 07:31:57 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Strange pop-ups and other malware Suspicious results and strange behavior - Web Search Help.url
[2010/06/09 07:13:38 | 000,043,077 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\could_not_call_proc.gif
[2010/06/09 07:12:18 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\System Mechanic.lnk
[2010/06/09 07:12:13 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/06/09 07:11:45 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/06/09 07:11:44 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/06/09 07:06:02 | 000,018,341 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Failure_code_323-A.gif
[2010/06/09 06:50:04 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/06/08 19:05:46 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Web Cast.url
[2010/06/08 18:59:01 | 004,027,429 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\20100607-d.mp4
[2010/06/08 18:57:53 | 006,481,028 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\20100607-n.mp4
[2010/06/08 07:43:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 07:36:25 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\rkill.com
[2010/06/07 20:41:21 | 000,000,219 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Infected by Https Tidserv Request 2.url
[2010/06/07 07:18:39 | 000,135,497 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\index.html
[2010/06/07 06:55:08 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows cannot find CWINDOWSsystem32rundll32.exe.url
[2010/06/07 06:54:45 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Windows XP File Assocation Fixes.url
[2010/06/06 17:07:22 | 000,559,709 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\How to start the System Restore tool by using the safe mode option with the Command prompt in Windows XP.mht
[2010/06/06 15:45:09 | 000,690,959 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\Remove Sysinternals Antivirus (Removal Instructions) 411 on Spyware.mht
[2010/06/04 07:22:10 | 000,051,882 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\AutoIDCards.pdf
[2010/05/22 04:20:47 | 000,713,309 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\PP400_P0492_M_EN.pdf
[2010/05/21 18:56:58 | 000,035,574 | ---- | C] () -- C:\Documents and Settings\Bill O'Connell\Desktop\add.csv
[2010/05/01 16:55:15 | 000,000,360 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DFVZZTC1-Bill O'Connell.job
[2009/07/14 20:27:53 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/02/14 19:23:48 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\gc040112.dll
[2009/02/14 19:23:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\TVicHW32.dll
[2007/08/23 20:30:00 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/05/07 10:17:45 | 000,011,247 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/21 02:01:55 | 000,000,082 | ---- | C] () -- C:\WINDOWS\cool.ini
[2007/04/21 01:17:56 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/04/19 23:18:08 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2007/04/19 20:53:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/17 16:14:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/17 16:10:11 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/04/17 15:51:17 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/17 15:51:17 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/17 15:51:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/17 15:51:16 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/17 15:51:16 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/04/17 15:51:16 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/04/17 15:51:15 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/04/17 15:50:19 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ========== [2009/07/14 19:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2010/06/09 07:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/10/10 06:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/11/26 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/05/01 16:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/10 06:49:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2007/10/07 07:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\AI Internet Solutions
[2009/07/14 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Cisco
[2009/02/19 19:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\GetRightToGo
[2010/06/06 16:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\iolo
[2007/04/19 21:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Jasc
[2007/04/21 17:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Leadertech
[2007/04/21 17:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\OLD
[2007/11/26 19:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\RTPlayer
[2010/06/13 08:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill O'Connell\Application Data\Tunebite
[2010/06/19 08:19:37 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/17 09:08:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/17 09:08:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/17 09:08:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/17 09:08:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NVATA.SYS >[2007/02/25 21:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\drivers\storage\R149470\nvata.sys
[2007/02/25 21:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\i386\nvata.sys
[2007/02/25 21:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2010/03/11 07:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 07:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemdrive%\*.sys /90 /md5 >[2010/06/19 14:22:43 | 1005,047,808 | -HS- | M] ()
Unable to obtain MD5 -- C:\hiberfil.sys
[2010/06/19 14:22:41 | 1509,949,440 | -HS- | M] ()
Unable to obtain MD5 -- C:\pagefile.sys
< >< End of report >
-----------------
Extras.txt follows: OTL Extras logfile created on: 6/19/2010 6:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Bill O'Connell\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
