OTL logfile created on: 10/26/2012 9:22:16 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\mtaylor\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free 3.85 Gb Paging File | 3.07 Gb Available in Paging File | 79.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.44 Gb Total Space | 44.81 Gb Free Space | 60.19% Space Free | Partition Type: NTFS Drive G: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS Drive H: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS Drive I: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS Drive K: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS Drive P: | 67.75 Gb Total Space | 47.02 Gb Free Space | 69.40% Space Free | Partition Type: NTFS Drive U: | 185.56 Gb Total Space | 101.80 Gb Free Space | 54.86% Space Free | Partition Type: NTFS Computer Name: OWNER-BE1505AC4 | User Name: mtaylor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/10/26 09:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe PRC - [2012/08/23 15:18:02 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/02/10 09:28:48 | 000,167,584 | ---- | M] (Bluebeam Software, Inc.) -- C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe PRC - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2011/10/24 09:40:04 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2011/10/07 05:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2011/09/27 15:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneBusEnum.exe PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe PRC - [2009/01/26 15:31:08 | 001,740,632 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/15 06:18:00 | 001,570,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll MOD - [2012/05/15 06:18:00 | 000,357,184 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/10/07 05:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll MOD - [2009/02/27 16:39:29 | 000,019,968 | -H-- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009/02/27 16:32:27 | 000,020,480 | -H-- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2012/08/23 15:18:02 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/05/29 09:36:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/05/15 06:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/24 09:40:44 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2011/10/24 09:40:10 | 000,814,264 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011/08/05 12:29:56 | 000,057,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\efavdrv.sys -- (efavdrv) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6) DRV - [2011/10/24 09:40:20 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2011/10/24 09:40:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2011/10/24 09:39:24 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 23 E1 12 93 3D CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/05/25 23:54:39 | 000,000,000 | ---D | M] O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.) O4 - HKLM..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [Apple Computer] rundll32.exe "C:\Documents and Settings\mtaylor\Local Settings\Application Data\ESET\Apple Computer\loaufevme.dll",DllRegisterServerW File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342005491921 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://72.36.41.99/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control) O16 - DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} http://207.59.155.130/user/TSBnwCam.CAB (TSBnwCam Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = steeldetail.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9775DEE-14A3-4E36-A99A-E749555CC85A}: DhcpNameServer = 192.168.100.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9775DEE-14A3-4E36-A99A-E749555CC85A}: NameServer = 192.168.100.10,192.168.100.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\mtaylor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/26 14:12:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2012/05/24 21:16:16 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/11/03 11:19:28 | 000,000,000 | ---D | M] - P:\AUTOCAD INTO XSTEEL -- [ NTFS ] O32 - AutoRun File - [2012/05/31 17:45:21 | 000,000,000 | R--D | M] - P:\autosave -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/10/26 09:21:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe [2012/10/26 09:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy [2012/10/26 09:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012/10/26 09:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2012/10/25 14:25:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mtaylor\Recent [2012/10/25 13:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support Logs [2012/10/25 13:44:17 | 000,000,000 | ---D | C] -- C:\EOlmarikTdl4Cleaner.20121025.134417.2824 [2012/10/25 13:38:12 | 000,000,000 | ---D | C] -- C:\EOlmarikTdl4Cleaner.20121025.133812.1120 [2012/10/25 13:38:06 | 000,327,704 | ---- | C] (ESET) -- C:\EOlmarikTdl4Cleaner.exe [2012/10/25 12:58:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2012/10/05 10:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtaylor\Application Data\Bluebeam Software [2012/10/05 10:53:15 | 000,100,440 | ---- | C] (Bluebeam Software, Inc.) -- C:\WINDOWS\System32\BBPdfPortMon.DLL [2012/10/05 10:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bluebeam Software [2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bluebeam Software [2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bluebeam Software [2012/10/05 10:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software [2012/10/05 10:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\Downloaded Installations [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/10/26 09:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mtaylor\Desktop\OTL.exe [2012/10/26 09:09:23 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\mtaylor\Desktop\Spybot - Search & Destroy.lnk [2012/10/26 09:08:00 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/26 08:56:01 | 000,000,986 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-263560638-87465442-3990609200-1145UA.job [2012/10/26 08:32:02 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/26 08:31:03 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2012/10/26 08:27:19 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{78A76B2A-48BC-458B-9D82-D0868302FD34}.job [2012/10/26 08:24:35 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/26 08:24:35 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/26 08:24:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/25 15:16:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/25 13:44:17 | 000,327,704 | ---- | M] (ESET) -- C:\EOlmarikTdl4Cleaner.exe [2012/10/25 13:22:33 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012/10/24 15:56:00 | 000,000,934 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-263560638-87465442-3990609200-1145Core.job [2012/10/11 07:58:33 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\mtaylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/10/10 17:03:55 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2012/10/10 10:01:05 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\mtaylor\Desktop\Paint.NET.lnk [2012/10/10 10:00:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/09 09:54:13 | 000,000,061 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini [2012/10/05 10:54:00 | 000,000,119 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2012/10/05 10:51:45 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bluebeam Revu.lnk [2012/10/03 06:26:59 | 000,228,000 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/10/01 14:22:46 | 001,744,395 | -H-- | M] () -- C:\Binder1.pdf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\mtaylor\Local Settings\Application Data\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/10/26 09:09:23 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\mtaylor\Desktop\Spybot - Search & Destroy.lnk [2012/10/25 14:04:08 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/18 07:11:16 | 000,000,830 | -H-- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/10 10:01:05 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\mtaylor\Desktop\Paint.NET.lnk [2012/10/05 10:54:00 | 000,000,119 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2012/10/05 10:51:45 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bluebeam Revu.lnk [2012/10/01 14:22:45 | 001,744,395 | -H-- | C] () -- C:\Binder1.pdf [2012/07/26 16:27:45 | 000,682,358 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-263560638-87465442-3990609200-1145-0.dat [2012/07/26 16:27:44 | 000,238,174 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/07/02 13:55:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\hppapr01.dll [2012/07/02 13:55:37 | 000,000,508 | -H-- | C] () -- C:\WINDOWS\System32\hppapr01.dat [2012/06/28 10:05:30 | 000,678,912 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam Javascript Library.dll [2012/06/28 10:04:46 | 000,246,272 | R--- | C] () -- C:\WINDOWS\System32\Bluebeam JPX Library.dll [2012/06/28 10:04:42 | 012,828,672 | R--- | C] () -- C:\WINDOWS\System32\BGP905A.dll [2012/05/31 09:13:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini [2012/05/29 15:50:51 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\mtaylor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/29 14:33:10 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll [2012/05/29 09:55:36 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2012/05/29 08:52:11 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss [2012/05/29 08:48:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012/05/29 08:11:48 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012/05/29 08:06:24 | 000,009,180 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2012/05/29 08:02:57 | 000,000,664 | RHS- | C] () -- C:\Documents and Settings\mtaylor\ntuser.pol [2012/05/25 23:35:29 | 001,075,544 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/05/25 23:35:29 | 001,075,544 | -H-- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/05/25 23:35:29 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/05/25 23:35:21 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/05/25 12:53:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/05/24 21:17:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/05/24 21:14:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/05/24 14:24:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/05/24 14:24:04 | 000,228,000 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=#E56717]========== ZeroAccess Check ==========[/color] [2012/05/29 08:29:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 14:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012/07/26 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2012/07/26 14:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk Navisworks Freedom 2012 [2012/10/05 10:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software [2012/05/29 08:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark [2012/10/25 14:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2012/07/26 14:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Navisworks 2012 [2012/05/29 10:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer [2012/05/29 10:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2012/06/20 12:44:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\mtaylor\Application Data\8C4AD6D7 [2012/07/26 14:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Autodesk [2012/07/26 14:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Autodesk Navisworks Freedom 2012 [2012/10/05 10:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Bluebeam Software [2012/05/29 08:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Cloudmark [2012/07/30 16:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\FileZilla [2012/08/28 14:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Informatik Inc [2012/05/31 10:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\Leadertech [2012/05/29 09:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\OpenOffice.org [2012/05/29 10:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\PDF Writer [2012/08/29 16:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtaylor\Application Data\PDFComplete [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to XSTEEL DWGS.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to STRUCTURALJOBS.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to steeldetaildocs.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to PCAWAY.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to CNC.lnk:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\NOTES.txt:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Documents and Settings\mtaylor\Desktop\!!BIDS.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to MILL ORDERS.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to Dwgs.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Shortcut to DRILL.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Scanners and Cameras.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\internet.exe.lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\Internet Explorer (No Add-ons).lnk:KAVICHS @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\mtaylor\Desktop\galv-holes.xls.lnk:KAVICHS < End of report >