Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible after effects of serious virus [Solved]


  • This topic is locked This topic is locked

#1
jss10

jss10

    Member

  • Member
  • PipPip
  • 40 posts
Hi. I admit that this is kind of a precautionary post, but I take this stuff very seriously so I thought I'd be worth it. Last week my computer somehow picked up some pretty massive virus. I couldn't even get to my desktop, and I had to bring it into a local shop. They told me the hard drive was dying, and that it would have to be cloned if I didn't want to reinstall the OS (which I didn't). Once they did so, they discovered that although the hard drive WAS dying, it also had this virus on it.

After another day, they say they cleaned it, and things certainly do look much better. However, there are a certain few strange behaviors that have caught my attention. For example, you know how in a Windows folder (My Pictures, for example), you can choose between various "views" such as Thumbnails, Tiles, Icons, etc.? Well, I keep setting some folders on Tiles, but when I go back later, it's switched to Thumbnails. Basically, I just don't like it when my computer makes changes on its own! I know that this in and of itself isn't a huge deal, but again, I'm just wondering if there's something still messing with the system. Over the past day or so, I've also noticed some possible strange behavior from my browsers (unusual stalling, more pop-ups than usual, etc.)

With all of that having been said, I'll paste my OTL file below. If it looks clean, great. But if something looks wrong, I'll obviously go through the procedure. Thanks!

OTL logfile created on: 12/10/2011 6:25:19 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jordan Solomon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.09% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 369.95 Gb Free Space | 79.43% Space Free | Partition Type: NTFS

Computer Name: JORDAN-B44B7F29 | User Name: Jordan Solomon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/04/03 11:55:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2009/04/08 09:54:34 | 005,168,128 | ---- | M] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/11/06 06:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 06:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/09/17 17:33:50 | 003,928,064 | ---- | M] (Rijker LLC) -- C:\Program Files\TCScan+\TCScan+.exe
PRC - [2008/09/16 20:17:12 | 000,968,704 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1230403542\ee\aolsoftware.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 11:39:40 | 000,142,848 | ---- | M] (thinkorswim, Inc.) -- C:\Program Files\thinkorswim\thinkorswim.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
MOD - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwMsdMon.exe
MOD - [2010/01/21 05:09:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2010/01/21 05:09:30 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2010/01/21 05:08:34 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2009/07/23 14:52:40 | 001,036,288 | ---- | M] () -- C:\Program Files\Dell V505\dldwdrs.dll
MOD - [2009/07/23 14:51:56 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V505\dldwscw.dll
MOD - [2009/07/02 07:41:16 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldwdrpp.dll
MOD - [2009/05/14 06:23:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLDWPMON.DLL
MOD - [2009/05/14 06:22:00 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V505\ipcmt.dll
MOD - [2009/05/13 09:50:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V505\dldwcaps.dll
MOD - [2009/05/13 09:48:00 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V505\dldwmonr.dll
MOD - [2009/02/20 13:06:53 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2009/02/20 11:54:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2009/02/20 11:54:39 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2009/02/20 11:54:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2009/02/20 11:52:45 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009/02/20 11:52:35 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2008/11/06 06:42:59 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.1\xmltok.dll
MOD - [2008/11/06 06:42:59 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.1\xmlparse.dll
MOD - [2008/11/06 06:42:59 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.1\zlib.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/09/16 20:17:12 | 000,968,704 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
MOD - [2008/04/25 01:44:40 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLDWcfg.dll
MOD - [2008/04/25 01:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V505\DLDWcfg.dll
MOD - [2008/03/25 03:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008/03/10 06:30:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008/02/26 14:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V505\dldwcnv4.dll
MOD - [2008/01/28 06:38:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\dldwoem.dll
MOD - [2007/03/26 02:39:36 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2009/07/24 16:04:06 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111209.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111209.032\NAVENG.SYS -- (NAVENG)
DRV - [2009/01/14 02:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/09/20 06:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 06:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/11 04:23:22 | 004,614,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/07 02:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\nvsmu.sys -- (nvsmu)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.babylo...021851a66ea&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 16:39:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/03 12:01:26 | 000,000,000 | ---D | M]

