Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware problems

Started by gcsmom , Nov 07 2011 10:10 PM

This topic is locked

#1
gcsmom

Posted 07 November 2011 - 10:10 PM

New Member

Member
7 posts

Machine is slow to download. Unable to run some programs. I ran MBAM and it found 200 infections. I have the log if you need it. Then I ran full scan with security essentials and it found 1 trojan. I have a program that requires to log into a server and it will not allow me to log in.

Here is my OTL scan.

Thanks for your help.

OTL logfile created on: 11/7/2011 9:56:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\watfordm\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.39% Memory free
2.58 Gb Paging File | 1.79 Gb Available in Paging File | 69.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 46.81 Gb Free Space | 62.86% Space Free | Partition Type: NTFS

Computer Name: BOOKKEEPER | User Name: watfordm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
PRC - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/03 12:43:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/09 19:13:30 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/06/15 07:43:20 | 000,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/03 12:43:30 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/09 09:07:40 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/10 12:34:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/06/10 10:44:34 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/06/10 10:44:06 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/06/15 07:42:34 | 000,053,248 | ---- | M] () -- C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll
MOD - [2004/08/10 12:12:50 | 003,379,200 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4fec348e\mscorlib.dll
MOD - [2004/08/10 12:12:44 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e0199e65\system.drawing.dll
MOD - [2004/08/10 12:12:34 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b3205b38\system.xml.dll
MOD - [2004/08/10 12:12:24 | 003,014,656 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6e7aff8e\system.windows.forms.dll
MOD - [2004/08/10 12:12:10 | 001,953,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1d2ef50\system.dll
MOD - [2004/08/10 12:11:14 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2004/08/10 12:11:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/08/10 12:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/10 12:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/08/10 12:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2004/08/10 12:11:10 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2001/10/11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
MOD - [2001/07/03 08:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2011/11/07 16:04:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410A60A5-97EF-4C2F-BFA5-44A2B01734B4}\MpKsl40c2d76a.sys -- (MpKsl40c2d76a)
DRV - [2011/10/07 07:14:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/06/12 04:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/11/08 07:55:24 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2005/08/17 05:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/09 05:11:00 | 000,116,192 | R--- | M] (ALinx Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\m4301A.sys -- (m4301a)
DRV - [2004/08/24 07:52:42 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2004/08/24 07:52:28 | 000,042,944 | ---- | M] (LapLink, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\sftser.sys -- (SFTSER)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dir&o=13735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dir&o=13735"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.100006
FF - prefs.js..keyword.URL: "http://websearch.ask...=gog193YYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\watfordm\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 08:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 12:43:32 | 000,000,000 | ---D | M]

[2009/01/13 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Extensions
[2011/11/07 09:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions
[2011/08/16 10:31:37 | 000,000,000 | ---D | M] ("Dictionary.com Toolbar") -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions\[email protected]
[2011/11/07 09:09:20 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\searchplugins\askcom.xml
[2011/11/07 09:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 11:15:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/01/28 14:09:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/11/07 20:57:52 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\system32\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\system32\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\windows\Java\classes\xmldso4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EAF5842-A45B-473B-8877-EC1FF81C91EC}: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82D19843-52B9-4273-A1CD-52334514E068}: DhcpNameServer = 68.1.208.30 68.109.202.25 68.1.18.25
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 19:14:12 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/23 19:21:32 | 000,000,293 | ---- | M] () - C:\AUTOEXEC.B~2 -- [ NTFS ]
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{9086d896-f718-11db-ab43-0012179856e9}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 21:54:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 15:07:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/07 15:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/07 15:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\watfordm\Application Data\Malwarebytes
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/07 15:03:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/07 15:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 14:30:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 14:20:16 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe

========== Files - Modified Within 30 Days ==========

[2011/11/07 22:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 20:57:52 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/07 15:12:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 15:08:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/07 15:07:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 15:03:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 15:03:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:32:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/07 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 13:15:36 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\EMAIL.lnk
[2011/11/07 10:46:30 | 000,000,960 | ---- | M] () -- C:\FIFTH
[2011/11/07 10:39:02 | 076,808,192 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.TLG
[2011/11/07 10:39:02 | 016,285,696 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW
[2011/11/07 10:39:02 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.ND
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2011/11/03 09:50:00 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\watfordm\default.pls
[2011/11/03 09:47:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/01 13:10:32 | 000,001,920 | ---- | M] () -- C:\FIRSTDRA
[2011/10/31 06:43:28 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/31 06:43:28 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/25 09:21:30 | 000,000,960 | ---- | M] () -- C:\EXTRA
[2011/10/24 09:03:15 | 000,000,960 | ---- | M] () -- C:\FINAL
[2011/10/19 15:45:37 | 000,000,960 | ---- | M] () -- C:\MIDMONTH
[2011/10/18 12:31:45 | 000,000,321 | ---- | M] () -- C:\WINDOWS\PVX.INI
[2011/10/18 12:19:52 | 000,000,486 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/17 12:31:27 | 000,004,800 | ---- | M] () -- C:\FIFTEENT
[2011/10/10 09:12:03 | 000,001,920 | ---- | M] () -- C:\TENTH

