What the Tech logo
Welcome to What the Tech! Register for a free account, or login > How does it work? We specialize in the removal of malicious software (malware),
but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn.
Spyware, Virus, Trojan, Rootkit? Remove malware -> Read this before posting a hijackthis logNeed help starting a new topic?
To avoid confusion, please do not post your question in someone else's topic. Start your own. Stay with your original topic when posting a follow up.
4 Pages V   1 2 3 > »   
 Closed TopicStart new topic
> [Resolved] computer continually locking up
Jeff G
post Jun 9 2009, 05:44 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 16-June 05
Member No.: 34,716
Operating System: XP
symptons:

computer coninually locking up, it seems especially so when using MS Office apps.
this forces you to reboot as your only remedy.

Would someone please take a look at tht logfile and advise.

Much appreciated.

Jeff


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:15 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7998 bytes
Go to the top of the page
 
+Quote Post
OCD
post Jun 11 2009, 12:22 AM
Post #2


SuperMember
*****

Group: Authentic Member
Posts: 1,763
Joined: 19-June 06
From: Suncoast Florida
Member No.: 57,193
Operating System: Windows XP SP3





Hello Jeff G,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your HijackThis log now, I will post back shortly with instructions.
Go to the top of the page
 
+Quote Post
OCD
post Jun 11 2009, 10:30 AM
Post #3


SuperMember
*****

Group: Authentic Member
Posts: 1,763
Joined: 19-June 06
From: Suncoast Florida
Member No.: 57,193
Operating System: Windows XP SP3





Hello Jeff G,
  • You may want to print out these instructions for reference prior to proceeding.
  • This solution is specifically tailored for this particular problem, please do not attempt to use this solution on another computer.
  • If you have any questions, or are uncertain about any steps please ask 'before' proceeding.
- - - - - Next - - - - -

Disable Windows Defender
  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
    (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)
- - - - - Next - - - - -

Disable SpyBot's Tea Timer
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
- - - - - Next - - - - -

Download DelDomains and save it to the desktop.
  • Close all open windows and your browser
  • Right Click DelDomains.inf and select >> Install
  • Reboot your computer
(Internet Explorer is needed to run this program properly)

- - - - - Next - - - - -

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:
  • Fast Browser Search
Select each one of the programs, then select remove.
(if the program is not listed don't be alarmed, just continue)

Exit the Control Panel when finished.

- - - - - Next - - - - -

Please download ATF Cleaner by Atribune.
Download - http://www.nutnworks.com/downloads/ATF_Cleaner.exe
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

- - - - - Next - - - - -

Please download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application.
  • Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.< < Don't forget this!
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    (The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.)
  • Copy and Paste the entire report in your next reply.
- - - - - Next - - - - -

Run HijackThis and select Do a System Scan Only

Before proceeding, make sure all programs and browser windows are closed, EXCEPT HijackThis
Place check marks next to the following items:
  • R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll
  • O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
  • O3 - Toolbar: Fast Browser Search - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
  • O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe
  • O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
  • O15 - Trusted Zone: http://*.windowsupdate.com
Now with all browsers closed, click on Fix Checked, then EXIT the program.

- - - - - Next - - - - -

Reboot, on your next post please provide the following:
  • MalwareBytes log
  • New HijackThis log
  • Tell me how your computer is running at the moment.
Go to the top of the page
 
+Quote Post
Jeff G
post Jun 14 2009, 08:40 AM
Post #4


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 16-June 05
Member No.: 34,716
Operating System: XP
Hello OCD,

I followed your insturctions and this is what I know:

  • I couldn't follow any of the "Disable Windows Defender" instructions. I was like Windows Defender was not there. For the longest time I would receive a message upon starting or re-booting my PC: "Windows Defender Application failed to initialize: 0x800106ba. A problem caused Windows Defender Service to stop. To start the service, restart your computer or search Help and Support on how to start a service manually." I thought this had something to with Norton AV.
  • I ran a System Scan Only in Hijack This and none of the entries you asked me to fix were in the list.
  • This is my second attempt at a post/reply. My computer locked up on me on the first attempt and I had to reboot.
Below are my (2) logfiles:

Malwarebytes' Anti-Malware 1.37
Database version: 2275
Windows 5.1.2600 Service Pack 3

6/14/2009 9:52:36 AM
mbam-log-2009-06-14 (09-52-36).txt

Scan type: Quick Scan
Objects scanned: 113094
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8007bf46-2ee2-be34-fc98-f324fa453d59} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\NoAdware (Rogue.NoAdware) -> Quarantined and deleted successfully.
c:\program files\NoAdware\logs (Rogue.NoAdware) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\NoAdware\noadware_040604_v2.na (Rogue.NoAdware) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:11 AM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7237 bytes


Thank you,
Jeff G
Go to the top of the page
 
+Quote Post
OCD
post Jun 14 2009, 10:58 PM
Post #5


SuperMember
*****

Group: Authentic Member
Posts: 1,763
Joined: 19-June 06
From: Suncoast Florida
Member No.: 57,193
Operating System: Windows XP SP3





Jeff G,

As a reminder, please do not run any additional malware removal software or attempt any fixes unless instructed to do so.
Doing so can hamper our efforts and extend the time it takes to clean your computer.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    [list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    You may need two posts to fit them both in.
- - - - - Next - - - - -

Reboot, on your next post please provide the following:
  • OTL logs (OTL.Txt and Extras.Txt)
  • Tell me how your computer is running at the moment.
Go to the top of the page
 
+Quote Post
Jeff G
post Jun 15 2009, 04:43 PM
Post #6


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 16-June 05
Member No.: 34,716
Operating System: XP
Pre-reboot OTL logs below:

OTL logfile created on: 6/15/2009 6:35:06 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JeffG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.06% Memory free
1.73 Gb Paging File | 1.40 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 35.77 Gb Free Space | 63.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFS
Current User Name: JeffG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
PRC - C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\JeffG\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iomega Activity Disk2 [Disabled | Stopped]) -- File not found
SRV - (Iomega App Services [Auto | Running]) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [On_Demand | Stopped]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (iomdisk [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090615.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090615.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntsim.sys (VIA Technologies, Inc. )
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ppa3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSCo.sys (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (VIAPFD [System | Running]) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (WFIOCTL [On_Demand | Running]) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS ()
DRV - (WINFOXIO [Disabled | Running]) -- C:\WINDOWS\system32\Drivers\WINFOXIO.SYS (Leadtek Research Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 06:55:17 | 00,000,000 | ---D | M]


