Will post the logs to make it easier for me to analyze them.
OTL logfile created on: 4/17/2010 12:49:12 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Thompson Insurance\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.17 Gb Free Space | 72.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: Thompson Insurance
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/04/16 23:07:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thompson Insurance\Desktop\OTL.exe
PRC - [2010/04/16 20:59:05 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2010/04/14 12:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2003/08/12 13:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/05/15 17:45:54 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2003/05/15 17:41:16 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
========== Modules (SafeList) ========== MOD - [2010/04/16 23:07:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thompson Insurance\Desktop\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2010/04/16 20:59:05 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/04/09 00:47:58 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2003/08/27 11:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/08/12 13:50:40 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5C 7C 62 58 04 DD CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/04/16 10:23:36 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290}
https://allapp.ahlco...ol/AHLDSync.cab (AHLDSync.ctlDataSync)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.micros...b?1138037095375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3}
https://allapp.ahlco...LInfoUpdate.CAB (AHLInfoUpdate.Login)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/13 17:28:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/02/13 17:27:52 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 14 Days ========== [2010/04/16 23:07:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Thompson Insurance\Desktop\OTL.exe
[2010/04/16 22:45:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Thompson Insurance\Recent
[2010/04/16 22:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Desktop\backups
[2010/04/16 20:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/04/16 20:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\My Documents\a-squared Free
[2010/04/16 20:42:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/16 20:42:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/16 20:42:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/16 20:41:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/16 20:40:19 | 074,121,968 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Thompson Insurance\Desktop\a2FreeSetup.exe
[2010/04/16 20:37:51 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Thompson Insurance\Desktop\HijackThis.exe
[2010/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/16 19:54:40 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Thompson Insurance\Desktop\HitmanPro35.exe
[2010/04/16 15:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\My Documents\Downloads
[2010/04/16 15:36:40 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/16 15:36:40 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/16 15:36:39 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/16 15:36:38 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/16 15:36:35 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/16 15:36:35 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/16 15:36:35 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/16 15:36:04 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/16 15:36:04 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/16 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/16 15:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/16 11:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/16 10:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/16 10:35:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/16 10:35:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/16 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/16 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/16 10:16:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/16 10:13:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/16 09:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/16 08:54:51 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/16 08:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/16 08:41:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/16 08:21:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/16 08:19:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/16 08:19:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/16 08:16:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 21:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/15 21:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/15 21:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/15 21:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Application Data\Sun
[2010/04/15 21:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/15 21:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/15 21:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/15 19:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/15 19:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Application Data\SUPERAntiSpyware.com
[2010/04/15 19:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/15 19:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Application Data\Malwarebytes
[2010/04/15 19:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/15 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/04/15 18:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/15 18:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/15 18:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\Western Digital
[2010/04/15 09:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\avG
[2010/04/14 09:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\avG
[2010/04/14 09:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/13 13:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/13 13:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/12 14:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/03 14:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/03 14:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/05 10:52:07 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[2008/09/05 10:52:07 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[2007/03/15 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/01/31 10:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2005/02/28 17:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/04/17 00:54:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8304665-2F87-4296-9734-BB2FA0D640B1}.job
[2010/04/17 00:37:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/16 23:07:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Thompson Insurance\Desktop\OTL.exe
[2010/04/16 23:03:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\Desktop\gmer.zip
[2010/04/16 22:45:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/16 22:45:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/16 22:45:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 22:45:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 22:44:18 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Thompson Insurance\NTUSER.DAT