========== Files Created - No Company Name ==========

[2011/11/07 15:12:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 15:07:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/07 15:03:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:59:05 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/09/08 07:37:22 | 000,000,156 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/06/10 10:45:37 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/10 10:42:33 | 006,441,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/26 09:24:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/01/14 14:45:48 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2009/08/13 08:02:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/02/16 11:32:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/09 14:14:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/09 14:13:00 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/01 09:44:45 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/20 14:52:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 08:11:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\fusioncache.dat
[2007/07/18 10:39:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/07/18 10:39:17 | 000,001,343 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/07/18 10:31:53 | 000,093,130 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2007/07/18 10:31:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2006/09/07 11:55:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UPWIZUN.EXE
[2006/09/07 11:55:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\VCMUI.EXE
[2006/09/07 11:55:43 | 000,041,973 | ---- | C] () -- C:\WINDOWS\WININIT.EXE
[2006/09/07 11:55:25 | 000,045,379 | ---- | C] () -- C:\WINDOWS\SMARTDRV.EXE
[2006/09/07 11:55:24 | 000,018,939 | ---- | C] () -- C:\WINDOWS\SETVER.EXE
[2006/09/07 11:55:23 | 000,012,663 | ---- | C] () -- C:\WINDOWS\RAMDRIVE.SYS
[2006/09/07 11:55:23 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/09/07 11:55:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/07 11:55:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PIDSET.EXE
[2006/09/07 11:55:22 | 000,027,616 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2006/09/07 11:53:28 | 000,122,936 | ---- | C] () -- C:\WINDOWS\MSOWS409.DLL
[2006/09/07 11:53:28 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/09/07 11:53:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2006/09/07 11:53:27 | 000,129,080 | ---- | C] () -- C:\WINDOWS\LOGOW.SYS
[2006/09/07 11:53:27 | 000,129,078 | ---- | C] () -- C:\WINDOWS\LOGOS.SYS
[2006/09/07 11:53:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MM2ENT.EXE
[2006/09/07 11:53:27 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
[2006/09/07 11:53:25 | 000,012,626 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/09/07 11:53:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2006/09/07 11:53:22 | 000,003,708 | ---- | C] () -- C:\WINDOWS\IFSHLP.SYS
[2006/09/07 11:53:21 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/09/07 11:53:19 | 000,033,191 | ---- | C] () -- C:\WINDOWS\HIMEM.SYS
[2006/09/07 11:53:18 | 000,125,495 | ---- | C] () -- C:\WINDOWS\EMM386.EXE
[2006/09/07 11:53:18 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/09/07 11:53:17 | 000,089,147 | ---- | C] () -- C:\WINDOWS\DOSREP.EXE
[2006/09/07 11:53:17 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/09/07 11:53:17 | 000,002,614 | ---- | C] () -- C:\WINDOWS\DBLBUFF.SYS
[2006/09/07 11:53:12 | 000,024,626 | ---- | C] () -- C:\WINDOWS\CMD640X.SYS
[2006/09/07 11:53:12 | 000,020,901 | ---- | C] () -- C:\WINDOWS\CMD640X2.SYS
[2006/09/07 11:53:10 | 000,001,105 | ---- | C] () -- C:\WINDOWS\ASPI2HLP.SYS
[2006/09/07 11:45:50 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2006/09/07 11:45:48 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\WINALI.INI
[2006/09/07 11:45:48 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\WINALX.INI
[2006/09/07 11:45:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2006/09/07 11:45:34 | 000,056,057 | ---- | C] () -- C:\WINDOWS\System32\UNICODE.BIN
[2006/09/07 11:45:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SUCATREG.EXE
[2006/09/07 11:45:19 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\REBOOT.COM
[2006/09/07 11:45:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2006/09/07 11:45:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll
[2006/09/07 11:44:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2006/09/07 11:44:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2006/09/07 11:44:45 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2006/09/07 11:44:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL
[2006/09/07 11:44:38 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2006/09/07 11:44:25 | 000,014,696 | ---- | C] () -- C:\WINDOWS\System32\CONAGENT.EXE
[2006/09/07 11:44:22 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll
[2006/09/07 11:13:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/07 11:13:59 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/09/07 11:03:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2006/09/07 10:57:07 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\wlan.ini
[2006/09/06 13:27:56 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/26 10:52:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 10:32:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/26 10:32:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 04:36:30 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006/06/12 04:36:30 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,357,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/17 11:45:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2001/08/14 12:06:44 | 000,000,639 | ---- | C] () -- C:\WINDOWS\FINDIT32.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/30 14:14:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/10/17 07:32:44 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\QBTMRUTL.DLL
[2000/10/17 07:32:41 | 000,000,098 | ---- | C] () -- C:\WINDOWS\QBTIMER.INI
[2000/10/17 07:23:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2000/10/17 07:22:59 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/10/08 06:58:49 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BVRPWF.DLL
[1999/10/08 06:57:28 | 000,000,309 | ---- | C] () -- C:\WINDOWS\HPPTA.INI
[1999/10/08 06:56:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[1999/10/07 09:48:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[1999/10/07 08:50:06 | 000,009,030 | ---- | C] () -- C:\WINDOWS\hh.dat
[1999/10/05 07:01:15 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\MOUSEDRV.INI
[1999/10/01 10:47:49 | 000,000,244 | ---- | C] () -- C:\WINDOWS\FRX.INI
[1999/10/01 09:36:37 | 000,000,321 | ---- | C] () -- C:\WINDOWS\PVX.INI
[1999/10/01 09:36:34 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\90WRES32.DLL
[1999/10/01 09:36:34 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[1999/09/30 08:11:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[1999/09/30 08:10:48 | 000,002,158 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[1999/09/30 08:10:44 | 000,000,415 | ---- | C] () -- C:\WINDOWS\prntname.ini
[1999/09/30 08:10:10 | 000,000,076 | ---- | C] () -- C:\WINDOWS\tmprn.ini
[1999/09/29 12:44:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[1999/09/23 19:19:12 | 000,029,696 | ---- | C] () -- C:\WINDOWS\desinst32.exe
[1999/09/23 19:19:12 | 000,010,208 | ---- | C] () -- C:\WINDOWS\System32\BVRPWFU.drv
[1999/09/23 19:19:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Wgedit.ini
[1999/09/23 19:13:07 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[1999/09/23 19:12:44 | 000,229,408 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[1999/09/23 19:11:47 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[1999/09/23 19:10:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\5631_SWC.INI
[1999/09/23 19:10:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\5631_HWC.INI
[1999/09/23 19:10:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\9770P.INI
[1999/09/23 19:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[1999/09/23 19:08:30 | 000,000,283 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[1999/09/23 19:08:22 | 000,034,543 | ---- | C] () -- C:\WINDOWS\NBTSTAT.EXE
[1999/09/23 19:08:22 | 000,004,809 | ---- | C] () -- C:\WINDOWS\System32\LMSCRIPT.EXE
[1999/09/23 19:07:55 | 000,103,488 | ---- | C] () -- C:\WINDOWS\System32\ATITVOUT.DLL
[1999/09/23 19:07:55 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\ATITBDRV.SYS
[1999/09/23 19:07:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\ATITBDET.EXE
[1999/09/23 19:07:55 | 000,003,744 | ---- | C] () -- C:\WINDOWS\System32\ATITB.DLL
[1999/09/23 19:07:50 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\DAINST.EXE
[1999/09/23 19:07:49 | 000,006,140 | ---- | C] () -- C:\WINDOWS\NDISHLP.SYS
[1999/09/23 19:07:48 | 000,014,952 | ---- | C] () -- C:\WINDOWS\PROTMAN.EXE
[1999/09/23 19:07:39 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TCAUM90X.DLL
[1999/09/23 19:07:39 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT16.DLL
[1999/09/23 19:07:39 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT32.DLL
[1999/09/23 19:07:35 | 002,417,445 | ---- | C] () -- C:\WINDOWS\System32\YDSXG.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/01/12 07:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/08/03 23:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1995/01/13 13:10:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/06/10 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/26 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/07 07:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/14 10:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/06/10 10:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/09/07 11:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2010/06/10 11:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/06/28 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Facebook
[2010/01/26 09:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\InterTrust
[2011/01/10 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Itfy
[2011/11/07 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Liexv
[2009/07/28 18:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Snapfish
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Spearit
[2010/10/29 09:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Stamps.com Internet Postage
[2011/11/07 15:12:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/07 22:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job

========== Purity Check ==========

< End of report >

OTL Extras wasn't sure if you wanted this so here it is.
OTL Extras logfile created on: 11/7/2011 9:56:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\watfordm\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.39% Memory free
2.58 Gb Paging File | 1.79 Gb Available in Paging File | 69.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 46.81 Gb Free Space | 62.86% Space Free | Partition Type: NTFS