[2009/01/02 17:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Extensions
[2011/12/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions
[2011/11/11 07:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/09 08:41:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 09:44:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/27 13:47:00 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/12/10 01:19:50 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/11/10 09:44:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:44:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/03 13:00:44 | 000,438,048 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15093 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell V505 Fax Server] C:\Program Files\Dell V505\fm3032.exe ()
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230402208544 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C0BEBA-96F1-4872-873D-8591929E62B6}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{794E1C2E-0F0B-4B14-84A7-C1DEB1F25731}: DhcpNameServer = 167.206.251.130 167.206.251.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 02:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 01:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Babylon
[2011/12/10 01:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Babylon
[2011/12/06 22:52:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 16:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/06 14:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Toolbar
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V505
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Printers
[2011/12/06 14:22:36 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2011/12/06 14:22:36 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2011/12/06 14:22:36 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2011/12/06 14:22:36 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2011/12/06 14:22:36 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2011/12/06 14:22:36 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2011/12/06 14:22:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2011/12/06 14:22:35 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2011/12/06 14:22:35 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2011/12/06 14:22:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcoms.exe
[2011/12/06 14:22:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2011/12/06 14:22:35 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcfg.exe
[2011/12/06 14:22:35 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwih.exe
[2011/12/03 13:08:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jordan Solomon\Desktop\Tech Connect
[2011/12/03 12:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/03 12:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2011/12/03 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/02 17:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/02 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/02 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:28:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/02 17:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/02 17:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/12/02 17:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/02 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Adobe
[2011/12/02 17:26:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/02 13:53:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/02 13:07:13 | 000,000,000 | ---D | C] -- C:\found.000
[2011/12/02 12:59:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 12:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/02 12:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/02 12:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/02 12:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/02 12:58:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 12:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/02 12:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\CleanUp!
[2011/12/02 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/11/28 15:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2010/08/02 12:44:56 | 000,785,920 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChat.ocx
[2010/08/02 12:44:55 | 004,515,328 | ---- | C] (WBI) -- C:\Program Files\SFServer.dll
[2010/08/02 12:44:55 | 000,103,424 | ---- | C] (Worden Bros) -- C:\Program Files\AutoLabelN.ocx
[2010/08/02 12:44:55 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB3.ocx
[2010/08/02 12:44:55 | 000,054,784 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\WBScroll.ocx
[2010/08/02 12:44:55 | 000,019,968 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBSplit.ocx
[2010/08/02 12:44:55 | 000,015,872 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBHandle.ocx
[2010/08/02 12:44:54 | 000,102,912 | ---- | C] (Worden Bros) -- C:\Program Files\TC2000Dev.dll
[2010/08/02 12:44:54 | 000,095,232 | ---- | C] (WBI Inc.) -- C:\Program Files\WBChartH.ocx
[2010/08/02 12:44:54 | 000,092,672 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBIFileTransfer.dll
[2010/08/02 12:44:54 | 000,084,480 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBList.ocx
[2010/08/02 12:44:54 | 000,078,336 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolBar.ocx
[2010/08/02 12:44:54 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB.ocx
[2010/08/02 12:44:54 | 000,046,592 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChart.ocx
[2010/08/02 12:44:54 | 000,033,280 | ---- | C] (Worden Brothers, Inc.) -- C:\Program Files\UploadWP.exe
[2010/08/02 12:44:54 | 000,024,064 | ---- | C] (WBI) -- C:\Program Files\ZipUtil.exe
[2010/08/02 12:44:54 | 000,020,992 | ---- | C] (wbi) -- C:\Program Files\WBIMediaPlayer.dll
[2010/08/02 12:44:54 | 000,019,968 | ---- | C] (Worden Bros) -- C:\Program Files\TCWatchListReader.dll
[2010/08/02 12:44:54 | 000,013,312 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\RemProg.exe
[2010/08/02 12:44:51 | 005,168,128 | ---- | C] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
[2010/08/02 12:44:50 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\Program Files\Qpro32.dll
[2010/08/02 12:44:50 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Regsvr32.exe
[2009/04/03 17:57:14 | 000,436,224 | ---- | C] (Irfan Skiljan) -- C:\Program Files\i_view32.exe
[2009/04/03 17:56:58 | 001,618,664 | ---- | C] (Connected Software, Inc.) -- C:\Program Files\ePreserver.exe