[2010/04/16 22:44:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Thompson Insurance\ntuser.ini
[2010/04/16 22:43:55 | 005,367,552 | -H-- | M] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\IconCache.db
[2010/04/16 22:14:54 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FBB64FB1-BDAF-43F9-BF36-142543C81592}.job
[2010/04/16 20:52:46 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/04/16 20:40:28 | 074,121,968 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Thompson Insurance\Desktop\a2FreeSetup.exe
[2010/04/16 20:37:52 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Thompson Insurance\Desktop\HijackThis.exe
[2010/04/16 20:36:45 | 003,916,775 | R--- | M] () -- C:\Documents and Settings\Thompson Insurance\Desktop\ComboFix.exe
[2010/04/16 20:03:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/16 19:58:02 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/16 19:55:02 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/16 19:54:40 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Thompson Insurance\Desktop\HitmanPro35.exe
[2010/04/16 15:37:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/16 15:36:41 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/16 15:36:36 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/16 15:34:57 | 048,417,032 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\Desktop\setup_av_free.exe
[2010/04/16 11:03:16 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 10:23:46 | 000,001,856 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/16 08:54:50 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/16 08:33:12 | 000,000,239 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/16 08:06:36 | 000,000,314 | RHS- | M] () -- C:\boot.ini
[2010/04/15 22:10:38 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/15 22:04:45 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 21:48:48 | 000,036,576 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/15 21:17:30 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 18:55:14 | 000,013,702 | -HS- | M] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\4ML87
[2010/04/15 18:55:14 | 000,013,702 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4ML87
[2010/04/15 18:40:41 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\Desktop\CCleaner.lnk
[2010/04/15 09:39:23 | 000,000,687 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/14 14:14:20 | 000,016,884 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2
[2010/04/14 14:04:42 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\My Documents\THOMPSON & SHUMATE CONTRACT-#32.doc
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/13 09:54:10 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\My Documents\E. Dean Nuckles.lwp
[2010/04/13 09:53:36 | 000,015,548 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\My Documents\CARY'S COMMISSION.lwp
[2010/04/12 11:51:46 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\My Documents\TWILIGHT DEVELOPMENT-MAR, 2010.doc
[2010/04/06 11:22:26 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Thompson Insurance\My Documents\MONTHLY RENT PAYMENTS 2010.doc
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/04/16 23:03:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\Desktop\gmer.exe
[2010/04/16 23:03:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\Desktop\gmer.zip
[2010/04/16 20:52:45 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2010/04/16 20:42:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/16 20:42:53 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/16 20:36:36 | 003,916,775 | R--- | C] () -- C:\Documents and Settings\Thompson Insurance\Desktop\ComboFix.exe
[2010/04/16 19:55:19 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/16 19:55:02 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/16 15:37:42 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/04/16 15:36:41 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/16 15:34:47 | 048,417,032 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\Desktop\setup_av_free.exe
[2010/04/16 11:54:41 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F8304665-2F87-4296-9734-BB2FA0D640B1}.job
[2010/04/16 11:03:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/16 11:02:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/16 10:23:46 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/16 08:21:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/16 08:21:07 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/16 08:19:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/16 08:19:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/16 08:19:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/15 22:04:45 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 21:30:31 | 000,000,448 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FBB64FB1-BDAF-43F9-BF36-142543C81592}.job
[2010/04/14 14:04:42 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\My Documents\THOMPSON & SHUMATE CONTRACT-#32.doc
[2010/04/14 11:12:53 | 000,016,884 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\50vGiJ1FW7x2
[2010/04/14 11:12:53 | 000,016,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\50vGiJ1FW7x2
[2010/04/14 09:02:10 | 000,013,702 | -HS- | C] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\4ML87
[2010/04/13 13:38:06 | 000,013,702 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4ML87
[2010/04/13 13:38:06 | 000,013,522 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ML87
[2010/04/12 11:51:46 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\My Documents\TWILIGHT DEVELOPMENT-MAR, 2010.doc
[2007/02/13 11:02:37 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\fusioncache.dat
[2005/09/14 12:30:53 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/26 12:23:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/25 13:42:26 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\LuResult.txt
[2005/01/11 18:02:33 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2005/01/11 18:02:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2004/07/28 15:05:35 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/06/07 15:15:30 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/07 15:15:30 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/02/16 15:38:39 | 000,176,594 | ---- | C] () -- C:\Documents and Settings\Thompson Insurance\~
[2004/02/16 14:05:46 | 000,000,713 | ---- | C] () -- C:\WINDOWS\IHEALTH.INI
[2004/02/16 14:05:45 | 000,000,346 | ---- | C] () -- C:\WINDOWS\valuterm.ini
[2004/02/16 14:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/02/16 13:44:56 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Fdfacx.dll
[2004/02/16 13:44:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2004/02/16 13:44:55 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[2004/02/14 14:59:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/14 14:14:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/13 17:46:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Thompson Insurance\ntuser.dat.LOG
[2004/02/13 17:46:26 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Thompson Insurance\ntuser.ini
[2004/02/13 17:46:25 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\Thompson Insurance\NTUSER.DAT