Computer Name: BOOKKEEPER | User Name: watfordm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Laplink\FileMover\SFTHost.exe" = C:\Program Files\Laplink\FileMover\SFTHost.exe:*:Enabled:SFTHost Module -- (Laplink Software, Inc.)
"C:\Program Files\Laplink\PCmover\PCmover.exe" = C:\Program Files\Laplink\PCmover\PCmover.exe:*:Enabled:PCmover -- (Laplink Software Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{135BA9A6-495A-4FE9-B1A1-AB4DA449CAB1}" = hppLJP2015
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BC341BD-3736-45F0-B0E0-5664792AC528}" = HP Care Pack Core
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{561D20B1-766E-4EA5-8A1D-B7357D903673}" = hppIOFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5E55F3F1-2210-4CC9-A761-9E4B818D9FA7}" = HP Care Pack Products
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A178F2E-92F6-437C-A709-69685D1C0F2B}" = hppTLBXFXP2015
"{7FDD86DF-1023-460A-A20D-F329800DB266}" = FileMover
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB61D8C-D651-4D7C-80B4-C78676A0AF1F}" = hppusgP2015
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E65AAF02-3F36-4189-B8C3-E4B9A9040131}" = RenWeb.com
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"{F38D0F99-1BFC-47AB-AC36-8D9D43700CFB}" = hppManualsP2015
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3ComNicUnInstall" = 3Com NIC Diagnostics
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ATI Mach64 Display Driver" = ATI mach64 Display Driver
"Bookshelf 2k" = Bookshelf 2000
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Conexant HCF V.90/56K Modem" = MDP3880 PCI Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DellZone" = DellZone
"Google Desktop" = Google Desktop
"HP LaserJet 1100" = HP LaserJet 1100
"HP LaserJet P2015" = HP LaserJet P2015 Series 1.0
"HP PrecisionScan" = HP PrecisionScan
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"InstallShield_{7FDD86DF-1023-460A-A20D-F329800DB266}" = FileMover
"InstallShield_{EF1989B2-F482-49D3-BB19-7C81E3EAAB39}" = PCmover
"Iomega95" = Iomega Tools for Windows 95
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Modem Test" = Modem Test
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"PHONTOOLDeinstKey" = PhoneTools
"PROSet" = Intel® PRO Network Connections Drivers
"QuickBooks 2000" = QuickBooks Pro 2000
"TournamentBuilder" = Uninstall TournamentBuilder
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Works" = Microsoft Works 4.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"StudioWorks" = StudioWorks

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2011 12:29:02 PM | Computer Name = BOOKKEEPER | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 11/7/2011 5:07:45 PM | Computer Name = BOOKKEEPER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 11/7/2011 5:07:54 PM | Computer Name = BOOKKEEPER | Source = Microsoft Security Client | ID = 5000
Description =

Error - 11/7/2011 5:08:52 PM | Computer Name = BOOKKEEPER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f8f, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/7/2011 5:36:57 PM | Computer Name = BOOKKEEPER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072f8f, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/7/2011 6:06:03 PM | Computer Name = BOOKKEEPER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/7/2011 6:06:03 PM | Computer Name = BOOKKEEPER | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/7/2011 9:35:49 PM | Computer Name = BOOKKEEPER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 11/7/2011 11:22:52 PM | Computer Name = BOOKKEEPER | Source = MsiInstaller | ID = 11316
Description = Product: RenWeb.com -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\watfordm\My Documents\Downloads\Renweb.11.08.040[1].msi

Error - 11/7/2011 11:24:07 PM | Computer Name = BOOKKEEPER | Source = MsiInstaller | ID = 11316
Description = Product: RenWeb.com -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\watfordm\My Documents\Downloads\Renweb.11.08.040[1].msi

[ System Events ]
Error - 11/7/2011 5:49:57 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 11/7/2011 5:49:58 PM | Computer Name = BOOKKEEPER | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 11/7/2011 5:04:12 PM | Computer Name = BOOKKEEPER | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 11/7/2011 5:08:51 PM | Computer Name = BOOKKEEPER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f8f Error description:
A security error occurred

Error - 11/7/2011 5:36:56 PM | Computer Name = BOOKKEEPER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f8f Error description:
A security error occurred

< End of report >

#2
Essexboy

Posted 17 November 2011 - 01:49 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi my apologies for the delay and the error in replying to you. Not quite sure how that occured

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Please re-run OTL with the following script

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will only produce one log this time .

#3
gcsmom

Posted 17 November 2011 - 09:58 PM

New Member

Topic Starter
Member
7 posts

The first scan wouldn't complete. It had an error message so I took a screen shot and have it attached. I didn't know whether to run the OTL yet so I will wait on your reply.

Thanks,
gcsmom

Attached Files

screen shot.pdf 121.46KB 108 downloads

#4
Essexboy

Posted 18 November 2011 - 12:15 PM

GeekU Moderator

Retired Staff
69,964 posts

That showed me sufficient data - thank you

Yes continue with the OTL scan. There will only be one log this time

What site are you failing to login in at ? You can send me the details by PM if you wish

#5
gcsmom

Posted 18 November 2011 - 02:05 PM

New Member

Topic Starter
Member
7 posts

Here is the log. I will PM the other info.

Thanks

OTL logfile created on: 11/18/2011 1:58:18 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\watfordm\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.98% Memory free
2.58 Gb Paging File | 1.89 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 46.42 Gb Free Space | 62.34% Space Free | Partition Type: NTFS

Computer Name: BOOKKEEPER | User Name: watfordm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
PRC - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/09 19:13:30 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/06/15 07:43:20 | 000,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2010/11/09 19:12:50 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2010\boost_regex-vc90-mt-p-1_33.dll
MOD - [2010/06/10 12:34:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/06/10 10:44:34 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/06/10 10:44:06 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/06/15 07:42:34 | 000,053,248 | ---- | M] () -- C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll
MOD - [2004/08/10 12:12:50 | 003,379,200 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4fec348e\mscorlib.dll
MOD - [2004/08/10 12:12:44 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e0199e65\system.drawing.dll
MOD - [2004/08/10 12:12:34 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b3205b38\system.xml.dll
MOD - [2004/08/10 12:12:24 | 003,014,656 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6e7aff8e\system.windows.forms.dll
MOD - [2004/08/10 12:12:10 | 001,953,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1d2ef50\system.dll
MOD - [2004/08/10 12:11:14 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2004/08/10 12:11:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/08/10 12:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/10 12:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/08/10 12:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2004/08/10 12:11:10 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2001/10/11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
MOD - [2001/07/03 08:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - [2011/11/17 08:13:23 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91B8B097-D59B-42B9-B2F3-F452A2B97346}\MpKsl0379ec3e.sys -- (MpKsl0379ec3e)
DRV - [2011/10/07 07:14:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/06/12 04:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/11/08 07:55:24 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2005/08/17 05:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/09 05:11:00 | 000,116,192 | R--- | M] (ALinx Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\m4301A.sys -- (m4301a)
DRV - [2004/08/24 07:52:42 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2004/08/24 07:52:28 | 000,042,944 | ---- | M] (LapLink, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\sftser.sys -- (SFTSER)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dir&o=13735
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dir&o=13735"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.100008
FF - prefs.js..keyword.URL: "http://websearch.ask...=gog193YYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\watfordm\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 08:06:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 08:06:44 | 000,000,000 | ---D | M]