O1 HOSTS File: (308613 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10625 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART File not found
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe File not found
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings File not found
O4 - HKLM..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\JeffG\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1096133225312 (MSSecurityAdvisor Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8014.6082291667 (Reg Error: Key error.)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 12:28:43 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/15 18:29:48 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\*.tmp files]
[2009/06/15 18:29:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
[2009/06/14 09:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
[2009/06/14 09:38:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 09:38:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/14 09:38:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/14 09:36:00 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
[2009/06/14 09:23:24 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
[2009/06/11 17:44:24 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
[2009/06/10 17:59:56 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
[2009/06/10 17:41:07 | 00,787,855 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
[2009/06/09 20:20:06 | 00,682,263 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
[2009/06/09 19:19:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
[2009/06/09 19:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/05 07:26:48 | 00,030,328 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\Funtown Agenda.cwk
[2009/06/03 20:21:35 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
[2009/06/02 20:17:56 | 00,579,557 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
[2009/06/02 20:16:39 | 00,439,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
[2009/06/02 20:15:42 | 00,461,193 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
[2009/06/02 20:14:46 | 00,493,443 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
[2009/05/31 08:57:27 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
[2009/05/27 20:52:16 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
[2009/05/21 14:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/21 14:06:24 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/05/17 19:47:07 | 00,235,146 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\MJG license.jpg
[2007/12/27 21:02:35 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/11/21 21:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/03 14:42:09 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/10/11 14:39:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2005/07/14 15:30:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/07/08 06:48:49 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/06/07 11:20:10 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/06/06 16:06:00 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/06/03 16:55:07 | 00,002,597 | ---- | C] () -- C:\WINDOWS\u3dedit3.INI
[2005/05/29 17:27:30 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/05/29 03:29:33 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 23:32:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/29 21:19:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\jmjaf.dll
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/03 16:16:42 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/23 09:50:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/31 11:00:35 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/05/31 10:11:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2004/05/31 10:11:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2004/05/31 10:10:21 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/05/31 10:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/05/31 10:07:41 | 00,001,560 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2004/05/31 10:07:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/05/26 08:28:37 | 00,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2004/03/22 18:29:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/03/22 18:29:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/03/22 18:29:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/02/14 20:32:57 | 00,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2004/02/01 15:43:20 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/02/01 15:22:43 | 00,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/01 15:22:34 | 00,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2004/01/29 10:34:42 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/01/29 10:24:39 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/01/28 13:20:58 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2004/01/28 13:19:43 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/01/28 07:31:33 | 00,000,902 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/28 07:31:22 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\drivers\*.tmp files]
[34 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\JeffG\Desktop\*.tmp files]
[2009/06/15 18:29:53 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
[2009/06/15 15:20:08 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job
[2009/06/15 06:44:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
[2009/06/14 10:30:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/14 10:29:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/14 10:29:45 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\JeffG\Local Settings\desktop.ini
[2009/06/14 10:29:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/14 09:38:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 09:36:00 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
[2009/06/14 09:23:24 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
[2009/06/13 20:30:53 | 00,308,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/06/12 07:28:06 | 00,787,855 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
[2009/06/11 20:34:52 | 40,265,3184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/06/11 20:27:20 | 00,006,601 | ---- | M] () -- C:\WINDOWS\JeffG8.xlb
[2009/06/11 19:18:44 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
[2009/06/10 17:59:56 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
[2009/06/10 03:15:08 | 01,414,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 03:06:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 20:23:17 | 00,682,263 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
[2009/06/09 19:23:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
[2009/06/08 14:22:35 | 00,308,599 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090613-203053.backup
[2009/06/07 19:47:52 | 00,001,560 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2009/06/07 19:47:52 | 00,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2009/06/07 19:26:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget.xls
[2009/06/05 07:26:50 | 00,030,328 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\Funtown Agenda.cwk
[2009/06/03 21:39:14 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
[2009/06/02 20:17:57 | 00,579,557 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
[2009/06/02 20:16:39 | 00,439,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
[2009/06/02 20:15:42 | 00,461,193 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
[2009/06/02 20:14:46 | 00,493,443 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/31 16:11:57 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
[2009/05/27 20:52:17 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
[2009/05/26 17:58:24 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090608-142235.backup
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 19:41:42 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090526-175824.backup
[2009/05/21 17:24:52 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\JeffG\My Documents\desktop.ini
[2009/05/17 19:47:07 | 00,235,146 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\MJG license.jpg
[2009/05/17 09:38:46 | 00,307,552 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090521-194142.backup

========== LOP Check ==========

[2009/06/14 09:38:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/11/22 10:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2004/01/29 10:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/07/18 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/09/03 11:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/07/12 08:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/14 09:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/04/15 05:50:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/06/15 10:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/03/29 17:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
[2009/03/02 08:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/08/31 04:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/06/13 20:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/10/26 14:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/02/01 16:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2005/08/06 10:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/06/14 09:38:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\JeffG\Application Data
[2004/03/22 14:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Active Disk
[2009/03/22 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Adobe
[2005/10/07 06:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\AdobeUM
[2004/11/21 12:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Aim
[2006/09/03 11:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\ArcSoft
[2005/09/11 09:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Avant Browser
[2007/03/15 17:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Canon
[2007/09/01 22:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Download Manager
[2007/01/06 08:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Google
[2007/07/19 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Help
[2007/02/19 18:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\HP
[2007/07/17 10:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Identities
[2008/04/15 05:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Lavasoft
[2004/02/14 17:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Macromedia
[2009/06/14 09:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
[2007/06/21 06:48:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\JeffG\Application Data\Microsoft
[2005/06/15 10:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\MSN6
[2007/12/22 09:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Snapfish
[2007/12/27 21:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sony Corporation
[2005/11/02 21:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sun
[2007/02/19 17:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Symantec
[2006/11/29 15:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Uniblue
[2005/05/09 21:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Webroot
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/15 06:44:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
[2009/06/14 10:29:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2004/10/14 11:22:04 | 00,031,956 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2009/06/15 15:20:08 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 9237 bytes -> C:\WINDOWS\dahotfix.log:bnywmm
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\d3xs.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\control.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\lfsbj.dat:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 11152 bytes -> C:\WINDOWS\u3dedit3.INI:umupzr
< End of report >


OTL Extras logfile created on: 6/15/2009 6:35:06 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JeffG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 65.06% Memory free
1.73 Gb Paging File | 1.40 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 35.77 Gb Free Space | 63.99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFS
Current User Name: JeffG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44BAC2DD-0574-4047-B736-A7687401C1CD}" = WinFast® Display Driver
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77E5D926-1805-42A9-B134-A60C03B2932E}" = SymNet
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7C3B05D-C22A-4BB3-8112-F8D0F4784747}" = ArcSoft Greeting Card Creator
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}" = Windows Defender
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 1.2 (Remove Only)
"AOL Instant Messenger" = AOL Instant Messenger
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Barbie™ Beauty Boutique™ CD-ROM" = Barbie™ Beauty Boutique™ CD-ROM
"Boardmaker version 5" = Boardmaker version 5
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker 6 Gold
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"PrintKey2000" = PrintKey2000
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Q903235" = Internet Explorer Q903235
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.25.332
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"Ulead COOL 3D 3.0" = Ulead COOL 3D 3.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFox Setup" = WinFox Setup
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2009 9:33:19 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 8.0.0.3514, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 6/3/2009 9:33:31 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 8.0.0.3514, faulting module
winword.exe, version 8.0.0.3514, fault address 0x001febba.