========== LOP Check ========== [2010/04/16 15:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/14 09:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2007/01/30 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/04/16 19:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/15 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/22 19:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thompson Insurance\Application Data\GetRightToGo
[2004/07/19 16:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thompson Insurance\Application Data\Leadertech
[2010/04/15 21:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Thompson Insurance\Application Data\Viewpoint
[2010/04/17 00:54:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8304665-2F87-4296-9734-BB2FA0D640B1}.job
[2010/04/16 22:14:54 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FBB64FB1-BDAF-43F9-BF36-142543C81592}.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/22 09:03:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/22 09:03:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/22 09:03:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/22 09:03:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/08/06 20:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\wuapi.dll
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2004/02/13 12:02:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/02/13 12:02:28 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/02/13 12:02:28 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\drivers\*.sys /90 >[2010/04/14 12:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/04/14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/04/14 12:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/04/14 12:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/04/14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/04/14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/04/14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/16 19:58:02 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/04/16 06:44:29 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\PCIIde.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/04/16 08:54:50 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys
< End of report >
OTL Extras logfile created on: 4/17/2010 12:49:12 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Thompson Insurance\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 27.17 Gb Free Space | 72.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OFFICE-PC
Current User Name: Thompson Insurance
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Fipsco Life Portraits\AHL\AHLWebServer.exe" = C:\Fipsco Life Portraits\AHL\AHLWebServer.exe:*:Enabled:AHLWebServer -- (Fiserv)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AB6D4F3-B460-408B-9ED5-8AAAA8CB5A68}" = Golden Rule Individual Health 12.1
"{0EB9D057-5811-45A1-A2A1-E141AE62FAAB}" = AllApp - LPES
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{81463B08-A929-4125-A5F4-1B053AC35A09}" = Microsoft IntelliType Pro 5.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All Products" = All Products
"AllApp" = AllApp
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"a-squared Free_is1" = a-squared Free 4.5
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CXT1034" = SUPRAMAX V.92 PCI PRO
"Defraggler" = Defraggler
"FaxTalk Communicator 4.5" = FaxTalk Communicator 4.5
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"Prospector Version 6.0" = Prospector Version 6.0
"Prospector Version 6.1" = Prospector Version 6.1
"Prospector Version 6.2.0" = Prospector Version 6.2.0
"Prospector Version 6.3.0" = Prospector Version 6.3.0
"Prospector Version 6.4.0" = Prospector Version 6.4.0
"Prospector Version 6.4.7" = Prospector Version 6.4.7
"Prospector Version 7.0.0" = Prospector Version 7.0.0
"Prospector Version 7.1.0" = Prospector Version 7.1.0
"Prospector Version 7.2.0" = Prospector Version 7.2.0
"Prospector Version 7.3.0" = Prospector Version 7.3.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinZip" = WinZip
"WorldIns" = WorldIns
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/5/2009 3:02:12 PM | Computer Name = OFFICE-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18852, fault address 0x0029af2b.
Error - 3/2/2010 10:29:36 AM | Computer Name = OFFICE-PC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6856.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.
Error - 4/15/2010 6:41:23 PM | Computer Name = OFFICE-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: The connection with the server was terminated abnormally
Error - 4/15/2010 8:40:49 PM | Computer Name = OFFICE-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10e.ocx, version 10.0.45.2, fault address 0x0009cfdb.
Error - 4/16/2010 3:22:51 AM | Computer Name = OFFICE-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10e.ocx, version 10.0.45.2, fault address 0x000e6dea.
Error - 4/16/2010 10:47:17 AM | Computer Name = OFFICE-PC | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\Thompson Insurance\Desktop\Symantec
Antivirus 11.05 with Registry Fix\SEP\Symantec AntiVirus.msi is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.
Error - 4/16/2010 3:20:48 PM | Computer Name = OFFICE-PC | Source = MsiInstaller | ID = 10005
Description = Product: Symantec Endpoint Protection -- Symantec Endpoint Protection
has detected that there are pending system changes that require a reboot. Please
reboot the system and rerun the installation.
Error - 4/16/2010 3:21:10 PM | Computer Name = OFFICE-PC | Source = MsiInstaller | ID = 10005
Description = Product: Symantec Endpoint Protection -- Symantec Endpoint Protection
has detected that there are pending system changes that require a reboot. Please
reboot the system and rerun the installation.
Error - 4/16/2010 3:35:16 PM | Computer Name = OFFICE-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: The connection with the server was terminated abnormally
Error - 4/16/2010 3:35:17 PM | Computer Name = OFFICE-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <
http://www.download....uthrootseq.txt> with error: This network connection does not exist.
[ System Events ]
Error - 4/16/2010 8:51:47 PM | Computer Name = OFFICE-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 4/16/2010 8:52:04 PM | Computer Name = OFFICE-PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 4/16/2010 8:52:09 PM | Computer Name = OFFICE-PC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 4/16/2010 8:59:34 PM | Computer Name = OFFICE-PC | Source = Service Control Manager | ID = 7031
Description = The a-squared Free Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 4/16/2010 10:45:21 PM | Computer Name = OFFICE-PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 4/16/2010 10:45:26 PM | Computer Name = OFFICE-PC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
Error - 4/16/2010 10:45:31 PM | Computer Name = OFFICE-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 4/16/2010 10:45:31 PM | Computer Name = OFFICE-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 4/17/2010 12:49:29 AM | Computer Name = OFFICE-PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 4/17/2010 12:49:30 AM | Computer Name = OFFICE-PC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
< End of report >