[2009/01/13 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Extensions
[2011/11/17 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions
[2011/11/10 07:56:40 | 000,000,000 | ---D | M] ("Dictionary.com Toolbar") -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions\[email protected]
[2011/11/17 16:00:17 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\searchplugins\askcom.xml
[2011/11/17 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 11:15:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/01/28 14:09:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

Hosts file not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3034127100-3866031748-3972779375-1007\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\system32\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\system32\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\windows\Java\classes\xmldso4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EAF5842-A45B-473B-8877-EC1FF81C91EC}: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82D19843-52B9-4273-A1CD-52334514E068}: DhcpNameServer = 68.1.208.30 68.109.202.25 68.1.18.25
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 19:14:12 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/23 19:21:32 | 000,000,293 | ---- | M] () - C:\AUTOEXEC.B~2 -- [ NTFS ]
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{9086d896-f718-11db-ab43-0012179856e9}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/17 14:55:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\watfordm\Desktop\aswMBR.exe
[2011/11/07 21:54:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 15:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/07 15:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\watfordm\Application Data\Malwarebytes
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/07 15:03:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/07 15:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 14:30:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 14:20:16 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe

========== Files - Modified Within 30 Days ==========

[2011/11/18 14:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/18 07:52:35 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\EMAIL.lnk
[2011/11/17 21:59:41 | 000,124,374 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\screen shot.pdf
[2011/11/17 16:20:17 | 077,856,768 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.TLG
[2011/11/17 16:20:17 | 016,285,696 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW
[2011/11/17 16:20:17 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.ND
[2011/11/17 14:57:33 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\watfordm\Desktop\aswMBR.exe
[2011/11/17 08:29:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/17 08:18:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/17 08:13:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/16 08:52:08 | 000,004,800 | ---- | M] () -- C:\FIFTEENT
[2011/11/10 14:09:21 | 000,001,920 | ---- | M] () -- C:\TENTH
[2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 15:08:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/07 15:03:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:32:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/07 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 10:46:30 | 000,000,960 | ---- | M] () -- C:\FIFTH
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2011/11/03 09:50:00 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\watfordm\default.pls
[2011/11/03 09:47:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/01 13:10:32 | 000,001,920 | ---- | M] () -- C:\FIRSTDRA
[2011/10/31 06:43:28 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/31 06:43:28 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/25 09:21:30 | 000,000,960 | ---- | M] () -- C:\EXTRA
[2011/10/24 09:03:15 | 000,000,960 | ---- | M] () -- C:\FINAL
[2011/10/19 15:45:37 | 000,000,960 | ---- | M] () -- C:\MIDMONTH