958.00 Mb Total Physical Memory | 358.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.96 Gb Total Space | 89.92 Gb Free Space | 61.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DFVZZTC1
Current User Name: Bill O'Connell
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1061:TCP" = 1061:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOMAINS\WS-FTP\WS_FTP95.EXE" = C:\DOMAINS\WS-FTP\WS_FTP95.EXE:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Broadcom\BACS\BACS.exe" = C:\Program Files\Broadcom\BACS\BACS.exe:*:Enabled:Broadcom Advanced Control Suite 2 -- (Broadcom)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D2370-4A6A-46ED-A597-0395EFA48641}" = Jalbum
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45344B6D-2BDF-4CE0-88ED-E5C26A5D06BE}" = PC Stadtplandienst
"{50B6EFE0-085E-465B-8ABA-C70DF4705C2F}" = Sonic Foundry Vegas 2.0c
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C70E05A-D2A7-48D2-B46C-1968C86F7369}" = Tunebite
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A0B6FA8-E6BE-4FA6-87F6-40ADC737D9EF}" = CtWin
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE4F6C3-788E-4CAC-BA25-26FE39A3BC8C}" = Adobe Soundbooth CS5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E78DAA24-38F8-4D35-B732-B18ABA0424DF}" = Microsoft Office Live Image Uploader
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D6581A-FEA1-11D4-8170-00C04F612EA4}" = Sonic Foundry Sound Forge 5.0
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"1st Page 2000 2.00 Free" = 1st Page 2000 2.00 Free
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Akamai" = Akamai NetSession Interface
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"Cool Edit 2000" = Cool Edit 2000
"CSCLIB" = Canon Camera Support Core Library
"CSEHTMLVALIDATORLITE80_is1" = CSE HTML Validator Lite v8.04
"ESET Online Scanner" = ESET Online Scanner v3
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSMONEYV70" = Microsoft Money 99
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhapsody" = Rhapsody
"SD Contest Logger_is1" = SD V14.22
"SearchAssist" = SearchAssist
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"TClockEx_is1" = TClockEx
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Album Generator_is1" = Web Album Generator 1.8.2
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 6/18/2010 7:58:28 PM | Computer Name = DFVZZTC1 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x002404fa.
Error - 6/18/2010 7:58:37 PM | Computer Name = DFVZZTC1 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.
Error - 6/19/2010 9:19:21 AM | Computer Name = DFVZZTC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 6/19/2010 9:19:21 AM | Computer Name = DFVZZTC1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 6/19/2010 9:37:41 AM | Computer Name = DFVZZTC1 | Source = MsiInstaller | ID = 11704
Description = Product: McAfee VirusScan Enterprise -- Error 1704.An installation
for Microsoft Office 2000 Premium is currently suspended. You must undo the changes
made by that installation to continue. Do you want to undo those changes?
Error - 6/19/2010 2:16:27 PM | Computer Name = DFVZZTC1 | Source = libcsd | ID = 1001
Description =
Error - 6/19/2010 2:17:30 PM | Computer Name = DFVZZTC1 | Source = libcsd | ID = 1001
Description =
Error - 6/19/2010 2:18:31 PM | Computer Name = DFVZZTC1 | Source = libcsd | ID = 1001
Description =
Error - 6/19/2010 2:19:32 PM | Computer Name = DFVZZTC1 | Source = libcsd | ID = 1001
Description =
Error - 6/19/2010 2:20:33 PM | Computer Name = DFVZZTC1 | Source = libcsd | ID = 1001
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 6/13/2010 1:08:46 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 6/13/2010 2:30:17 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 6/13/2010 2:30:17 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service
Error - 6/13/2010 2:30:18 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331649
Description = Function: WaitForSingleObject Return code: 6 File: .\Agent.cpp Line:
686 Description: The handle is invalid.
Error - 6/14/2010 9:08:27 AM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 6/15/2010 2:37:23 AM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 6/17/2010 9:04:34 AM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 6/19/2010 2:16:53 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 6/19/2010 2:16:53 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 10.255.0.1 Interface: 10.255.51.29 Metric: 1
Error - 6/19/2010 2:16:53 PM | Computer Name = DFVZZTC1 | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
[ System Events ]
Error - 6/19/2010 9:38:10 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 6/19/2010 9:38:11 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 6/19/2010 9:38:11 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 6/19/2010 9:38:11 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 6/19/2010 9:45:34 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 6/19/2010 9:46:05 AM | Computer Name = DFVZZTC1 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
Error - 6/19/2010 9:46:06 AM | Computer Name = DFVZZTC1 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.
Error - 6/19/2010 9:48:48 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 6/19/2010 9:53:21 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
Error - 6/19/2010 10:00:15 AM | Computer Name = DFVZZTC1 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.
< End of report >
-------------------
There you have it. I should note that prior to your most recent post (asking for the above action), and after taking action from your post just prior to that, the google and bing search results seemed to be proper ... and the "every 10 minute" Norton warnings that an "intrusion had been detected" had stopped.
Hopefully we're getting close, and I very much appreciate your assistance, Tom.
BillOC