OTL logfile created on: 6/27/2010 6:44:40 PM - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Matthew Woodward\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 51.92 Gb Free Space | 46.45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-0548C161E1 Current User Name: Matthew Woodward Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe PRC - [2010/06/14 08:16:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/06/14 08:16:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/03/23 18:00:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe PRC - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2010/01/07 01:20:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2006/03/30 16:18:40 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe PRC - [2006/03/30 16:18:32 | 000,073,728 | ---- | M] (Starz) -- C:\Program Files\Vongo\Tray.exe PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe PRC - [2005/12/24 07:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe PRC - [2005/08/11 19:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2004/08/05 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe MOD - [2010/01/07 01:21:29 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2004/08/05 00:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004/08/05 00:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2003/03/19 14:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2003/02/21 22:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010/03/23 18:00:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService) SRV - [2010/01/21 19:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService) SRV - [2006/03/30 16:18:40 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [Auto | Running] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service) SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv) DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd) DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc) DRV - [2009/01/30 10:12:00 | 006,250,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006/05/10 14:27:00 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/05/10 02:02:00 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD) DRV - [2006/04/28 20:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/04/20 04:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006/04/20 04:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006/04/20 04:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006/04/17 23:29:00 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2006/04/01 07:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006/03/06 02:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006/03/03 03:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006/03/03 03:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/01/27 03:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005/11/16 07:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2005/11/01 05:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/11/01 04:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005/10/13 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb) DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2005/01/07 20:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004/08/04 17:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2004/08/04 17:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004/08/04 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/18 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.msn.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/26 14:00:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 13:59:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009/12/24 23:24:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/06/25 11:10:21 | 000,000,000 | ---D | M] [2010/06/26 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla\Extensions [2010/06/26 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla\Firefox\Profiles\wgx05n7v.default\extensions [2010/06/27 18:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/03 22:27:05 | 000,024,672 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll O1 HOSTS File: ([2010/03/23 18:05:26 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe () O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe File not found O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\Matthew Woodward\Start Menu\Programs\StartUp\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Matthew Woodward\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp O30 - LSA: Authentication Packages - (OWS\S) - File not found O30 - LSA: Security Packages - (EM) - File not found O30 - LSA: Security Packages - (ecurity Packages settings...) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell - "" = AutoRun O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d8f687df-c1b6-11de-a036-001b2436a58f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef578187-c100-11de-9cf5-806d6172696f}\Shell\AutoRun\command - "" = D:\install.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/24 20:52:27 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) [color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color] [2010/06/27 14:32:42 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe [2010/06/27 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/06/26 19:20:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/06/26 19:20:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/06/26 19:20:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/06/26 19:20:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/06/26 19:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/06/26 19:20:28 | 000,000,000 | --SD | C] -- C:\ComboFix [2010/06/26 18:22:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/06/26 18:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner [2010/06/26 18:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner [2010/06/26 14:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Application Data\Mozilla [2010/06/26 13:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Desktop\GooredFix Backups [2010/06/25 23:39:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matthew Woodward\Recent [2010/06/25 23:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/06/25 11:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2010/06/25 00:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\ibspyxwrb [2010/06/08 20:02:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2010/06/08 20:02:26 | 000,000,000 | ---D | C] -- C:\CanonMP [2010/05/24 21:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\SC4PIM [2010/05/19 17:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010/05/19 12:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Simulator Configuration Tool [2010/05/14 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ilives [2010/04/05 01:11:33 | 000,000,000 | ---D | C] -- C:\gmax [color=#E56717]========== Files - Modified Within 90 Days ==========[/color] [2010/06/27 18:37:43 | 000,000,313 | ---- | M] () -- C:\hpqp.ini [2010/06/27 18:37:04 | 000,194,401 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010/06/27 18:36:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/27 18:36:58 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [2010/06/27 18:36:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/27 18:36:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/27 18:36:47 | 2146,021,376 | -HS- | M] () -- C:\hiberfil.sys [2010/06/27 17:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/27 14:35:45 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Matthew Woodward\NTUSER.DAT [2010/06/27 14:34:50 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk [2010/06/27 14:32:52 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Woodward\Desktop\OTL(2).exe [2010/06/27 13:31:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\NTREGOPT.lnk [2010/06/27 13:31:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ERUNT.lnk [2010/06/27 10:01:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\housecall.guid.cache [2010/06/27 02:45:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Matthew Woodward\ntuser.ini [2010/06/26 18:20:55 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job [2010/06/26 18:20:44 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Frontline Registry Cleaner.lnk [2010/06/26 16:36:20 | 002,113,338 | -H-- | M] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\IconCache.db [2010/06/26 13:59:56 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/06/26 13:59:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/26 13:40:15 | 003,720,968 | R--- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ComboFix.exe [2010/06/25 23:36:55 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\CCleaner.lnk [2010/06/25 19:32:21 | 000,001,668 