========== Files Created - No Company Name ==========

[2011/11/17 21:59:37 | 000,124,374 | ---- | C] () -- C:\Documents and Settings\watfordm\Desktop\screen shot.pdf
[2011/11/07 15:12:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 15:07:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/07 15:03:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:59:05 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/09/08 07:37:22 | 000,000,156 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/06/10 10:45:37 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/10 10:42:33 | 006,441,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/26 09:24:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/01/14 14:45:48 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2009/08/13 08:02:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/02/16 11:32:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/09 14:14:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/09 14:13:00 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/01 09:44:45 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/20 14:52:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 08:11:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\fusioncache.dat
[2007/07/18 10:39:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/07/18 10:39:17 | 000,001,343 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/07/18 10:31:53 | 000,093,130 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2007/07/18 10:31:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2006/09/07 11:55:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UPWIZUN.EXE
[2006/09/07 11:55:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\VCMUI.EXE
[2006/09/07 11:55:43 | 000,041,973 | ---- | C] () -- C:\WINDOWS\WININIT.EXE
[2006/09/07 11:55:25 | 000,045,379 | ---- | C] () -- C:\WINDOWS\SMARTDRV.EXE
[2006/09/07 11:55:24 | 000,018,939 | ---- | C] () -- C:\WINDOWS\SETVER.EXE
[2006/09/07 11:55:23 | 000,012,663 | ---- | C] () -- C:\WINDOWS\RAMDRIVE.SYS
[2006/09/07 11:55:23 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/09/07 11:55:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/07 11:55:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PIDSET.EXE
[2006/09/07 11:55:22 | 000,027,616 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2006/09/07 11:53:28 | 000,122,936 | ---- | C] () -- C:\WINDOWS\MSOWS409.DLL
[2006/09/07 11:53:28 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/09/07 11:53:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2006/09/07 11:53:27 | 000,129,080 | ---- | C] () -- C:\WINDOWS\LOGOW.SYS
[2006/09/07 11:53:27 | 000,129,078 | ---- | C] () -- C:\WINDOWS\LOGOS.SYS
[2006/09/07 11:53:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MM2ENT.EXE
[2006/09/07 11:53:27 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
[2006/09/07 11:53:25 | 000,012,626 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/09/07 11:53:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2006/09/07 11:53:22 | 000,003,708 | ---- | C] () -- C:\WINDOWS\IFSHLP.SYS
[2006/09/07 11:53:21 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/09/07 11:53:19 | 000,033,191 | ---- | C] () -- C:\WINDOWS\HIMEM.SYS
[2006/09/07 11:53:18 | 000,125,495 | ---- | C] () -- C:\WINDOWS\EMM386.EXE
[2006/09/07 11:53:18 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/09/07 11:53:17 | 000,089,147 | ---- | C] () -- C:\WINDOWS\DOSREP.EXE
[2006/09/07 11:53:17 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/09/07 11:53:17 | 000,002,614 | ---- | C] () -- C:\WINDOWS\DBLBUFF.SYS
[2006/09/07 11:53:12 | 000,024,626 | ---- | C] () -- C:\WINDOWS\CMD640X.SYS
[2006/09/07 11:53:12 | 000,020,901 | ---- | C] () -- C:\WINDOWS\CMD640X2.SYS
[2006/09/07 11:53:10 | 000,001,105 | ---- | C] () -- C:\WINDOWS\ASPI2HLP.SYS
[2006/09/07 11:45:50 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2006/09/07 11:45:48 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\WINALI.INI
[2006/09/07 11:45:48 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\WINALX.INI
[2006/09/07 11:45:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2006/09/07 11:45:34 | 000,056,057 | ---- | C] () -- C:\WINDOWS\System32\UNICODE.BIN
[2006/09/07 11:45:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SUCATREG.EXE
[2006/09/07 11:45:19 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\REBOOT.COM
[2006/09/07 11:45:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2006/09/07 11:45:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll
[2006/09/07 11:44:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2006/09/07 11:44:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2006/09/07 11:44:45 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2006/09/07 11:44:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL
[2006/09/07 11:44:38 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2006/09/07 11:44:25 | 000,014,696 | ---- | C] () -- C:\WINDOWS\System32\CONAGENT.EXE
[2006/09/07 11:44:22 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll
[2006/09/07 11:13:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/07 11:13:59 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/09/07 11:03:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2006/09/07 10:57:07 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\wlan.ini
[2006/09/06 13:27:56 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/26 10:52:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 10:32:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/26 10:32:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 04:36:30 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006/06/12 04:36:30 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,357,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/17 11:45:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2001/08/14 12:06:44 | 000,000,639 | ---- | C] () -- C:\WINDOWS\FINDIT32.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/30 14:14:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/10/17 07:32:44 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\QBTMRUTL.DLL
[2000/10/17 07:32:41 | 000,000,098 | ---- | C] () -- C:\WINDOWS\QBTIMER.INI
[2000/10/17 07:23:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2000/10/17 07:22:59 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/10/08 06:58:49 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BVRPWF.DLL
[1999/10/08 06:57:28 | 000,000,309 | ---- | C] () -- C:\WINDOWS\HPPTA.INI
[1999/10/08 06:56:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[1999/10/07 09:48:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[1999/10/07 08:50:06 | 000,009,030 | ---- | C] () -- C:\WINDOWS\hh.dat
[1999/10/05 07:01:15 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\MOUSEDRV.INI
[1999/10/01 10:47:49 | 000,000,244 | ---- | C] () -- C:\WINDOWS\FRX.INI
[1999/10/01 09:36:37 | 000,000,321 | ---- | C] () -- C:\WINDOWS\PVX.INI
[1999/10/01 09:36:34 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\90WRES32.DLL
[1999/10/01 09:36:34 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[1999/09/30 08:11:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[1999/09/30 08:10:48 | 000,002,158 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[1999/09/30 08:10:44 | 000,000,415 | ---- | C] () -- C:\WINDOWS\prntname.ini
[1999/09/30 08:10:10 | 000,000,076 | ---- | C] () -- C:\WINDOWS\tmprn.ini
[1999/09/29 12:44:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[1999/09/23 19:19:12 | 000,029,696 | ---- | C] () -- C:\WINDOWS\desinst32.exe
[1999/09/23 19:19:12 | 000,010,208 | ---- | C] () -- C:\WINDOWS\System32\BVRPWFU.drv
[1999/09/23 19:19:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Wgedit.ini
[1999/09/23 19:13:07 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[1999/09/23 19:12:44 | 000,229,408 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[1999/09/23 19:11:47 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[1999/09/23 19:10:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\5631_SWC.INI
[1999/09/23 19:10:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\5631_HWC.INI
[1999/09/23 19:10:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\9770P.INI
[1999/09/23 19:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[1999/09/23 19:08:30 | 000,000,283 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[1999/09/23 19:08:22 | 000,034,543 | ---- | C] () -- C:\WINDOWS\NBTSTAT.EXE
[1999/09/23 19:08:22 | 000,004,809 | ---- | C] () -- C:\WINDOWS\System32\LMSCRIPT.EXE
[1999/09/23 19:07:55 | 000,103,488 | ---- | C] () -- C:\WINDOWS\System32\ATITVOUT.DLL
[1999/09/23 19:07:55 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\ATITBDRV.SYS
[1999/09/23 19:07:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\ATITBDET.EXE
[1999/09/23 19:07:55 | 000,003,744 | ---- | C] () -- C:\WINDOWS\System32\ATITB.DLL
[1999/09/23 19:07:50 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\DAINST.EXE
[1999/09/23 19:07:49 | 000,006,140 | ---- | C] () -- C:\WINDOWS\NDISHLP.SYS
[1999/09/23 19:07:48 | 000,014,952 | ---- | C] () -- C:\WINDOWS\PROTMAN.EXE
[1999/09/23 19:07:39 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TCAUM90X.DLL
[1999/09/23 19:07:39 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT16.DLL
[1999/09/23 19:07:39 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT32.DLL
[1999/09/23 19:07:35 | 002,417,445 | ---- | C] () -- C:\WINDOWS\System32\YDSXG.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/01/12 07:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/08/03 23:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1995/01/13 13:10:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/06/10 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/26 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/18 03:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/14 10:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/06/10 10:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/09/07 11:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2010/06/10 11:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Spearit
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fox\Application Data\Spearit
[2010/06/28 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Facebook
[2010/01/26 09:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\InterTrust
[2011/01/10 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Itfy
[2011/11/07 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Liexv
[2009/07/28 18:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Snapfish
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Spearit
[2010/10/29 09:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Stamps.com Internet Postage
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\whiter\Application Data\Spearit
[2011/11/17 08:18:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/18 14:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[1999/06/22 16:26:04 | 000,109,057 | -H-- | M] () -- C:\ZTECH.EXE
[1999/06/28 12:03:52 | 000,143,658 | -H-- | M] () -- C:\ZZ.EXE

< MD5 for: EXPLORER.EXE >
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

#6
Essexboy

Posted 18 November 2011 - 02:15 PM

GeekU Moderator

Retired Staff
69,964 posts

You do need to update to SP3 and IE to IE8

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (Starware Screensavers Toolbar) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll File not found
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks, also allow the recovery console to be installed
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#7
gcsmom

Posted 22 November 2011 - 10:14 AM

New Member

Topic Starter
Member
7 posts

Things seem to be doing fine. Here are the logs.

Thanks,
gcsmom

OTL logfile created on: 11/22/2011 9:13:10 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\watfordm\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.35% Memory free
2.58 Gb Paging File | 1.91 Gb Available in Paging File | 74.18% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 46.41 Gb Free Space | 62.33% Space Free | Partition Type: NTFS

Computer Name: BOOKKEEPER | User Name: watfordm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 08:06:40 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
PRC - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/09 19:13:30 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/25 08:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/06/15 07:43:20 | 000,049,152 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2001/07/03 08:11:52 | 000,057,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/11 08:06:41 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/09 19:12:50 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2010\boost_regex-vc90-mt-p-1_33.dll
MOD - [2010/11/09 09:07:40 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/06/10 12:34:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010/06/10 10:44:34 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010/06/10 10:44:06 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2009/12/21 19:09:26 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/06/15 07:42:34 | 000,053,248 | ---- | M] () -- C:\Program Files\HP\ToolBoxFX\bin\NativeUtils.dll
MOD - [2004/08/10 12:12:50 | 003,379,200 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4fec348e\mscorlib.dll
MOD - [2004/08/10 12:12:44 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e0199e65\system.drawing.dll
MOD - [2004/08/10 12:12:34 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b3205b38\system.xml.dll
MOD - [2004/08/10 12:12:24 | 003,014,656 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6e7aff8e\system.windows.forms.dll
MOD - [2004/08/10 12:12:10 | 001,953,792 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b1d2ef50\system.dll
MOD - [2004/08/10 12:11:14 | 001,224,704 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2004/08/10 12:11:10 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/08/10 12:11:10 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2004/08/10 12:11:10 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2004/08/10 12:11:10 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2004/08/10 12:11:10 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2001/10/11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
MOD - [2001/07/03 08:17:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2001/07/03 08:17:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/07 07:14:34 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/07 07:13:57 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/04 11:07:56 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/09 17:53:00 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/06/25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl0379ec3e)
DRV - [2011/11/21 13:05:13 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1AB966C-8A28-4713-B5B1-18E976BEC81A}\MpKslf840a9e3.sys -- (MpKslf840a9e3)
DRV - [2011/10/07 07:14:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/06/25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/06/12 04:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/11/08 07:55:24 | 000,004,736 | ---- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2005/08/17 05:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/03/09 05:11:00 | 000,116,192 | R--- | M] (ALinx Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\m4301A.sys -- (m4301a)
DRV - [2004/08/24 07:52:42 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2004/08/24 07:52:28 | 000,042,944 | ---- | M] (LapLink, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\sftser.sys -- (SFTSER)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dir&o=13735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dir&o=13735"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.100008
FF - prefs.js..keyword.URL: "http://websearch.ask...=gog193YYUS&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\watfordm\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 08:06:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 08:06:44 | 000,000,000 | ---D | M]

[2009/01/13 15:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Extensions
[2011/11/17 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions
[2011/11/10 07:56:40 | 000,000,000 | ---D | M] ("Dictionary.com Toolbar") -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\extensions\[email protected]
[2011/11/21 12:56:49 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\searchplugins\askcom.xml
[2011/11/17 16:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/10 11:15:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/01/28 14:09:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/09/15 10:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/11/19 20:30:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\system32\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\system32\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://c:\windows\Java\classes\xmldso4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EAF5842-A45B-473B-8877-EC1FF81C91EC}: DhcpNameServer = 208.180.42.100 66.76.175.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82D19843-52B9-4273-A1CD-52334514E068}: DhcpNameServer = 68.1.208.30 68.109.202.25 68.1.18.25
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\watfordm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999/09/23 19:14:12 | 000,000,131 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/09/23 19:21:32 | 000,000,293 | ---- | M] () - C:\AUTOEXEC.B~2 -- [ NTFS ]
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4b59d8-d622-11db-ab26-0012179856e9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{9086d896-f718-11db-ab43-0012179856e9}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 20:30:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/17 14:55:03 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\watfordm\Desktop\aswMBR.exe
[2011/11/07 21:54:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 15:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/07 15:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\watfordm\Application Data\Malwarebytes
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/07 15:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/07 15:03:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/07 15:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 14:30:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 14:20:16 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe

========== Files - Modified Within 30 Days ==========

[2011/11/22 09:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/21 12:58:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/21 12:54:38 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\EMAIL.lnk
[2011/11/21 12:53:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 12:53:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/19 20:30:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/18 14:29:49 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.ND
[2011/11/18 14:29:48 | 077,856,768 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW.TLG
[2011/11/18 14:29:48 | 016,285,696 | R--- | M] () -- C:\Documents and Settings\watfordm\Desktop\Greenville Christian School.QBW
[2011/11/17 21:59:41 | 000,124,374 | ---- | M] () -- C:\Documents and Settings\watfordm\Desktop\screen shot.pdf
[2011/11/17 14:57:33 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\watfordm\Desktop\aswMBR.exe
[2011/11/16 08:52:08 | 000,004,800 | ---- | M] () -- C:\FIFTEENT
[2011/11/10 14:09:21 | 000,001,920 | ---- | M] () -- C:\TENTH
[2011/11/07 21:54:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\OTL.exe
[2011/11/07 15:08:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/07 15:03:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:32:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\watfordm\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/07 14:30:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\watfordm\Desktop\TFC.exe
[2011/11/07 10:46:30 | 000,000,960 | ---- | M] () -- C:\FIFTH
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
[2011/11/03 09:50:00 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\watfordm\default.pls
[2011/11/03 09:47:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/01 13:10:32 | 000,001,920 | ---- | M] () -- C:\FIRSTDRA
[2011/10/31 06:43:28 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/31 06:43:28 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/25 09:21:30 | 000,000,960 | ---- | M] () -- C:\EXTRA
[2011/10/24 09:03:15 | 000,000,960 | ---- | M] () -- C:\FINAL

========== Files Created - No Company Name ==========

[2011/11/17 21:59:37 | 000,124,374 | ---- | C] () -- C:\Documents and Settings\watfordm\Desktop\screen shot.pdf
[2011/11/07 15:12:50 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/07 15:07:34 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/07 15:03:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/07 14:59:05 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/09/08 07:37:22 | 000,000,156 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/06/10 10:45:37 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/10 10:42:33 | 006,441,320 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/26 09:24:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2010/01/14 14:45:48 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2009/08/13 08:02:34 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/02/16 11:32:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/09 14:14:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/09 14:13:00 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/01 09:44:45 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/09/20 14:52:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/08/20 08:11:41 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\watfordm\Local Settings\Application Data\fusioncache.dat
[2007/07/18 10:39:28 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/07/18 10:39:17 | 000,001,343 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/07/18 10:31:53 | 000,093,130 | ---- | C] () -- C:\WINDOWS\hppins05.dat
[2007/07/18 10:31:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\hppmdl05.dat
[2006/09/07 11:55:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UPWIZUN.EXE
[2006/09/07 11:55:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\VCMUI.EXE
[2006/09/07 11:55:43 | 000,041,973 | ---- | C] () -- C:\WINDOWS\WININIT.EXE
[2006/09/07 11:55:25 | 000,045,379 | ---- | C] () -- C:\WINDOWS\SMARTDRV.EXE
[2006/09/07 11:55:24 | 000,018,939 | ---- | C] () -- C:\WINDOWS\SETVER.EXE
[2006/09/07 11:55:23 | 000,012,663 | ---- | C] () -- C:\WINDOWS\RAMDRIVE.SYS
[2006/09/07 11:55:23 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2006/09/07 11:55:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/07 11:55:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PIDSET.EXE
[2006/09/07 11:55:22 | 000,027,616 | ---- | C] () -- C:\WINDOWS\PIDGEN.DLL
[2006/09/07 11:53:28 | 000,122,936 | ---- | C] () -- C:\WINDOWS\MSOWS409.DLL
[2006/09/07 11:53:28 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2006/09/07 11:53:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2006/09/07 11:53:27 | 000,129,080 | ---- | C] () -- C:\WINDOWS\LOGOW.SYS
[2006/09/07 11:53:27 | 000,129,078 | ---- | C] () -- C:\WINDOWS\LOGOS.SYS
[2006/09/07 11:53:27 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MM2ENT.EXE
[2006/09/07 11:53:27 | 000,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
[2006/09/07 11:53:25 | 000,012,626 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2006/09/07 11:53:25 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2006/09/07 11:53:22 | 000,003,708 | ---- | C] () -- C:\WINDOWS\IFSHLP.SYS
[2006/09/07 11:53:21 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2006/09/07 11:53:19 | 000,033,191 | ---- | C] () -- C:\WINDOWS\HIMEM.SYS
[2006/09/07 11:53:18 | 000,125,495 | ---- | C] () -- C:\WINDOWS\EMM386.EXE
[2006/09/07 11:53:18 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2006/09/07 11:53:17 | 000,089,147 | ---- | C] () -- C:\WINDOWS\DOSREP.EXE
[2006/09/07 11:53:17 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2006/09/07 11:53:17 | 000,002,614 | ---- | C] () -- C:\WINDOWS\DBLBUFF.SYS
[2006/09/07 11:53:12 | 000,024,626 | ---- | C] () -- C:\WINDOWS\CMD640X.SYS
[2006/09/07 11:53:12 | 000,020,901 | ---- | C] () -- C:\WINDOWS\CMD640X2.SYS
[2006/09/07 11:53:10 | 000,001,105 | ---- | C] () -- C:\WINDOWS\ASPI2HLP.SYS
[2006/09/07 11:45:50 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\XFILEXR.DLL
[2006/09/07 11:45:48 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\WINALI.INI
[2006/09/07 11:45:48 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\WINALX.INI
[2006/09/07 11:45:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\VIDX16.DLL
[2006/09/07 11:45:34 | 000,056,057 | ---- | C] () -- C:\WINDOWS\System32\UNICODE.BIN
[2006/09/07 11:45:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SUCATREG.EXE
[2006/09/07 11:45:19 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\REBOOT.COM
[2006/09/07 11:45:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NETBIOS.DLL
[2006/09/07 11:45:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\MSHLOCAL.dll
[2006/09/07 11:44:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2006/09/07 11:44:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ICMFILTER.DLL
[2006/09/07 11:44:45 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\ICMUPG.DLL
[2006/09/07 11:44:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\GROUPPOL.DLL
[2006/09/07 11:44:38 | 000,002,490 | ---- | C] () -- C:\WINDOWS\System32\DLCNDI.DLL
[2006/09/07 11:44:25 | 000,014,696 | ---- | C] () -- C:\WINDOWS\System32\CONAGENT.EXE
[2006/09/07 11:44:22 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\cmtool32.dll
[2006/09/07 11:13:59 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/07 11:13:59 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/09/07 11:03:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2006/09/07 10:57:07 | 000,000,525 | ---- | C] () -- C:\WINDOWS\System32\wlan.ini
[2006/09/06 13:27:56 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/26 10:52:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 10:32:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/07/26 10:32:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/06/12 04:36:30 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DLL
[2006/06/12 04:36:30 | 000,000,526 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.DAT
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,357,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/17 11:45:40 | 000,000,616 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2001/08/14 12:06:44 | 000,000,639 | ---- | C] () -- C:\WINDOWS\FINDIT32.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/01/30 14:14:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\winmine.ini
[2001/01/23 22:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/10/17 07:32:44 | 000,000,696 | ---- | C] () -- C:\WINDOWS\System32\QBTMRUTL.DLL
[2000/10/17 07:32:41 | 000,000,098 | ---- | C] () -- C:\WINDOWS\QBTIMER.INI
[2000/10/17 07:23:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2000/10/17 07:22:59 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2000/04/14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/10/08 06:58:49 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BVRPWF.DLL
[1999/10/08 06:57:28 | 000,000,309 | ---- | C] () -- C:\WINDOWS\HPPTA.INI
[1999/10/08 06:56:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[1999/10/07 09:48:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SOL.INI
[1999/10/07 08:50:06 | 000,009,030 | ---- | C] () -- C:\WINDOWS\hh.dat
[1999/10/05 07:01:15 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\MOUSEDRV.INI
[1999/10/01 10:47:49 | 000,000,244 | ---- | C] () -- C:\WINDOWS\FRX.INI
[1999/10/01 09:36:37 | 000,000,321 | ---- | C] () -- C:\WINDOWS\PVX.INI
[1999/10/01 09:36:34 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\90WRES32.DLL
[1999/10/01 09:36:34 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[1999/09/30 08:11:32 | 000,000,152 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[1999/09/30 08:10:48 | 000,002,158 | ---- | C] () -- C:\WINDOWS\FONTSMRT.INI
[1999/09/30 08:10:44 | 000,000,415 | ---- | C] () -- C:\WINDOWS\prntname.ini
[1999/09/30 08:10:10 | 000,000,076 | ---- | C] () -- C:\WINDOWS\tmprn.ini
[1999/09/29 12:44:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\MSIMGSIZ.DAT
[1999/09/23 19:19:12 | 000,029,696 | ---- | C] () -- C:\WINDOWS\desinst32.exe
[1999/09/23 19:19:12 | 000,010,208 | ---- | C] () -- C:\WINDOWS\System32\BVRPWFU.drv
[1999/09/23 19:19:12 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Wgedit.ini
[1999/09/23 19:13:07 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[1999/09/23 19:12:44 | 000,229,408 | RH-- | C] () -- C:\WINDOWS\HWINFO.DAT
[1999/09/23 19:11:47 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[1999/09/23 19:10:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\5631_SWC.INI
[1999/09/23 19:10:37 | 000,000,108 | ---- | C] () -- C:\WINDOWS\5631_HWC.INI
[1999/09/23 19:10:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\9770P.INI
[1999/09/23 19:09:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[1999/09/23 19:08:30 | 000,000,283 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[1999/09/23 19:08:22 | 000,034,543 | ---- | C] () -- C:\WINDOWS\NBTSTAT.EXE
[1999/09/23 19:08:22 | 000,004,809 | ---- | C] () -- C:\WINDOWS\System32\LMSCRIPT.EXE
[1999/09/23 19:07:55 | 000,103,488 | ---- | C] () -- C:\WINDOWS\System32\ATITVOUT.DLL
[1999/09/23 19:07:55 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\ATITBDRV.SYS
[1999/09/23 19:07:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\ATITBDET.EXE
[1999/09/23 19:07:55 | 000,003,744 | ---- | C] () -- C:\WINDOWS\System32\ATITB.DLL
[1999/09/23 19:07:50 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\DAINST.EXE
[1999/09/23 19:07:49 | 000,006,140 | ---- | C] () -- C:\WINDOWS\NDISHLP.SYS
[1999/09/23 19:07:48 | 000,014,952 | ---- | C] () -- C:\WINDOWS\PROTMAN.EXE
[1999/09/23 19:07:39 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TCAUM90X.DLL
[1999/09/23 19:07:39 | 000,026,500 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT16.DLL
[1999/09/23 19:07:39 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\TCAEGT32.DLL
[1999/09/23 19:07:35 | 002,417,445 | ---- | C] () -- C:\WINDOWS\System32\YDSXG.DAT
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/11 12:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/01/12 07:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/08/03 23:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[1995/01/13 13:10:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

