OTL logfile created on: 1/4/2012 4:10:31 PM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.37 Mb Total Physical Memory | 630.02 Mb Available Physical Memory | 62.05% Memory free 2.39 Gb Paging File | 2.08 Gb Available in Paging File | 87.35% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 25.16 Gb Free Space | 33.76% Space Free | Partition Type: NTFS Computer Name: USER-7086C1A3DC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 19:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/10/13 19:38:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll MOD - [2011/10/12 21:13:23 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011/10/12 21:12:22 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011/10/12 21:10:56 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2011/10/12 21:10:55 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2011/10/12 21:10:52 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011/10/12 21:10:51 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2011/10/12 21:10:42 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011/10/12 21:10:42 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011/10/12 21:10:39 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2011/10/12 21:10:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011/10/12 21:10:31 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2011/10/12 21:10:17 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/03/02 10:17:11 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/03/02 10:17:10 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/03/02 10:17:07 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/03/02 10:17:06 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/03/02 10:17:06 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/03/02 10:17:06 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/03/02 10:17:06 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/03/02 10:17:04 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/03/02 10:17:03 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/03/02 10:17:03 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2011/03/02 10:17:02 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe MOD - [2010/01/09 21:41:08 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/01/09 21:41:05 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/01/09 21:41:04 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/01/09 21:41:01 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/09 21:41:01 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/09 21:41:00 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/01/09 21:41:00 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/01/09 21:40:58 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/01/09 21:40:58 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/01/09 21:40:58 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/01/09 15:43:39 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/01/09 15:43:39 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/01/09 15:43:38 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/01/09 15:43:38 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/01/09 15:43:38 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/01/09 15:43:38 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2009/02/19 18:51:04 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2009/01/31 22:53:47 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2009/01/31 22:53:46 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2009/01/31 22:43:37 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2009/01/31 22:43:36 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2009/01/31 22:43:33 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MOD - [2009/01/31 22:43:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/01/31 22:43:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MOD - [2009/01/31 22:43:31 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MOD - [2007/02/21 09:13:02 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006/11/01 10:48:02 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll MOD - [2001/11/17 12:25:08 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (CLEARWIRERcAppSvc) SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon) SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/09/07 11:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/05/17 16:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2012/01/04 16:08:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C45D45A-1C8D-4D7B-BCC3-125F0B58B167}\MpKsla3e10d99.sys -- (MpKsla3e10d99) DRV - [2011/12/29 23:23:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C45D45A-1C8D-4D7B-BCC3-125F0B58B167}\MpKslcaa0c18b.sys -- (MpKslcaa0c18b) DRV - [2011/07/23 12:08:27 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/12/30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RKHit.sys -- (RkHit) DRV - [2010/11/17 14:23:54 | 000,039,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/07/08 12:32:54 | 000,318,464 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm) DRV - [2010/07/08 12:29:32 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr) DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010/06/18 13:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010/01/29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2009/08/19 16:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008/10/16 19:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007/05/10 08:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/04/10 16:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000) DRV - [2007/02/21 09:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007/02/08 11:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2006/11/14 22:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/14 17:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/14 15:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005/08/05 09:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2001/07/20 07:29:00 | 000,024,555 | R--- | M] (USB2LAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (NET8511) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-1645522239-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {F78C6C5C-17E1-45A7-ACB0-F6760731BC67}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F78C6C5C-17E1-45A7-ACB0-F6760731BC67} [2010/10/10 13:49:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:38:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/17 13:14:06 | 000,000,000 | ---D | M] [2010/10/26 19:17:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2010/09/16 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\songbird@songbirdnest.com [2011/06/20 15:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions [2011/02/07 09:04:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\us9zlbb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/11/10 09:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\US9ZLBB6.DEFAULT\EXTENSIONS\REFGRABIT@REFWORKS.PLUGIN.XPI [2011/11/10 09:38:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll [2011/08/20 22:00:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 09:38:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-299502267-1645522239-839522115-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ckuxicu] rundll32.exe "C:\WINDOWS\eqekekibehav.dll",Startup File not found O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found O4 - HKLM..\Run: [eFax 4.3] C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKLM..\Run: [EPSON Stylus CX7800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files\PCSafeDoctor\pcsafedoctor.exe () O4 - HKLM..\Run: [PDFServiceEngine] C:\Program Files\PDF Suite\PDFServiceEngine.exe File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Standby] C:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [StxTrayMenu] C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [Ctefu] rundll32.exe "C:\WINDOWS\wderms.dll",Startup File not found O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe () O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKU\S-1-5-21-299502267-1645522239-839522115-500..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe (j2 Global Communications, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-1645522239-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-299502267-1645522239-839522115-500\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB (SFImageUpload1_10.ImageUpload) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/NET/Uploader/LPUploader57.cab (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.webex.com/client/T27LB/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{268B952C-7E9C-4352-BAC8-90D44A37576F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60557C6D-1598-491F-9ACE-F9E6F8CD1DA1}: DhcpNameServer = 64.213.152.18 66.180.96.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/01 10:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell - "" = AutoRun O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{06470aea-b833-11df-a0cb-0023edf198ae}\Shell\AutoRun\command - "" = E:\setup.exe -a O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell - "" = AutoRun O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{21fd9ff0-7d2c-11de-a03e-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{870ada68-c618-11de-a058-0014229216e4}\Shell\AutoRun\command - "" = E:\WDSetup.exe O33 - MountPoints2\{e0e58bb8-aa61-11df-a0c5-0014229216e4}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell - "" = AutoRun O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e6f37c34-d12a-11dd-9ff1-0014229216e4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: dmreedit - (C:\WINDOWS\system32\javaay32.