OTL logfile created on: 9/7/2009 10:07:41 PM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Jeff\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.50 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 53.56% Memory free 2.09 Gb Paging File | 1.53 Gb Available in Paging File | 72.95% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 21.91 Gb Free Space | 29.40% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HPCOMPAQ Current User Name: Jeff Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/09/03 00:43:39 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe PRC - [2007/10/26 15:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008/05/23 08:58:22 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe PRC - [2008/05/23 08:58:34 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\System32\lxducoms.exe PRC - [2009/07/13 23:18:12 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe PRC - [2006/02/03 04:23:04 | 00,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe PRC - [2005/02/16 16:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2008/09/10 07:11:12 | 00,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008/09/10 07:11:09 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/09/03 00:43:39 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe PRC - [2009/07/03 15:01:50 | 00,902,440 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe PRC - [2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe PRC - [2008/08/20 17:13:13 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008/04/13 20:12:25 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe PRC - [2004/08/04 04:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/02/03 10:32:28 | 03,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Jeff\Local Settings\Temp\Rar$EX00.468\procexp.exe PRC - [2009/09/07 09:02:21 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe PRC - [2009/08/05 10:56:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/09/07 22:06:30 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\My Documents\Downloads\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/09/03 00:43:39 | 00,201,992 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2007/10/26 15:28:06 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running]) SRV - [2004/03/12 00:00:30 | 00,090,112 | ---- | M] (Dell Inc.) -- c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE -- (DLPWD [On_Demand | Stopped]) SRV - [2004/03/12 00:00:30 | 00,135,168 | ---- | M] (Dell Inc.) -- c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE -- (DLSDB [On_Demand | Stopped]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009/03/03 14:53:08 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped]) SRV - [2009/03/24 01:35:45 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2007/02/20 15:11:28 | 00,815,104 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer [On_Demand | Stopped]) SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008/05/23 08:58:22 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe -- (lxduCATSCustConnectService [Auto | Running]) SRV - [2008/05/23 08:58:34 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device [Auto | Running]) SRV - File not found -- -- (Nero BackItUp Scheduler 4.0 [Auto | Stopped]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009/07/13 23:18:12 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running]) SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running]) SRV - [2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006/04/04 10:45:26 | 00,181,872 | ---- | M] (Shavlik Technologies) -- C:\WINDOWS\ProPatches\Scheduler\stSchedEx.exe -- (Shavlik Scheduler [Disabled | Stopped]) SRV - [2009/06/22 16:33:52 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped]) SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://cm.my.yahoo.com/|http://www.msnbc.msn.com/|http://www.courier-journal.com/apps/pbcs.dll/frontpage|http://www.my-cast.com/std/imagery.jsp" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:1.6 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1 FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/24 21:54:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/02 08:46:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/02 08:46:16 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/09/03 00:30:05 | 00,000,000 | ---D | M] [2008/07/08 12:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Extensions [2008/07/08 12:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/07 11:38:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions [2009/08/20 08:54:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009/06/18 08:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2008/04/04 00:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(2) [2009/06/18 08:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009/08/10 11:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2009/08/13 08:37:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/01/01 23:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\moveplayer@movenetworks.com [2005/05/30 10:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\mozilla\Firefox\Profiles\0y1b9xl8.default\extensions\temp [2009/09/07 11:38:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/08/05 10:56:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/11/24 21:55:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008/12/06 10:55:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009/03/31 09:57:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/18 08:21:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/09/03 00:25:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/08/05 10:56:15 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/08/05 10:56:15 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/05/13 17:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2004/09/08 23:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/05/13 17:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009/05/26 22:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2006/12/12 11:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009/08/05 10:56:18 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/09/02 08:46:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/09/02 