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LDAA7929206F64476A2EB2573BA30A081.job [2010/06/25 11:10:22 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/06/25 00:27:48 | 000,439,352 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/25 00:27:48 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/25 00:27:48 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/21 22:42:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/06/16 00:56:46 | 000,011,887 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Personal Essay.docx [2010/06/15 19:41:58 | 000,170,701 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\W-4 Form.pdf [2010/06/09 18:48:07 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/06/09 08:42:00 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/06/09 02:07:50 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini [2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll [2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2010/05/26 23:06:02 | 000,010,695 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\ThankYou.docx [2010/05/19 12:57:22 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Traffic Simulator Configuration Tool.lnk [2010/05/17 16:09:20 | 000,017,245 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Transcript.docx [2010/05/15 19:45:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/05/04 21:59:59 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Emerson Application.doc [2010/04/30 03:20:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010/04/14 02:00:40 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\LotEditor.exe.lnk [2010/04/05 01:11:58 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 Plug-in Manager.lnk [2010/04/05 01:11:58 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 B.A.T..lnk [2010/04/05 01:11:44 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmax.lnk [2010/04/03 01:26:26 | 000,064,040 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/06/27 13:33:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmer.exe [2010/06/27 13:31:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\NTREGOPT.lnk [2010/06/27 13:31:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ERUNT.lnk [2010/06/27 10:01:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Local Settings\Application Data\housecall.guid.cache [2010/06/26 19:20:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/06/26 19:20:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/06/26 19:20:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/06/26 19:20:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/06/26 19:20:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/06/26 18:20:54 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job [2010/06/26 18:20:44 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Frontline Registry Cleaner.lnk [2010/06/26 13:59:56 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/06/26 13:59:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/06/26 13:40:13 | 003,720,968 | R--- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\ComboFix.exe [2010/06/25 23:36:55 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\CCleaner.lnk [2010/06/25 11:10:22 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/06/15 19:41:58 | 000,170,701 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\W-4 Form.pdf [2010/06/12 20:52:52 | 000,011,887 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Personal Essay.docx [2010/06/08 20:02:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL [2010/05/26 23:06:01 | 000,010,695 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\ThankYou.docx [2010/05/19 12:57:22 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\Traffic Simulator Configuration Tool.lnk [2010/05/17 16:09:19 | 000,017,245 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Transcript.docx [2010/05/14 19:44:52 | 000,994,582 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Ilives Reader 093.exe [2010/05/04 21:59:59 | 000,164,352 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\My Documents\Emerson Application.doc [2010/04/05 01:11:58 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 Plug-in Manager.lnk [2010/04/05 01:11:58 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\SC4 B.A.T..lnk [2010/04/05 01:11:44 | 000,000,468 | ---- | C] () -- C:\Documents and Settings\Matthew Woodward\Desktop\gmax.lnk [2010/01/07 01:22:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/11/25 21:06:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old [2009/11/25 21:06:41 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll [2009/10/31 00:32:34 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009/10/29 20:59:09 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009/10/24 22:46:48 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2009/10/24 22:42:11 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini [2009/10/24 22:30:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/10/24 22:25:34 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006/05/10 17:23:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/10 16:46:02 | 000,000,728 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006/05/10 16:42:38 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/26 22:48:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006/04/26 22:48:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006/04/26 22:48:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006/04/26 22:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/12/02 21:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/05/06 05:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [color=#E56717]========== LOP Check ==========[/color] [2009/10/25 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2009/10/25 19:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar [2010/06/08 20:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2009/11/22 19:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft [2010/06/26 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner [2009/12/18 08:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies [2010/06/27 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/12/24 23:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/25 19:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\acccore [2009/10/25 22:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Deckadance [2009/11/22 19:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Final Draft [2009/12/18 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\muvee Technologies [2009/11/01 18:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\OpenOffice.org [2010/02/11 02:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew Woodward\Application Data\Sawer [2010/06/26 18:20:55 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\FrontLine Registry Cleaner Scheduled Scan - Matthew Woodward.job [2010/06/25 19:32:21 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Tasks\wrSpySweeper_LDAA7929206F64476A2EB2573BA30A081.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2009/10/24 22:59:38 | 000,000,223 | RHS- | M] () -- C:\boot.ini [1999/04/13 15:12:26 | 000,000,512 | ---- | M] () -- C:\Boot32.w2k [1999/04/07 18:34:04 | 000,001,536 | ---- | M] () -- C:\BOOTSEC.32 [2009/10/24 20:50:57 | 000,019,926 | ---- | M] () -- C:\CSPU.DAT [2009/10/24 23:03:25 | 000,002,622 | ---- | M] () -- C:\CTOERROR.FLG [2010/06/27 18:36:47 | 2146,021,376 | -HS- | M] () -- C:\hiberfil.sys [2010/06/27 18:37:43 | 000,000,313 | ---- | M] () -- C:\hpqp.ini [2009/10/25 19:03:20 | 000,000,459 | -H-- | M] () -- C:\IPH.PH [2004/08/05 00:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2002/08/29 23:00:00 | 000,047,580 | ---- | M] () -- C:\ntdetect.wpe [2004/08/05 00:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr [2010/06/27 18:36:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2006/06/12 11:20:55 | 000,000,688 | ---- | M] () -- C:\pcanet.ini [2002/08/29 23:00:00 | 000,245,920 | ---- | M] () -- C:\wpeldr [2010/06/27 18:36:58 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini [color=#A23BEC]< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[/color] [2005/08/26 12:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7L.DLL [2005/08/26 12:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7L.DLL [2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009/11/06 12:00:28 | 000,031,088 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\wrLZMA.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2006/05/10 09:15:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006/05/10 09:15:04 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color] [2004/08/05 00:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll [color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color] [2004/08/05 00:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >