My System Information:
eMachines
T3065
AMD Athlon XP 3000+
2.17 GHz, 448 MB of RAM
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/11/2010 8:49:25 PM
mbam-log-2010-06-11 (20-49-25).txt
Scan type: Full scan (C:\|)
Objects scanned: 181883
Time elapsed: 46 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL Extras logfile created on: 6/13/2010 11:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.00 Mb Total Physical Memory | 106.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 130.03 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.67 Gb Total Space | 0.11 Gb Free Space | 1.40% Space Free | Partition Type: FAT32
Computer Name: YOUR-W7NFSBJPH3
Current User Name: Valued Customer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7B3391-B64A-4157-B54F-60C50FE2BD39}" = SymNet
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD62878E-7631-4D9D-9983-6F30DA4D7FF8}" = Canon iP6220D Memory Card Utility
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP7C.DLL" = Canon iP6220D
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DirectPrintUserGuide" = Canon Direct Print User Guide
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{6262DC06-FC0A-4EF1-9876-AA92EDA3188C}" = IOI Multimedia Card Reader
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"League Manager 2005" = League Manager 2005
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickTime" = QuickTime
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Microsoft Links LS 2000" = Microsoft Links LS 2000
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/12/2010 4:39:29 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/12/2010 5:58:07 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/12/2010 6:40:26 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/12/2010 7:30:11 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Google Update | ID = 20
Description =
Error - 6/12/2010 8:27:33 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/12/2010 8:30:06 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Google Update | ID = 20
Description =
Error - 6/12/2010 9:06:53 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/12/2010 9:30:10 PM | Computer Name = YOUR-W7NFSBJPH3 | Source = Google Update | ID = 20
Description =
Error - 6/13/2010 10:16:59 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 6/13/2010 10:30:06 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 6/13/2010 10:17:40 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd
Error - 6/13/2010 10:17:42 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd
Error - 6/13/2010 10:17:44 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).
Error - 6/13/2010 10:18:07 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 6/13/2010 10:18:07 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).
Error - 6/13/2010 10:18:34 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd
Error - 6/13/2010 10:18:37 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 6/13/2010 10:18:37 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952450 (0x80072742).
Error - 6/13/2010 10:19:07 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 6/13/2010 10:37:32 AM | Computer Name = YOUR-W7NFSBJPH3 | Source = Service Control Manager | ID = 7003
Description = The Network Location Awareness (NLA) service depends on the following
nonexistent service: Afd
< End of report >
OTL logfile created on: 6/13/2010 11:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Valued Customer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.00 Mb Total Physical Memory | 106.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 130.03 Gb Free Space | 87.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7.67 Gb Total Space | 0.11 Gb Free Space | 1.40% Space Free | Partition Type: FAT32
Computer Name: YOUR-W7NFSBJPH3
Current User Name: Valued Customer
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/12 19:41:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/05/05 21:41:14 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
========== Modules (SafeList) ==========
MOD - [2010/06/12 19:41:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/08/04 11:20:16 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/05/05 21:41:14 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/02/09 20:06:33 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100609.022\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/19 23:02:58 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20100604.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/03/17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/09 22:56:51 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/31 21:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/01/31 21:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/01/31 21:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2005/12/26 17:28:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/22 10:41:46 | 000,413,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce
DRV - [2004/10/22 10:38:28 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce
DRV - [2003/11/13 22:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/13 22:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 22:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/10 15:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/10/06 17:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/08/15 22:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/19 18:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/16 18:21:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 23:02:39 | 000,000,000 | ---D | M]
[2009/01/11 11:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Extensions
[2010/06/07 21:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\5l8w9y67.default\extensions
[2009/09/03 21:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\5l8w9y67.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 19:21:49 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\5l8w9y67.default\searchplugins\bing.xml
[2010/06/07 21:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/06/11 06:19:05 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1113242691845 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/02/06 22:07:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/02/06 22:07:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/06/12 21:13:48 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2010/06/12 21:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/12 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/12 21:08:33 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Valued Customer\Desktop\erunt_setup.exe
[2010/06/11 00:39:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/11 00:39:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/11 00:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/10 20:37:18 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/06/10 06:25:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Valued Customer\Recent
[2010/06/09 23:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Application Data\Malwarebytes
[2010/06/09 23:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/09 22:48:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/09 22:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/09 22:19:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/09 22:19:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/09 22:06:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/09 21:27:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Valued Customer\PrivacIE
[2010/06/09 21:19:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Valued Customer\IETldCache
[2010/06/09 21:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/09 21:03:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/08 19:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Desktop\CS Saved PFC
[2010/06/08 18:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/08 18:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/08 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/08 18:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/08 17:59:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/07 22:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/07 20:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Threat Expert