Error - 6/4/2009 11:56:30 AM | Computer Name = JEFFS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16827, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/9/2009 7:22:00 PM | Computer Name = JEFFS | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/9/2009 7:22:03 PM | Computer Name = JEFFS | Source = Application Hang | ID = 1001
Description = Fault bucket 462403724.

Error - 6/11/2009 4:26:31 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16850, faulting
module iertutil.dll, version 7.0.6000.16850, fault address 0x00033ee8.

Error - 6/11/2009 8:31:12 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 8.0.0.3514, faulting module
winword.exe, version 8.0.0.3514, fault address 0x004fe5a7.

Error - 6/11/2009 8:48:13 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 8.0.0.3514, faulting module
unknown, version 0.0.0.0, fault address 0x00000001.

Error - 6/13/2009 8:19:39 PM | Computer Name = JEFFS | Source = Application Error | ID = 1000
Description = Faulting application cleanmgr.exe, version 6.0.2900.5512, faulting
module cleanmgr.exe, version 6.0.2900.5512, fault address 0x000016de.

Error - 6/13/2009 8:19:46 PM | Computer Name = JEFFS | Source = Application Error | ID = 1001
Description = Fault bucket 1318840947.

[ System Events ]
Error - 5/21/2009 8:08:27 PM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/21/2009 9:25:15 PM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/21/2009 9:25:15 PM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/21/2009 9:30:11 PM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 5/21/2009 9:30:11 PM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/14/2009 10:02:03 AM | Computer Name = JEFFS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ppa3

Error - 6/14/2009 10:11:10 AM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 6/14/2009 10:11:10 AM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/14/2009 10:30:04 AM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 6/14/2009 10:30:04 AM | Computer Name = JEFFS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}


< End of report >
Go to the top of the page
 
+Quote Post
Jeff G
post Jun 15 2009, 05:24 PM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 16-June 05
Member No.: 34,716
Operating System: XP
Post-reboot OTL logs below:

I ran the scan three times and the only .txt file created was the OTL.txt.

No changes in computer behavior. I still waiting for it to freeze again.

OTL logfile created on: 6/15/2009 7:18:11 PM - Run 4
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JeffG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 73.75% Memory free
1.73 Gb Paging File | 1.48 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): c:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 35.86 Gb Free Space | 64.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEFFS
Current User Name: JeffG
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
PRC - C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
PRC - C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\JeffG\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iomega Activity Disk2 [Disabled | Stopped]) -- File not found
SRV - (Iomega App Services [Auto | Running]) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LexBceS [On_Demand | Stopped]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (iomdisk [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090615.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090615.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntsim.sys (VIA Technologies, Inc. )
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ppa3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSCo.sys (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (VIAPFD [System | Running]) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
DRV - (WFIOCTL [On_Demand | Stopped]) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS ()
DRV - (WINFOXIO [Disabled | Running]) -- C:\WINDOWS\system32\Drivers\WINFOXIO.SYS (Leadtek Research Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 06:55:17 | 00,000,000 | ---D | M]


O1 HOSTS File: (308613 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10625 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART File not found
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe File not found
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Avance Logic, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings File not found
O4 - HKLM..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\JeffG\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1096133225312 (MSSecurityAdvisor Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8014.6082291667 (Reg Error: Key error.)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/19 12:28:43 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/15 19:18:02 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[12 C:\WINDOWS\*.tmp files]
[2009/06/15 18:29:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
[2009/06/14 09:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
[2009/06/14 09:38:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 09:38:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/14 09:38:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/14 09:36:00 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
[2009/06/14 09:23:24 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
[2009/06/11 17:44:24 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
[2009/06/10 17:59:56 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
[2009/06/10 17:41:07 | 00,787,855 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
[2009/06/09 20:20:06 | 00,682,263 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
[2009/06/09 19:19:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
[2009/06/09 19:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/05 07:26:48 | 00,030,328 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\Funtown Agenda.cwk
[2009/06/03 20:21:35 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
[2009/06/02 20:17:56 | 00,579,557 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
[2009/06/02 20:16:39 | 00,439,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
[2009/06/02 20:15:42 | 00,461,193 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
[2009/06/02 20:14:46 | 00,493,443 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
[2009/05/31 08:57:27 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
[2009/05/27 20:52:16 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
[2009/05/21 14:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/21 14:06:24 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/05/17 19:47:07 | 00,235,146 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\MJG license.jpg
[2007/12/27 21:02:35 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/11/21 21:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/03 14:42:09 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/10/11 14:39:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2005/07/14 15:30:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/07/08 06:48:49 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/06/07 11:20:10 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/06/06 16:06:00 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/06/03 16:55:07 | 00,002,597 | ---- | C] () -- C:\WINDOWS\u3dedit3.INI
[2005/05/29 17:27:30 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/05/29 03:29:33 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/06 23:32:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/29 21:19:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\jmjaf.dll
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/03/03 16:16:42 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/01/23 09:50:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/31 11:00:35 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2004/05/31 10:11:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2004/05/31 10:11:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2004/05/31 10:10:21 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/05/31 10:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/05/31 10:07:41 | 00,001,560 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2004/05/31 10:07:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/05/26 08:28:37 | 00,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2004/03/22 18:29:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/03/22 18:29:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/03/22 18:29:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/02/14 20:32:57 | 00,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2004/02/01 15:43:20 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2004/02/01 15:22:43 | 00,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/01 15:22:34 | 00,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2004/01/29 10:34:42 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2004/01/29 10:24:39 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/01/28 13:20:58 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2004/01/28 13:19:43 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/01/28 07:31:33 | 00,000,902 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/01/28 07:31:22 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\drivers\*.tmp files]
[34 C:\WINDOWS\System32\*.tmp files]
[12 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\JeffG\Desktop\*.tmp files]
[2009/06/15 19:14:34 | 00,474,112 | -HS- | M] () -- C:\Documents and Settings\JeffG\Desktop\Thumbs.db
[2009/06/15 19:05:11 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job
[2009/06/15 18:46:38 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/15 18:46:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/15 18:46:05 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\JeffG\Local Settings\desktop.ini
[2009/06/15 18:45:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/15 18:29:53 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
[2009/06/15 06:44:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
[2009/06/14 09:38:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/14 09:36:00 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
[2009/06/14 09:23:24 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
[2009/06/13 20:30:53 | 00,308,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/06/12 07:28:06 | 00,787,855 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
[2009/06/11 20:34:52 | 40,265,3184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/06/11 20:27:20 | 00,006,601 | ---- | M] () -- C:\WINDOWS\JeffG8.xlb
[2009/06/11 19:18:44 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
[2009/06/10 17:59:56 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
[2009/06/10 03:15:08 | 01,414,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 03:06:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 20:23:17 | 00,682,263 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
[2009/06/09 19:23:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
[2009/06/08 14:22:35 | 00,308,599 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090613-203053.backup
[2009/06/07 19:47:52 | 00,001,560 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2009/06/07 19:47:52 | 00,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2009/06/07 19:26:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget.xls
[2009/06/05 07:26:50 | 00,030,328 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\Funtown Agenda.cwk
[2009/06/03 21:39:14 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
[2009/06/02 20:17:57 | 00,579,557 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
[2009/06/02 20:16:39 | 00,439,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
[2009/06/02 20:15:42 | 00,461,193 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
[2009/06/02 20:14:46 | 00,493,443 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
[2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/31 16:11:57 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
[2009/05/27 20:52:17 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
[2009/05/26 17:58:24 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090608-142235.backup
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/21 19:41:42 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090526-175824.backup
[2009/05/21 17:24:52 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\JeffG\My Documents\desktop.ini
[2009/05/17 19:47:07 | 00,235,146 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\MJG license.jpg
[2009/05/17 09:38:46 | 00,307,552 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090521-194142.backup