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-299502267-1645522239-839522115-500\...exe [@ = 7YH] -- "C:\Documents and Settings\Administrator\Local Settings\Application Data\nxf.exe" -a "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/04 16:05:57 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/02 23:00:19 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe [2012/01/02 22:50:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com [2012/01/02 22:50:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/12/29 22:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSafeDoctor [2011/12/29 22:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\PCSafeDoctor [2011/08/10 15:25:35 | 000,463,520 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll [2011/08/10 15:25:35 | 000,330,400 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll [2011/08/10 15:25:35 | 000,031,392 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll [2009/01/04 15:02:35 | 001,753,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\olk1004.exe [2008/11/05 23:11:21 | 067,167,528 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes801Setup.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/04 16:13:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/04 16:08:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012/01/04 16:08:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012/01/04 16:08:05 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/01/04 16:08:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/04 16:07:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/01/04 16:07:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/04 15:40:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/01/04 12:56:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat [2012/01/02 22:59:25 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe [2012/01/02 22:45:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com [2011/12/29 22:54:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2011/12/29 22:24:12 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2011/12/29 22:23:23 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk [2011/12/29 22:17:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2011/12/26 17:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/23 00:21:08 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/23 00:21:07 | 000,020,392 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/22 10:38:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2011/12/21 15:45:32 | 000,039,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf [2011/12/21 11:46:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_3_Port [2011/12/18 21:48:10 | 000,003,766 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2011/12/18 21:34:36 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/16 10:40:46 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/16 09:49:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/12/08 12:15:02 | 000,172,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf [2011/12/07 18:21:00 | 005,312,393 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf [2011/12/07 14:33:00 | 000,005,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/02 23:02:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat [2011/12/29 22:24:12 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2011/12/29 22:23:23 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\pcsafedoctor.lnk [2011/12/29 22:23:12 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/23 00:01:00 | 000,020,392 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\651481b0r625f284t682b4nak2t4 [2011/12/21 15:45:32 | 000,039,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HOA Fees003.pdf [2011/12/08 12:15:02 | 000,172,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Addendum002.pdf [2011/12/07 18:21:00 | 005,312,393 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ascot appraisal.pdf [2011/12/07 14:33:00 | 000,005,468 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\New Flight Info [2011/10/04 20:50:46 | 003,426,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/08/10 15:25:35 | 000,401,056 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll [2011/08/10 15:25:35 | 000,128,672 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll [2011/07/23 12:09:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/23 12:09:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/18 11:25:36 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/01/13 21:00:46 | 000,039,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys [2010/12/23 14:03:16 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1D89FA2FC5.sys [2010/12/23 14:03:15 | 000,003,766 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2010/12/13 16:41:51 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX7800.ini [2010/10/26 19:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/09/09 22:01:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxemikisoxebu.bin [2010/09/09 22:01:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dkesimibahu.dat [2010/05/10 17:48:24 | 000,069,848 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/03/14 22:32:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/03/14 20:59:18 | 000,007,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini [2010/01/03 20:34:21 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010/01/03 20:34:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010/01/03 20:34:21 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010/01/03 20:34:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010/01/03 20:34:21 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010/01/03 20:34:21 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010/01/03 20:34:21 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010/01/03 20:34:21 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010/01/03 20:34:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010/01/03 20:34:21 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010/01/03 20:34:21 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010/01/03 20:34:21 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010/01/03 20:34:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010/01/03 20:34:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/10/01 15:51:14 | 002,033,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin [2009/05/06 12:56:02 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/03/03 09:59:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini [2009/02/20 14:03:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/01/07 21:10:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI [2009/01/07 18:45:48 | 007,364,608 | ---- | C] () -- C:\Program Files\epson12766.exe [2008/12/05 17:19:06 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2008/10/28 12:35:08 | 000,000,268 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2008/08/07 13:11:17 | 000,001,300 | ---- | C] () -- C:\WINDOWS\BARNACLES.INI [2008/08/06 21:28:34 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/01 13:45:25 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/08/01 10:45:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/08/01 10:41:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2008/08/01 10:41:05 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/08/01 10:41:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE [2008/08/01 10:05:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/08/01 09:59:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/08/01 06:33:52 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/08/01 06:32:37 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/08/06 10:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/02/03 19:59:44 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll [2005/01/30 13:27:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe [2005/01/30 13:27:32 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe [2001/11/17 12:25:08 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [color=#E56717]========== LOP Check ==========[/color] [2010/11/07 20:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon [2008/08/02 07:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\eFax Messenger [2009/01/04 13:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2010/06/14 15:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Individual Software [2010/12/13 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2010/10/26 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MyPublisher [2009/02/20 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paltalk [2011/01/07 21:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PDF Software [2011/01/13 21:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless [2010/03/14 21:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux [2010/09/16 21:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro [2010/09/16 20:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2 [2010/12/22 12:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ulead Systems [2010/10/26 13:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex [2009/11/16 11:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output [2008/08/02 07:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup [2011/01/03 17:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eNcFc09000 [2010/12/13 16:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2009/04/11 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2009/01/16 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks [2011/08/10 11:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2011/04/18 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager [2008/10/07 11:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2010/04/09 07:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/16 19:27:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2011/01/07 21:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PDF Software [2012/01/04 16:08:05 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2012/01/04 16:13:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [color=#E56717]========== Purity Check ==========[/color] < End of report >