========== Files - Modified Within 30 Days ==========

[2011/12/10 17:50:05 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TCScan+.lnk
[2011/12/10 14:37:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/10 14:37:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 01:19:53 | 000,000,118 | ---- | M] () -- C:\user.js
[2011/12/08 22:19:01 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 14:34:44 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/06 14:34:44 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/06 14:34:43 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/06 14:31:25 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:26:16 | 000,141,122 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/12/05 23:47:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/05 14:49:58 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/04 19:47:32 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Word 2007.lnk
[2011/12/04 13:21:42 | 000,000,071 | ---- | M] () -- C:\Program Files\i_view32.ini
[2011/12/04 13:19:56 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\The Weather Channel Desktop.lnk
[2011/12/04 00:30:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Bracket Trader.lnk
[2011/12/03 23:11:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:38:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Excel 2007.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/03 13:00:44 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/03 12:50:27 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-130044.backup
[2011/12/02 17:51:41 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-125027.backup
[2011/12/02 17:50:51 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175141.backup
[2011/12/02 17:48:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/02 13:22:13 | 000,457,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/02 13:22:12 | 000,076,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/02 13:20:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175051.backup
[2011/12/02 12:59:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/02 11:34:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/02 11:34:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/20 20:14:36 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CorrelScan.lnk
[2011/11/14 10:10:45 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\My Documents\Default.rdp

========== Files Created - No Company Name ==========

[2011/12/10 01:15:41 | 000,000,118 | ---- | C] () -- C:\user.js
[2011/12/06 14:31:25 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:25:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2011/12/06 14:25:30 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2011/12/06 14:25:22 | 000,072,625 | ---- | C] () -- C:\WINDOWS\System32\dldwprpr.chm
[2011/12/06 14:24:45 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2011/12/06 14:24:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2011/12/06 14:24:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2011/12/06 14:24:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2011/12/06 14:24:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2011/12/06 14:24:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2011/12/06 14:23:08 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2011/12/06 14:23:08 | 000,017,064 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.exe
[2011/12/06 14:22:36 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2011/12/06 14:22:36 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2011/12/06 14:22:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2011/12/06 14:22:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2011/12/06 14:22:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2011/12/06 14:22:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2011/12/06 14:22:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2011/12/06 14:22:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2011/12/06 14:22:35 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2011/12/06 14:22:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2011/12/06 14:22:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2011/12/06 14:22:35 | 000,001,957 | ---- | C] () -- C:\WINDOWS\System32\dldw.loc
[2011/12/06 13:54:32 | 000,001,563 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Set Program Access and Defaults.lnk
[2011/12/06 13:54:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update.lnk
[2011/12/06 13:54:32 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Catalog.lnk
[2011/12/04 13:21:42 | 000,000,071 | ---- | C] () -- C:\Program Files\i_view32.ini
[2011/12/04 13:19:56 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\The Weather Channel Desktop.lnk
[2011/12/03 23:11:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/02 17:30:36 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/02 12:59:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 12:59:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 12:59:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 12:59:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 12:59:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/23 13:03:58 | 001,846,075 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2011/07/29 14:09:32 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/15 18:25:51 | 000,001,225 | ---- | C] () -- C:\Program Files\GoMeetNow.lnk
[2011/06/09 08:11:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 08:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/28 23:22:25 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 12:44:50 | 000,074,752 | ---- | C] () -- C:\Program Files\TCPatch.exe
[2010/08/02 12:44:50 | 000,006,783 | ---- | C] () -- C:\Program Files\Disclaim.rtf
[2010/08/02 12:44:50 | 000,002,518 | ---- | C] () -- C:\Program Files\DftL.def
[2009/09/24 20:43:11 | 000,000,809 | ---- | C] () -- C:\Program Files\STC Series 7.lnk
[2009/08/28 17:29:26 | 000,005,772 | ---- | C] () -- C:\Program Files\AUDTEST.WAV
[2009/08/28 17:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/04/22 20:14:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/20 11:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/20 11:42:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/13 23:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/07 17:05:58 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/28 02:13:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/28 02:07:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 02:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 20:59:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 20:56:22 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 18:32:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/27 17:39:00 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/12/27 17:38:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/12/27 15:35:12 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 15:08:57 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/12/27 15:08:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/12/27 13:36:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/11 10:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/10/29 17:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 12:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 12:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/10/04 03:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 03:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 03:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 03:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 03:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 03:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 03:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 03:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 03:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/29 10:39:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ZlibOCX2.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,457,910 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,076,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/24 17:26:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GSMessageBox.dll
[1998/06/13 21:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL

========== LOP Check ==========

[2009/02/25 09:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1stWorks
[2008/12/27 13:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2011/12/02 17:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/29 14:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/03 12:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/12/03 12:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2008/12/27 13:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/28 15:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2008/12/27 14:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\948 Series
[2009/06/30 13:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Any Video Converter
[2011/12/10 01:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Babylon
[2010/08/02 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\BlocksDataDownloader
[2011/10/05 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Five9
[2008/12/27 13:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Foxit
[2011/12/02 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\GoMeetNow
[2011/06/11 22:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\IrfanView
[2011/08/07 11:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Sammsoft
[2009/09/03 11:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Software Defender
[2011/12/03 12:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2008/12/27 13:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Thinstall
[2011/12/06 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\V505 Series
[2009/01/15 09:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Viewpoint
[2010/08/02 13:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Worden Brothers, Inc
[2011/12/08 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/10 11:09:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.
  • 0