========== LOP Check ==========

[2009/06/14 09:38:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2007/11/22 10:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2004/01/29 10:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/07/18 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/09/03 11:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/07/12 08:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/14 09:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/04/15 05:50:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/06/15 10:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/03/29 17:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
[2009/03/02 08:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/08/31 04:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/06/13 20:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/10/26 14:49:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/02/01 16:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2005/08/06 10:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/06/14 09:38:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\JeffG\Application Data
[2004/03/22 14:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Active Disk
[2009/03/22 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Adobe
[2005/10/07 06:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\AdobeUM
[2004/11/21 12:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Aim
[2006/09/03 11:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\ArcSoft
[2005/09/11 09:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Avant Browser
[2007/03/15 17:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Canon
[2007/09/01 22:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Download Manager
[2007/01/06 08:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Google
[2007/07/19 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Help
[2007/02/19 18:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\HP
[2007/07/17 10:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Identities
[2008/04/15 05:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Lavasoft
[2004/02/14 17:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Macromedia
[2009/06/14 09:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
[2007/06/21 06:48:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\JeffG\Application Data\Microsoft
[2005/06/15 10:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\MSN6
[2007/12/22 09:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Snapfish
[2007/12/27 21:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sony Corporation
[2005/11/02 21:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sun
[2007/02/19 17:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Symantec
[2006/11/29 15:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Uniblue
[2005/05/09 21:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Webroot
[2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/15 06:44:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
[2009/06/15 18:46:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2004/10/14 11:22:04 | 00,031,956 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2009/06/15 19:05:11 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 9237 bytes -> C:\WINDOWS\dahotfix.log:bnywmm
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\d3xs.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\control.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\lfsbj.dat:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 11152 bytes -> C:\WINDOWS\u3dedit3.INI:umupzr
< End of report >
Go to the top of the page
 
+Quote Post
OCD
post Jun 16 2009, 10:27 AM
Post #8


SuperMember
*****

Group: Authentic Member
Posts: 1,763
Joined: 19-June 06
From: Suncoast Florida
Member No.: 57,193
Operating System: Windows XP SP3





Jeff G,

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

QUOTE
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad".
This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself.

- - - - - Next - - - - -

Please go to Start Menu > Control Panel > Add/ Remove Programs
Scroll Down and locate the following programs:
  • Java™ SE Runtime Environment 6 Update 1
  • Java™ 6 Update 2
  • Java™ 6 Update 3
  • Java™ 6 Update 5
  • Java™ 6 Update 7
  • Viewpoint / Viewpoint Media Player / Viewpoint Manager (optional)

Select each one of the programs, then select remove.
(if the program is not listed don't be alarmed, just continue with the list)

Exit the Control Panel when finished.

- - - - - Next - - - - -

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    CODE
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    O24 - Desktop Components:0 (My Current Home Page) - About:Home

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}"=-
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=-
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}"=-
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=-
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=-
    "ViewpointMediaPlayer"=-

    :Files
    C:\WINDOWS\System32\d3xs.exe

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
- - - - - Next - - - - -

Reboot, on your next post please provide the following:
  • New OTL log (refer to previous post for directions, if necessary)
  • Tell me how your computer is running at the moment.
Go to the top of the page
 
+Quote Post
Jeff G
post Jun 17 2009, 08:42 AM
Post #9


Authentic Member
**

Group: Authentic Member
Posts: 30
Joined: 16-June 05
Member No.: 34,716
Operating System: XP
OCD,

I followed your instructions from the last post. Below is the new OTL log.

Here are a few observations:


  • I noticed in the Control Panel the following program: Java™ 6 Update 14.
  • I'm still receiving the Windows Defender message mentioned in an earlier post.
  • PC has not locked-up lately. However, when it did lock up, it was random and without notice.
Jeff G


========== OTL ==========
Process explorer.exe killed successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160010} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160010}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160020} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160020}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160030} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160030}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160050} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160050}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160070} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160070}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ViewpointMediaPlayer not found.
========== FILES ==========
C:\WINDOWS\System32\d3xs.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_804.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 06172009_103124

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_804.dat not found!

Registry entries deleted on Reboot...
Go to the top of the page
 
+Quote Post
OCD
post Jun 17 2009, 10:57 AM
Post #10


SuperMember
*****

Group: Authentic Member
Posts: 1,763
Joined: 19-June 06
From: Suncoast Florida
Member No.: 57,193
Operating System: Windows XP SP3





Jeff G,

QUOTE (Jeff G @ Jun 17 2009, 10:42 AM) *
  1. I noticed in the Control Panel the following program: Java™ 6 Update 14.
  2. I'm still receiving the Windows Defender message mentioned in an earlier post.

1. That is the current version of Java, so you want to keep Java 6 Update 14
2. Disregard the Windows Defender message for the time being. We may need to uninstall and re-install after we have completed fixing any malware issues.