08:46:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/09/02 08:46:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/09/02 08:46:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/09/02 08:46:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/09/02 08:46:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/09/02 08:46:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2009/05/13 17:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/07/11 09:11:12 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/11 09:11:12 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/11 09:11:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/11 09:11:12 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/11 09:11:12 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/11 09:11:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/11 09:11:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (58171 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 101com.com O1 - Hosts: 127.0.0.1 101order.com O1 - Hosts: 127.0.0.1 103bees.com O1 - Hosts: 127.0.0.1 1100i.com O1 - Hosts: 127.0.0.1 123banners.com O1 - Hosts: 127.0.0.1 123found.com O1 - Hosts: 127.0.0.1 123pagerank.com O1 - Hosts: 127.0.0.1 12dailypro.com O1 - Hosts: 127.0.0.1 180searchassistant.com O1 - Hosts: 127.0.0.1 180solutions.com O1 - Hosts: 127.0.0.1 207.net O1 - Hosts: 127.0.0.1 247media.com O1 - Hosts: 127.0.0.1 247realmedia.com O1 - Hosts: 127.0.0.1 24pm-affiliation.com O1 - Hosts: 127.0.0.1 2mdn.net O1 - Hosts: 127.0.0.1 2o7.net O1 - Hosts: 127.0.0.1 4affiliate.net O1 - Hosts: 127.0.0.1 4d5.net O1 - Hosts: 127.0.0.1 50websads.com O1 - Hosts: 127.0.0.1 555-0134.com O1 - Hosts: 127.0.0.1 7adpower.com O1 - Hosts: 127.0.0.1 7search.com O1 - Hosts: 127.0.0.1 911promotion.com O1 - Hosts: 127.0.0.1 a-counter.kiev.ua O1 - Hosts: 2049 more lines... O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe (Sony Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe () O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\RegistryController.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe () O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Turtle Beach Riviera] C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.) O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Add to Windows &Live Favorites - File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll (ScanSoft, Inc.) O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: insightbb.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1114060065778 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123181435327 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} http://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe (Reg Error: Key error.) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (My Current Home Page) - About:Home O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Documents and Settings\Jeff\Local Settings\Temp\Rar$EX00.468\procexp.exe (Sysinternals - www.sysinternals.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{dacb8306-d0a3-11dd-9ae8-001185f2529f}\Shell\AutoRun\command - "" = F:\PhotoViewerAP-V305.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [7 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/09/07 21:42:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/07 21:41:46 | 00,000,621 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\NTREGOPT.lnk [2009/09/07 21:41:46 | 00,000,602 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\ERUNT.lnk [2009/09/07 21:41:45 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/09/07 11:49:26 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Tag&Rename.lnk [2009/09/07 11:49:25 | 00,000,000 | ---D | C] -- C:\Program Files\TagRename [2009/09/07 09:33:54 | 16,101,41696 | -HS- | C] () -- C:\hiberfil.sys [2009/09/07 09:02:21 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk [2009/09/07 00:11:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DeviceRemover [2009/09/07 00:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\Device Remover [2009/09/06 13:35:58 | 00,035,446 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cardregistrationform.pdf [2009/09/06 11:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Shared eBooks [2009/09/06 11:10:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Marlin [2009/09/06 11:10:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\My Documents\My Books [2009/09/06 11:03:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\My Documents\My Digital Editions [2009/09/06 10:59:04 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2009/09/06 10:58:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\kinoma [2009/09/06 10:58:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\kinoma [2009/09/06 10:58:33 | 00,001,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBook Library.lnk [2009/09/06 10:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Sony Corporation [2009/09/06 10:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Sony [2009/09/06 10:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2009/09/03 00:30:59 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/09/03 00:30:58 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/09/03 00:29:45 | 04,537,376 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/09/03 00:29:45 | 00,688,160 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/09/03 00:29:45 | 00,036,528 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/09/03 00:29:45 | 00,003,432 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/09/03 00:29:44 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2009/09/03 00:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2009/09/03 00:29:26 | 00,213,520 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK [2009/09/03 00:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA [2009/09/03 00:00:33 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2009/09/02 23:24:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2009/09/02 23:07:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2009/09/02 23:07:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2009/09/02 23:07:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2009/09/02 23:07:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2009/09/02 22:52:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2009/09/02 