========== LOP Check ==========

[2010/06/10 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/02/26 13:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/11/22 02:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/04/14 10:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/06/10 10:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2006/09/07 11:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2010/06/10 11:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/06/28 16:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Facebook
[2010/01/26 09:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\InterTrust
[2011/01/10 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Itfy
[2011/11/07 15:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Liexv
[2009/07/28 18:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Snapfish
[2006/09/07 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Spearit
[2010/10/29 09:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\watfordm\Application Data\Stamps.com Internet Postage
[2011/11/21 12:58:10 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/22 09:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/11/05 23:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job

========== Purity Check ==========

< End of report >

ComboFix 11-11-22.01 - watfordm 11/22/2011 9:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1204 [GMT -6:00]
Running from: c:\documents and settings\watfordm\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\watfordm\WINDOWS
c:\documents and settings\whiter\WINDOWS
C:\Thumbs.db
c:\windows\calc.exe
c:\windows\cleanmgr.exe
c:\windows\config.txt
c:\windows\Help\hp1100.hlp
c:\windows\ping.exe
c:\windows\Rundll.exe
c:\windows\sndrec32.exe
c:\windows\SNMPAPI.DLL
c:\windows\system32\devmgr32.dll
c:\windows\system32\encapi32.dll
c:\windows\system32\mstask.exe
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\skinboxer43.dll
c:\windows\Web\default.htt
c:\windows\winfile.exe
c:\windows\wininit.exe
c:\windows\WINVER.EXE
c:\windows\wupdmgr.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 15:45 . 2011-11-22 15:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1AB966C-8A28-4713-B5B1-18E976BEC81A}\offreg.dll
2011-11-21 19:04 . 2011-10-18 07:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1AB966C-8A28-4713-B5B1-18E976BEC81A}\mpengine.dll
2011-11-20 02:30 . 2011-11-20 02:30 -------- d-----w- C:\_OTL
2011-11-14 14:06 . 2011-10-18 07:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-08 02:55 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-11-08 02:55 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-11-07 22:04 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-07 21:07 . 2011-11-07 21:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 21:03 . 2011-11-07 21:03 -------- d-----w- c:\documents and settings\watfordm\Application Data\Malwarebytes
2011-11-07 21:03 . 2011-11-07 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-07 21:03 . 2011-11-07 21:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-07 21:03 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 13:14 . 2010-02-19 17:38 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-07 13:14 . 2010-02-19 17:38 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 13:13 . 2010-02-19 17:38 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 13:13 . 2010-02-19 17:38 87424 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-30 17:48 . 2008-08-26 13:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-05 1400784]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-05 18:07 1400784 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-05 1400784]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-05 1400784]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2006-07-13 13:33 8453632 ----a-w- c:\windows\system32\shell32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-30 30192]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-24 618496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2010-1-26 82026]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-4 113664]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-11-9 1154848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-07 13:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\FileMover\\SFTHost.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/14/2010 8:11 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2011 3:03 PM 366152]
R2 SFTSER;SFTSER;c:\windows\system32\drivers\sftser.sys [8/24/2004 7:52 AM 42944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2011 3:03 PM 22216]
S1 MpKsl0379ec3e;MpKsl0379ec3e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91B8B097-D59B-42B9-B2F3-F452A2B97346}\MpKsl0379ec3e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{91B8B097-D59B-42B9-B2F3-F452A2B97346}\MpKsl0379ec3e.sys [?]
S1 MpKslf840a9e3;MpKslf840a9e3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1AB966C-8A28-4713-B5B1-18E976BEC81A}\MpKslf840a9e3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1AB966C-8A28-4713-B5B1-18E976BEC81A}\MpKslf840a9e3.sys [?]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/26/2006 10:49 AM 30192]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/8/2005 7:55 AM 4736]
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\system32\drivers\m4301A.sys [9/6/2006 1:16 PM 116192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [8/24/2004 7:52 AM 8960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Chl99]
2004-08-04 10:00 99840 ----a-w- c:\windows\system32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_LinkBar_URLs]
1999-04-24 03:22 45056 ----a-w- c:\windows\COMMAND\SULFNBK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4395}]
2004-08-04 10:00 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2011-11-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-05 18:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dir&o=13735
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.180.42.100 66.76.175.100
DPF: DirectAnimation Java Classes - file://c:\windows\system32\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system32\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso4.cab
FF - ProfilePath - c:\documents and settings\watfordm\Application Data\Mozilla\Firefox\Profiles\sw6x9xw8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dir&o=13735
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DIC2V5&o=13732&locale=en_US&apn_uid=9076BE99-92E7-4432-9A53-9762CF663927&apn_ptnrs=D5&apn_sauid=4C669F97-0939-4062-BE3C-C3F08BB0E7A5&apn_dtid=gog193YYUS&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Dictionary.com Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-AppletsPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-FontsPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MmoptJunglePerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MmoptMusicaPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MmoptRegisterPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MmoptRobotzPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MmoptUtopiaPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MotownAvivideoPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MotownMmsysPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MotownMPlayPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-MotownRecPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsAolPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsAttPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsCompuservePerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsMsnPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-OlsProdigyPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUserOldLinks - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Base - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Calc_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_CDPlayer_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_CharMap_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_ClipBrd_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_CVT_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Dialer_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_dxxspace_Links - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Enable_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_ICW_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_MSBackup_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Msinfo - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Msinfo2 - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_MSWordPad_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_netwatch_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Onlinelnks_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Paint_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_RNA_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Sysmeter_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Sysmon_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Vol - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_winapps_Links - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_winbase_Links - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-PerUser_Wingames_Inis - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-SetupcPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-Shell2PerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-Shell3PerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-ShellPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-TapiPerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-Theme_MoreWindows_PerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-Theme_Windows_PerUser - rundll.exe c:\windows\system32\setupx.dll
HKLM_ActiveSetup-{44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exeadvpack.dll
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 10:03
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-11-22 10:12:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-22 16:12
.
Pre-Run: 49,734,160,384 bytes free
Post-Run: 49,710,088,192 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 783319AFC5A0EEE56ABB2E1A86DE9A82

#8
Essexboy

Posted 22 November 2011 - 02:01 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you now update to SP3 and IE8

Once done let me know of any outstanding problems

#9
gcsmom

Posted 22 November 2011 - 07:43 PM

New Member

Topic Starter
Member
7 posts

All done and I don't see any other issues at this time.

Thanks for the help.
gcsmom

#10
Essexboy

Posted 23 November 2011 - 01:45 PM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#11
gcsmom

Posted 23 November 2011 - 08:37 PM

New Member

Topic Starter
Member
7 posts

Thanks for your help. We are on Thanksgiving vacation so it will not be until next week before I am on the computer. I will let you know if I have any other issues.

Thank you so much for your help.
gcsmom

#12
Essexboy

Posted 24 November 2011 - 12:37 PM

GeekU Moderator

Retired Staff
69,964 posts

My pleasure - Happy holiday

#13
Essexboy

Posted 27 November 2011 - 07:17 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.