- - - - - Next - - - - -

The OTL log you provided was not complete. Please follow the directions below and re-run OTL.
  • Double click on the OTL icon to run it (it should be on your desktop). Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      You may need two posts to fit them both in.
    - - - - - Next - - - - -

    Reboot, on your next post please provide the following:
    • OTL logs OTL.Txt and Extras.Txt
    Go to the top of the page
     
    +Quote Post
    Jeff G
    post Jun 17 2009, 11:52 AM
    Post #11


    Authentic Member
    **

    Group: Authentic Member
    Posts: 30
    Joined: 16-June 05
    Member No.: 34,716
    Operating System: XP
    OCD,

    The OTL.txt file is below. Only this .txt file opened in a seperate notepad window.

    I performed a search for Extras.txt, but there was no file to be found. I performed a search for *.txt files created with today's date, and during this search my PC locked up on me and I had to reboot.

    I will now reboot and run OTL again. A seperate post will follow with OTL logs after reboot.

    Jeff G


    OTL logfile created on: 6/17/2009 1:34:39 PM - Run 6
    OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JeffG\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 74.24% Memory free
    1.73 Gb Paging File | 1.51 Gb Available in Paging File | 87.33% Paging File free
    Paging file location(s): c:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.90 Gb Total Space | 36.44 Gb Free Space | 65.18% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JEFFS
    Current User Name: JeffG
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
    PRC - C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
    PRC - C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
    PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
    PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
    PRC - C:\Documents and Settings\JeffG\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (Iomega Activity Disk2 [Disabled | Stopped]) -- File not found
    SRV - (Iomega App Services [Auto | Running]) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (LexBceS [On_Demand | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
    SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
    DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
    DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
    DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
    DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
    DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
    DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
    DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
    DRV - (iomdisk [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
    DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
    DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090616.052\NAVENG.SYS (Symantec Corporation)
    DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090616.052\NAVEX15.SYS (Symantec Corporation)
    DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntsim.sys (VIA Technologies, Inc. )
    DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ppa3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
    DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
    DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
    DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
    DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
    DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
    DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
    DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSCo.sys (Symantec Corporation)
    DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
    DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
    DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
    DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
    DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
    DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
    DRV - (VIAPFD [System | Running]) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
    DRV - (WFIOCTL [On_Demand | Running]) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS ()
    DRV - (WINFOXIO [Disabled | Running]) -- C:\WINDOWS\system32\Drivers\WINFOXIO.SYS (Leadtek Research Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 06:55:17 | 00,000,000 | ---D | M]


    O1 HOSTS File: (308613 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 10625 more lines...
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART File not found
    O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe File not found
    O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
    O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Avance Logic, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
    O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
    O4 - HKLM..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings File not found
    O4 - HKLM..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
    O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
    O4 - Startup: C:\Documents and Settings\JeffG\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1096133225312 (MSSecurityAdvisor Class)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828 (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8014.6082291667 (Reg Error: Key error.)
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/19 12:28:43 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - * [2009/06/17 13:21:30 | 00,000,000 | ---D | M]
    O34 - HKLM BootExecute: (lsdelete) - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [12 C:\WINDOWS\*.tmp files]
    [2009/06/17 10:31:24 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/06/15 18:29:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
    [2009/06/14 09:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
    [2009/06/14 09:38:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/06/14 09:38:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/06/14 09:38:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/06/14 09:36:00 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
    [2009/06/14 09:23:24 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
    [2009/06/11 17:44:24 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
    [2009/06/10 17:59:56 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
    [2009/06/10 17:41:07 | 00,787,855 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
    [2009/06/09 20:20:06 | 00,682,263 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
    [2009/06/09 19:19:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
    [2009/06/09 19:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/06/03 20:21:35 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
    [2009/06/02 20:17:56 | 00,579,557 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
    [2009/06/02 20:16:39 | 00,439,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
    [2009/06/02 20:15:42 | 00,461,193 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
    [2009/06/02 20:14:46 | 00,493,443 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
    [2009/05/31 08:57:27 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
    [2009/05/27 20:52:16 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
    [2009/05/21 14:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2009/05/21 14:06:24 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
    [2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2007/12/27 21:02:35 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/11/21 21:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/11/03 14:42:09 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2005/10/11 14:39:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
    [2005/07/14 15:30:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
    [2005/07/08 06:48:49 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/06/07 11:20:10 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2005/06/06 16:06:00 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2005/06/03 16:55:07 | 00,002,597 | ---- | C] () -- C:\WINDOWS\u3dedit3.INI
    [2005/05/29 17:27:30 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2005/05/29 03:29:33 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/06 23:32:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
    [2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
    [2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
    [2005/04/29 21:19:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\jmjaf.dll
    [2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2005/03/03 16:16:42 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2005/01/23 09:50:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
    [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2004/05/31 11:00:35 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2004/05/31 10:11:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2004/05/31 10:11:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
    [2004/05/31 10:10:21 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2004/05/31 10:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2004/05/31 10:07:41 | 00,001,560 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2004/05/31 10:07:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2004/05/26 08:28:37 | 00,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
    [2004/03/22 18:29:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2004/03/22 18:29:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2004/03/22 18:29:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2004/02/14 20:32:57 | 00,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
    [2004/02/01 15:43:20 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
    [2004/02/01 15:22:43 | 00,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2004/02/01 15:22:34 | 00,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
    [2004/01/29 10:34:42 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [2004/01/29 10:24:39 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
    [2004/01/28 13:20:58 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2004/01/28 13:19:43 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini
    [2004/01/28 07:31:33 | 00,000,902 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/01/28 07:31:22 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
    [2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
    [1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