08:48:14 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes [2009/09/01 21:04:07 | 00,000,858 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Play MPE Player.lnk [2009/08/29 14:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\BE Football [2009/08/29 13:33:30 | 00,380,928 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\lame_enc.dll [2009/08/29 12:37:44 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Audacity.lnk [2009/08/29 12:37:42 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity [2009/08/25 15:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Desktop\Tile photos [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [7 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/09/07 21:41:46 | 00,000,621 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\NTREGOPT.lnk [2009/09/07 21:41:46 | 00,000,602 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\ERUNT.lnk [2009/09/07 21:08:20 | 00,688,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009/09/07 21:08:17 | 00,003,432 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009/09/07 20:36:09 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/07 20:20:50 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk [2009/09/07 20:20:36 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009/09/07 20:20:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/07 20:20:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/07 20:20:14 | 16,101,41696 | -HS- | M] () -- C:\hiberfil.sys [2009/09/07 20:19:11 | 04,537,376 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009/09/07 20:19:11 | 00,036,528 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009/09/07 11:49:26 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Tag&Rename.lnk [2009/09/07 09:02:21 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\HijackThis.lnk [2009/09/06 15:58:00 | 00,059,080 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/09/06 13:35:58 | 00,035,446 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cardregistrationform.pdf [2009/09/06 11:26:01 | 00,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/09/06 10:58:33 | 00,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBook Library.lnk [2009/09/06 07:00:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Office Outlook 2003.job [2009/09/04 10:50:32 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Microsoft Office Word 2003.lnk [2009/09/03 18:46:01 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/09/03 00:43:41 | 00,213,520 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009/09/03 00:43:41 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys [2009/09/03 00:43:36 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009/09/03 00:43:36 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009/09/03 00:18:26 | 00,000,404 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Shortcut to Shared Documents.lnk [2009/09/03 00:02:07 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/09/02 23:29:33 | 00,563,758 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/09/02 23:29:33 | 00,469,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/09/02 23:29:33 | 00,084,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/09/02 22:59:24 | 00,250,048 | RHS- | M] () -- C:\ntldr [2009/09/01 21:04:07 | 00,000,858 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Play MPE Player.lnk [2009/08/29 12:37:44 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Audacity.lnk [2009/08/27 22:31:01 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== LOP Check ==========[/color] [2009/09/06 11:10:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/03/31 17:11:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series [2009/02/17 15:58:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/09/06 10:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma [2009/04/21 13:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series [2009/09/06 11:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin [2007/11/12 19:48:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/03/20 12:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAFE MODE renamed {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2009/04/08 17:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAFE MODE renamed {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2005/08/30 18:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/06/23 21:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2005/08/30 18:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2009/08/16 00:33:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Jeff\Application Data [2009/07/10 17:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\5600-6600 Series [2009/08/27 22:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Any Video Converter [2008/07/22 14:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\ArcSoft [2009/08/03 22:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Canneverbe_Limited [2009/04/03 21:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/04/15 10:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\DisplayTune [2009/08/29 14:27:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\FileZilla [2005/04/22 00:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\InterVideo [2009/02/18 11:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\IObit [2009/04/10 11:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Lexmark Productivity Studio [2006/09/12 22:42:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\MailFrontier [2009/01/01 23:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Move Networks [2005/08/30 18:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\ScanSoft [2006/03/26 09:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Zeon [2009/09/03 18:46:01 | 00,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/09/07 20:20:36 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job [2009/09/06 07:00:00 | 00,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\Microsoft Office Outlook 2003.job [2009/09/07 20:20:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll [7 C:\WINDOWS\system32\*.tmp files] [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll [7 C:\WINDOWS\system32\*.tmp files] [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] < End of report >