[2010/06/07 15:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/05 18:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/05 18:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/04 21:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/04 21:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/04 21:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\twmxltiot
========== Files - Modified Within 90 Days ==========
[2010/06/13 10:30:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/13 10:17:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/13 10:16:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/13 10:16:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 10:16:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/12 21:45:41 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Valued Customer\ntuser.dat
[2010/06/12 21:45:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Valued Customer\ntuser.ini
[2010/06/12 21:45:27 | 003,776,796 | -H-- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\IconCache.db
[2010/06/12 21:09:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\NTREGOPT.lnk
[2010/06/12 21:09:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\ERUNT.lnk
[2010/06/12 19:52:50 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\HiJackThis.msi
[2010/06/12 19:41:10 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Valued Customer\Desktop\OTL.exe
[2010/06/12 19:40:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Valued Customer\Desktop\erunt_setup.exe
[2010/06/12 19:09:12 | 000,508,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 19:09:12 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 19:09:12 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 23:24:00 | 000,000,576 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Valued Customer.job
[2010/06/11 06:19:05 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/11 00:39:29 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/11 00:06:06 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 04:00:26 | 000,212,834 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\cc_20100610_040023.reg
[2010/06/09 22:48:12 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 22:03:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/08 20:45:25 | 000,402,932 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/06/08 20:34:38 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/08 19:48:44 | 000,402,932 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-204525.backup
[2010/06/08 19:47:40 | 000,402,932 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-194843.backup
[2010/06/08 19:13:26 | 000,000,004 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/06/08 18:55:04 | 000,074,796 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\cc_20100608_185456.reg
[2010/06/08 18:41:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\Spybot - Search & Destroy.lnk
[2010/06/08 18:36:41 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Valued Customer\Desktop\CCleaner.lnk
[2010/06/08 18:15:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/08 18:15:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/07 22:18:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/02 22:13:57 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/23 16:44:12 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\SUNY Albany.doc
[2010/05/21 17:01:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Valued Customer\My Documents\Doc1.doc
[2010/05/15 22:34:58 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010/06/12 21:13:52 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\HiJackThis.msi
[2010/06/12 21:09:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\NTREGOPT.lnk
[2010/06/12 21:09:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\ERUNT.lnk
[2010/06/11 06:28:49 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Valued Customer\reset.log
[2010/06/11 00:39:29 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/11 00:06:04 | 000,107,596 | ---- | C] () -- C:\toolkit_widget.gif
[2010/06/10 04:00:25 | 000,212,834 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\cc_20100610_040023.reg
[2010/06/08 20:34:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/08 19:10:40 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/06/08 18:55:01 | 000,074,796 | ---- | C] () -- C:\Documents and Settings\Valued Customer\My Documents\cc_20100608_185456.reg
[2010/06/08 18:41:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\Spybot - Search & Destroy.lnk
[2010/06/08 18:36:39 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Valued Customer\Desktop\CCleaner.lnk
[2010/06/07 22:18:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/07 17:26:59 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/05/15 22:34:58 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2008/07/08 11:54:54 | 000,000,146 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/30 14:24:25 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7C.DLL
[2006/01/02 10:09:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/29 17:42:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/04/19 20:25:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/03/23 22:53:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2005/03/23 22:53:56 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/02/07 00:23:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/06 23:41:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/02/06 23:40:09 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/02/06 23:40:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2003/02/06 22:48:54 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/02/06 22:48:18 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/02/06 20:48:57 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\nvwrsda.dll
[2003/02/06 20:48:50 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/02/06 20:48:44 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/02/06 20:48:37 | 000,001,094 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/02/06 20:48:37 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
========== LOP Check ==========
[2006/12/30 14:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/06/11 23:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/08/11 14:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/08 19:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Aim
[2003/02/06 22:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\InterTrust
[2007/03/09 23:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Valued Customer\Application Data\Viewpoint
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2003/02/06 22:07:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/10 23:15:11 | 000,000,760 | ---- | M] () -- C:\avenger.txt
[2010/06/08 18:15:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2003/02/06 22:07:54 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2003/02/06 22:07:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/02/06 23:35:55 | 000,001,163 | -H-- | M] () -- C:\IPH.PH
[2003/02/06 22:07:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/05/01 15:13:29 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/09 22:03:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/13 10:16:42 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2008/04/30 18:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/05/07 01:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7C.DLL
[2005/05/07 01:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2003/02/06 13:56:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/06 13:56:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/06 13:56:08 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 4870 bytes -> C:\WINDOWS\msdfmap(2).ini:bltrvu
@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:17:45 AM, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113242691845
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate1c99060f4e0d8ea) (gupdate1c99060f4e0d8ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7419 bytes