    ========== Files - Modified Within 30 Days ==========

    [2 C:\WINDOWS\System32\drivers\*.tmp files]
    [34 C:\WINDOWS\System32\*.tmp files]
    [12 C:\WINDOWS\*.tmp files]
    [1 C:\Documents and Settings\JeffG\Desktop\*.tmp files]
    [2009/06/17 13:35:21 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job
    [2009/06/17 13:33:48 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/06/17 13:33:42 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\JeffG\Local Settings\desktop.ini
    [2009/06/17 13:32:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/06/17 13:32:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/06/17 06:26:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
    [2009/06/15 19:14:34 | 00,474,112 | -HS- | M] () -- C:\Documents and Settings\JeffG\Desktop\Thumbs.db
    [2009/06/15 18:29:53 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
    [2009/06/14 09:38:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/06/14 09:36:00 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
    [2009/06/14 09:23:24 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
    [2009/06/13 20:30:53 | 00,308,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
    [2009/06/12 07:28:06 | 00,787,855 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
    [2009/06/11 20:34:52 | 40,265,3184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2009/06/11 20:27:20 | 00,006,601 | ---- | M] () -- C:\WINDOWS\JeffG8.xlb
    [2009/06/11 19:18:44 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
    [2009/06/10 17:59:56 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
    [2009/06/10 03:15:08 | 01,414,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/06/10 03:06:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/06/09 20:23:17 | 00,682,263 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
    [2009/06/09 19:23:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
    [2009/06/08 14:22:35 | 00,308,599 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090613-203053.backup
    [2009/06/07 19:47:52 | 00,001,560 | ---- | M] () -- C:\WINDOWS\pstudio.ini
    [2009/06/07 19:47:52 | 00,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
    [2009/06/07 19:26:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget.xls
    [2009/06/03 21:39:14 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
    [2009/06/02 20:17:57 | 00,579,557 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
    [2009/06/02 20:16:39 | 00,439,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
    [2009/06/02 20:15:42 | 00,461,193 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
    [2009/06/02 20:14:46 | 00,493,443 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
    [2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
    [2009/05/31 16:11:57 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
    [2009/05/27 20:52:17 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
    [2009/05/26 17:58:24 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090608-142235.backup
    [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/05/21 19:41:42 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090526-175824.backup
    [2009/05/21 17:24:52 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\JeffG\My Documents\desktop.ini

    ========== LOP Check ==========

    [2009/06/14 09:38:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2007/11/22 10:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2004/01/29 10:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
    [2007/07/18 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2006/09/03 11:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
    [2008/07/12 08:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2009/06/14 09:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2008/04/15 05:50:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2005/06/15 10:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
    [2008/03/29 17:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
    [2009/03/02 08:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2008/08/31 04:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2009/06/13 20:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/17 10:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2004/02/01 16:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2005/08/06 10:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2009/06/14 09:38:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\JeffG\Application Data
    [2004/03/22 14:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Active Disk
    [2009/03/22 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Adobe
    [2005/10/07 06:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\AdobeUM
    [2004/11/21 12:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Aim
    [2006/09/03 11:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\ArcSoft
    [2005/09/11 09:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Avant Browser
    [2007/03/15 17:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Canon
    [2007/09/01 22:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Download Manager
    [2007/01/06 08:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Google
    [2007/07/19 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Help
    [2007/02/19 18:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\HP
    [2007/07/17 10:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Identities
    [2008/04/15 05:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Lavasoft
    [2004/02/14 17:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Macromedia
    [2009/06/14 09:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
    [2007/06/21 06:48:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\JeffG\Application Data\Microsoft
    [2005/06/15 10:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\MSN6
    [2007/12/22 09:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Snapfish
    [2007/12/27 21:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sony Corporation
    [2005/11/02 21:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sun
    [2007/02/19 17:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Symantec
    [2006/11/29 15:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Uniblue
    [2005/05/09 21:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Webroot
    [2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/06/17 06:26:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
    [2009/06/17 13:32:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
    [2004/10/14 11:22:04 | 00,031,956 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
    [2009/06/17 13:35:21 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job

    ========== Purity Check ==========


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 9237 bytes -> C:\WINDOWS\dahotfix.log:bnywmm
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\control.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\lfsbj.dat:SummaryInformation
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 11152 bytes -> C:\WINDOWS\u3dedit3.INI:umupzr
    < End of report >
    Go to the top of the page
     
    +Quote Post
    Jeff G
    post Jun 17 2009, 12:03 PM
    Post #12


    Authentic Member
    **

    Group: Authentic Member
    Posts: 30
    Joined: 16-June 05
    Member No.: 34,716
    Operating System: XP
    OCD,

    Here is a new OTL logfile after rebooting. Like before, there is no Extras.txt file.

    Jeff G

    OTL logfile created on: 6/17/2009 1:58:47 PM - Run 8
    OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\JeffG\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 73.44% Memory free
    1.73 Gb Paging File | 1.51 Gb Available in Paging File | 87.13% Paging File free
    Paging file location(s): c:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.90 Gb Total Space | 36.44 Gb Free Space | 65.18% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JEFFS
    Current User Name: JeffG
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Output = Minimal
    File Age = 30 Days
    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.)
    PRC - C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
    PRC - C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
    PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
    PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
    PRC - C:\Documents and Settings\JeffG\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (Iomega Activity Disk2 [Disabled | Stopped]) -- File not found
    SRV - (Iomega App Services [Auto | Running]) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (LexBceS [On_Demand | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
    SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
    SRV - (WinDefend [Disabled | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
    SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.)
    DRV - (cdrbsdrv [System | Running]) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
    DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
    DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (FA312 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FA312nd5.sys (NETGEAR Corp.)
    DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
    DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
    DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
    DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
    DRV - (iomdisk [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
    DRV - (ms_mpu401 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
    DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVENG.SYS (Symantec Corporation)
    DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090617.003\NAVEX15.SYS (Symantec Corporation)
    DRV - (NTIDrvr [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\System32\ntsim.sys (VIA Technologies, Inc. )
    DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
    DRV - (ppa3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ppa3.sys (Microsoft Corporation)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
    DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
    DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
    DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
    DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
    DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
    DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
    DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
    DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090610.001\SymIDSCo.sys (Symantec Corporation)
    DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
    DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
    DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
    DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
    DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
    DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
    DRV - (VIAPFD [System | Running]) -- C:\WINDOWS\System32\Drivers\VIAPFD.SYS (VIA Technologies. Inc.)
    DRV - (WFIOCTL [On_Demand | Running]) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS ()
    DRV - (WINFOXIO [Disabled | Running]) -- C:\WINDOWS\system32\Drivers\WINFOXIO.SYS (Leadtek Research Inc.)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 06:55:17 | 00,000,000 | ---D | M]


    O1 HOSTS File: (308613 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 10625 more lines...
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART File not found
    O4 - HKLM..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe File not found
    O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" (Symantec Corporation)
    O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
    O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Avance Logic, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
    O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
    O4 - HKLM..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings File not found
    O4 - HKLM..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE (Leadtek Research Inc.)
    O4 - HKLM..\RunOnceEx: [Flag] Reg Error: Invalid data type. File not found
    O4 - Startup: C:\Documents and Settings\JeffG\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_14.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.microsoft.com/security/prot...b?1096133225312 (MSSecurityAdvisor Class)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828 (WUWebControl Class)
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8014.6082291667 (Reg Error: Key error.)
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Registry Information Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredimail.com/contents/setup...er/imloader.cab (IMDownloader Class)
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/19 12:28:43 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - * [2009/06/17 13:55:19 | 00,000,000 | ---D | M]
    O34 - HKLM BootExecute: (lsdelete) - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [12 C:\WINDOWS\*.tmp files]
    [2009/06/17 10:31:24 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/06/15 18:29:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
    [2009/06/14 09:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
    [2009/06/14 09:38:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/06/14 09:38:06 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/06/14 09:38:05 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/06/14 09:38:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2009/06/14 09:36:00 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
    [2009/06/14 09:23:24 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
    [2009/06/11 17:44:24 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
    [2009/06/10 17:59:56 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
    [2009/06/10 17:41:07 | 00,787,855 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
    [2009/06/09 20:20:06 | 00,682,263 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
    [2009/06/09 19:19:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
    [2009/06/09 19:19:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/06/03 20:21:35 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
    [2009/06/02 20:17:56 | 00,579,557 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
    [2009/06/02 20:16:39 | 00,439,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
    [2009/06/02 20:15:42 | 00,461,193 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
    [2009/06/02 20:14:46 | 00,493,443 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
    [2009/05/31 08:57:27 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
    [2009/05/27 20:52:16 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
    [2009/05/21 14:07:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2009/05/21 14:06:24 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
    [2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
    [2009/05/21 14:03:42 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
    [2007/12/27 21:02:35 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/11/21 21:44:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/11/03 14:42:09 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2005/10/11 14:39:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
    [2005/07/14 15:30:55 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
    [2005/07/08 06:48:49 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
    [2005/06/07 11:20:10 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2005/06/06 16:06:00 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
    [2005/06/03 16:55:07 | 00,002,597 | ---- | C] () -- C:\WINDOWS\u3dedit3.INI
    [2005/05/29 17:27:30 | 00,000,136 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2005/05/29 03:29:33 | 00,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/06 23:32:10 | 00,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
    [2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
    [2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
    [2005/04/29 21:19:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\jmjaf.dll
    [2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2005/03/03 16:16:42 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
    [2005/03/01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2005/01/23 09:50:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
    [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
    [2004/05/31 11:00:35 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
    [2004/05/31 10:11:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2004/05/31 10:11:13 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
    [2004/05/31 10:10:21 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2004/05/31 10:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OP70.INI
    [2004/05/31 10:07:41 | 00,001,560 | ---- | C] () -- C:\WINDOWS\pstudio.ini
    [2004/05/31 10:07:41 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2004/05/26 08:28:37 | 00,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
    [2004/03/22 18:29:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2004/03/22 18:29:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2004/03/22 18:29:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2004/02/14 20:32:57 | 00,000,152 | ---- | C] () -- C:\WINDOWS\ULead32.ini
    [2004/02/01 15:43:20 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
    [2004/02/01 15:22:43 | 00,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2004/02/01 15:22:34 | 00,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
    [2004/01/29 10:34:42 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [2004/01/29 10:24:39 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
    [2004/01/28 13:20:58 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2004/01/28 13:19:43 | 00,000,016 | ---- | C] () -- C:\WINDOWS\WinInit.ini
    [2004/01/28 07:31:33 | 00,000,902 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/01/28 07:31:22 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
    [2002/07/04 15:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
    [2001/12/26 17:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/12/14 13:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2001/09/04 00:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/07/30 17:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/23 23:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
    [1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
    [1998/08/16 06:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
    [1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [1996/11/17 01:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

    ========== Files - Modified Within 30 Days ==========

    [2 C:\WINDOWS\System32\drivers\*.tmp files]
    [34 C:\WINDOWS\System32\*.tmp files]
    [12 C:\WINDOWS\*.tmp files]
    [1 C:\Documents and Settings\JeffG\Desktop\*.tmp files]
    [2009/06/17 13:57:58 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/06/17 13:57:49 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\JeffG\Local Settings\desktop.ini
    [2009/06/17 13:57:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/06/17 13:57:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/06/17 13:50:24 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job
    [2009/06/17 06:26:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
    [2009/06/15 19:14:34 | 00,474,112 | -HS- | M] () -- C:\Documents and Settings\JeffG\Desktop\Thumbs.db
    [2009/06/15 18:29:53 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffG\Desktop\OTL.exe
    [2009/06/14 09:38:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/06/14 09:36:00 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JeffG\Desktop\mbam-setup.exe
    [2009/06/14 09:23:24 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\DelDomains.inf
    [2009/06/13 20:30:53 | 00,308,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
    [2009/06/12 07:28:06 | 00,787,855 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\prop mgt agreement.JPG
    [2009/06/11 20:34:52 | 40,265,3184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2009/06/11 20:27:20 | 00,006,601 | ---- | M] () -- C:\WINDOWS\JeffG8.xlb
    [2009/06/11 19:18:44 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget - Aaron.xls
    [2009/06/10 17:59:56 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\June 11.doc
    [2009/06/10 03:15:08 | 01,414,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/06/10 03:06:29 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/06/09 20:23:17 | 00,682,263 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\deed.JPG
    [2009/06/09 19:23:50 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\HijackThis.lnk
    [2009/06/08 14:22:35 | 00,308,599 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090613-203053.backup
    [2009/06/07 19:47:52 | 00,001,560 | ---- | M] () -- C:\WINDOWS\pstudio.ini
    [2009/06/07 19:47:52 | 00,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
    [2009/06/07 19:26:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\budget.xls
    [2009/06/03 21:39:14 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\rental letter.doc
    [2009/06/02 20:17:57 | 00,579,557 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 4.jpg
    [2009/06/02 20:16:39 | 00,439,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 3.jpg
    [2009/06/02 20:15:42 | 00,461,193 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 2.jpg
    [2009/06/02 20:14:46 | 00,493,443 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\cottonwood house 1.jpg
    [2009/06/01 12:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
    [2009/05/31 16:11:57 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\intake form.doc
    [2009/05/27 20:52:17 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\JeffG\Desktop\credit app.doc
    [2009/05/26 17:58:24 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090608-142235.backup
    [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/05/21 19:41:42 | 00,307,911 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090526-175824.backup
    [2009/05/21 17:24:52 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\JeffG\My Documents\desktop.ini

    ========== LOP Check ==========

    [2009/06/14 09:38:05 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2007/11/22 10:50:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2004/01/29 10:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
    [2007/07/18 20:47:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
    [2006/09/03 11:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
    [2008/07/12 08:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2009/06/14 09:38:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2008/04/15 05:50:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2005/06/15 10:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
    [2008/03/29 17:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solero
    [2009/03/02 08:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2008/08/31 04:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2009/06/13 20:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/06/17 10:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2004/02/01 16:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
    [2005/08/06 10:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2009/06/14 09:38:10 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\JeffG\Application Data
    [2004/03/22 14:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Active Disk
    [2009/03/22 11:52:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Adobe
    [2005/10/07 06:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\AdobeUM
    [2004/11/21 12:39:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Aim
    [2006/09/03 11:50:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\ArcSoft
    [2005/09/11 09:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Avant Browser
    [2007/03/15 17:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Canon
    [2007/09/01 22:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Download Manager
    [2007/01/06 08:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Google
    [2007/07/19 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Help
    [2007/02/19 18:45:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\HP
    [2007/07/17 10:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Identities
    [2008/04/15 05:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Lavasoft
    [2004/02/14 17:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Macromedia
    [2009/06/14 09:38:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Malwarebytes
    [2007/06/21 06:48:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\JeffG\Application Data\Microsoft
    [2005/06/15 10:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\MSN6
    [2007/12/22 09:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Snapfish
    [2007/12/27 21:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sony Corporation
    [2005/11/02 21:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Sun
    [2007/02/19 17:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Symantec
    [2006/11/29 15:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Uniblue
    [2005/05/09 21:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JeffG\Application Data\Webroot
    [2003/03/31 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/06/17 06:26:29 | 00,000,556 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - JeffG.job
    [2009/06/17 13:57:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
    [2004/10/14 11:22:04 | 00,031,956 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
    [2009/06/17 13:50:24 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{40FD7DA3-44F4-40D6-BBD5-FA79174F1959}.job

    ========== Purity Check ==========


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 9237 bytes -> C:\WINDOWS\dahotfix.log:bnywmm
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\control.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\lfsbj.dat:SummaryInformation
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 11152 bytes -> C:\WINDOWS\u3dedit3.INI:umupzr
    < End of report >
    Go to the top of the page
     
    +Quote Post
    OCD
    post Jun 18 2009, 02:31 AM
    Post #13


    SuperMember
    *****

    Group: Authentic Member
    Posts: 1,763
    Joined: 19-June 06
    From: Suncoast Florida
    Member No.: 57,193
    Operating System: Windows XP SP3





    Jeff G,

    • Please go to Start >> Run and type in services.msc
    • Scroll down to Windows Defender and make sure its enabled.
    • Right click on it and go to Properties and select Automatic.
    - - - - - Next - - - - -

    I need you to run the following scan: Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button.
    • Click Start. The scanner engine will initialize and update.
    • Do Not place a check mark in the box beside Remove found threats.
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes click the Details tab.
    • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
    - - - - - Next - - - - -

    Reboot, on your next post please provide the following:
    • ESET log.txt
    • New HijackThis log
    • Tell me how your computer is running at the moment.
    Go to the top of the page
     
    +Quote Post
    Jeff G
    post Jun 18 2009, 04:19 PM
    Post #14


    Authentic Member
    **

    Group: Authentic Member
    Posts: 30
    Joined: 16-June 05
    Member No.: 34,716
    Operating System: XP
    OCD,

    Below is the ESET log.txt and HijackThis log.

    I ran the services.msc and thought that I had enabled Windows Defender. However, upon rebooting I received the Windows Defender Application message again.

    [email="ESETSmartInstaller@High"]ESETSmartInstaller@High[/email] as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=6
    # IEXPLORE.EXE=7.00.6000.16850 (vista_gdr.090423-0018)
    # OnlineScanner.ocx=1.0.0.5863
    # api_version=3.0.2
    # EOSSerial=db47e108779d0846b6e0c7c5bc977b4c
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-06-18 11:10:58
    # local_time=2009-06-18 07:10:58 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3586 22 60 12 339254606250000
    # compatibility_mode=5889 61 66 100 1012203125000000
    # scanned=17403
    # found=2
    # cleaned=0
    # scan_time=903
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.bak HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.dbx HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    # version=6
    # IEXPLORE.EXE=7.00.6000.16850 (vista_gdr.090423-0018)
    # OnlineScanner.ocx=1.0.0.5863
    # api_version=3.0.2
    # EOSSerial=db47e108779d0846b6e0c7c5bc977b4c
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-06-18 09:11:23
    # local_time=2009-06-18 05:11:23 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3586 22 60 12 339614860781250
    # compatibility_mode=5889 61 66 100 1012563379531250
    # scanned=75809
    # found=3
    # cleaned=0
    # scan_time=2838
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.bak HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.dbx HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000
    esets_scanner_update returned -1 esets_gle=53251
    # version=6
    # IEXPLORE.EXE=7.00.6000.16850 (vista_gdr.090423-0018)
    # OnlineScanner.ocx=1.0.0.5863
    # api_version=3.0.2
    # EOSSerial=db47e108779d0846b6e0c7c5bc977b4c
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-06-18 10:07:08
    # local_time=2009-06-18 06:07:08 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=3586 22 60 12 339648305937500
    # compatibility_mode=5889 61 66 100 1012596824687500
    # scanned=75807
    # found=3
    # cleaned=0
    # scan_time=3172
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.bak HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    C:\Documents and Settings\JeffG\Local Settings\Application Data\Identities\{159A91DE-DFB3-437C-9775-3B990FDDEE28}\Microsoft\Outlook Express\Deleted Items.dbx HTML/TrojanClicker.Agent.AG trojan 00000000000000000000000000000000
    C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:12:15 PM, on 6/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\WINDOWS\System32\WF2K.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093100844828
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 7827 bytes
    Go to the top of the page
     
    +Quote Post
    OCD
    post Jun 19 2009, 03:27 AM
    Post #15


    SuperMember
    *****

    Group: Authentic Member
    Posts: 1,763
    Joined: 19-June 06
    From: Suncoast Florida
    Member No.: 57,193
    Operating System: Windows XP SP3





    Jeff G,

    Run HijackThis and select Do a System Scan Only

    Before proceeding, make sure all programs and browser windows are closed, EXCEPT HijackThis
    Place check marks next to the following items:
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    • O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
    Now with all browsers closed, click on Fix Checked, then EXIT the program

    - - - - - Next - - - - -

    You copy of Windows Defender might be corrupt. Please download and install a new copy of Windows Defender
    Follow the on screen instructions for installation.

    - - - - - Next - - - - -

    Please re-run the: Eset Online Scanner
    (You will need Internet Explorer to run this scan)
    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button.
    • Click Start. The scanner engine will initialize and update.
    • Place a check mark in the box beside Remove found threats. < < Very Important
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes click the Details tab.
    • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
    - - - - - Next - - - - -

    Reboot, on your next post please provide the following:
    • New HijackThis log
    • ESET log.txt
    • Tell me how your computer is running at the moment.
    Go to the top of the page
     
    +Quote Post
    « Next Oldest · Virus, Spyware & Malware Removal · Next Newest »
     

    4 Pages V   1 2 3 > » 
    		Closed TopicStart new topic
    1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
    0 Members:

     
    RSS Time is now: 2nd September 2010 - 10:20 PM
    Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
    Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
    Memory Forums | Auto Repair Forum
    © Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
    Powered By IP.Board © 2010  IPS, Inc.