#3
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Essexboy,

Sorry for the delay in my own response, but I have to admit that after waiting as long as I did, I started to assume that my post just wasn't going to be responded to and stopped checking as regularly. But anyway, I'm glad you did responsd. Before I post the info you requsted, just one note. Running the OTL Quick Scan produced only one text document -- the otl.txt. It didn't seem to produce an "extras" file. With that said, I think this is everything else. The results are numbered according to the order in which you requested them.

1.

OTL logfile created on: 12/21/2011 10:33:21 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jordan Solomon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.37% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 368.45 Gb Free Space | 79.11% Space Free | Partition Type: NTFS

Computer Name: JORDAN-B44B7F29 | User Name: Jordan Solomon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/04/03 11:55:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1230403542\ee\aolsoftware.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
MOD - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
MOD - [2010/01/21 05:09:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2010/01/21 05:09:30 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2010/01/21 05:08:34 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2009/07/23 14:52:40 | 001,036,288 | ---- | M] () -- C:\Program Files\Dell V505\dldwdrs.dll
MOD - [2009/07/23 14:51:56 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V505\dldwscw.dll
MOD - [2009/07/02 07:41:16 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldwdrpp.dll
MOD - [2009/05/14 06:23:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLDWPMON.DLL
MOD - [2009/05/14 06:22:00 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V505\ipcmt.dll
MOD - [2009/05/13 09:50:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V505\dldwcaps.dll
MOD - [2009/05/13 09:48:00 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V505\dldwmonr.dll
MOD - [2009/02/20 13:06:53 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2009/02/20 11:54:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2009/02/20 11:54:39 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2009/02/20 11:54:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2009/02/20 11:52:45 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009/02/20 11:52:35 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/25 01:44:40 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLDWcfg.dll
MOD - [2008/04/25 01:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V505\DLDWcfg.dll
MOD - [2008/03/25 03:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008/03/10 06:30:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008/02/26 14:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V505\dldwcnv4.dll
MOD - [2008/01/28 06:38:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\dldwoem.dll
MOD - [2007/10/04 17:14:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/03/26 02:39:36 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2009/07/24 16:04:06 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.003\navex15.sys -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111221.003\naveng.sys -- (NAVENG)
DRV - [2009/01/14 02:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/09/20 06:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 06:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/11 04:23:22 | 004,614,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/07 02:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....ponse/index.jsp

IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2052111302-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.babylo...021851a66ea&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 16:39:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/03 12:01:26 | 000,000,000 | ---D | M]

[2009/01/02 17:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Extensions
[2011/12/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions
[2011/11/11 07:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/09 08:41:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 09:44:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/27 13:47:00 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/12/10 01:19:50 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/11/10 09:44:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:44:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/03 13:00:44 | 000,438,048 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15093 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell V505 Fax Server] C:\Program Files\Dell V505\fm3032.exe ()
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230402208544 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C0BEBA-96F1-4872-873D-8591929E62B6}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{794E1C2E-0F0B-4B14-84A7-C1DEB1F25731}: DhcpNameServer = 167.206.251.130 167.206.251.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 02:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2052111302-73586283-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2052111302-73586283-839522115-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 19:15:21 | 000,000,000 | ---D | C] -- C:\abe774cb0ff0cad796250084
[2011/12/20 23:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/20 23:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/19 20:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Autoruns
[2011/12/19 19:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessMonitor
[2011/12/19 19:26:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/12/17 14:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\LogMeIn Rescue Applet
[2011/12/17 06:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/12/16 20:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/16 20:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/13 13:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\RegServers
[2011/12/13 13:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\RampRT
[2011/12/13 13:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RampRT
[2011/12/13 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\RampRT
[2011/12/10 22:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Yahoo!
[2011/12/10 01:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Babylon
[2011/12/06 22:52:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 16:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/06 14:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Toolbar
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V505
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Printers
[2011/12/06 14:22:36 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2011/12/06 14:22:36 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2011/12/06 14:22:36 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2011/12/06 14:22:36 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2011/12/06 14:22:36 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2011/12/06 14:22:36 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2011/12/06 14:22:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2011/12/06 14:22:35 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2011/12/06 14:22:35 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2011/12/06 14:22:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcoms.exe
[2011/12/06 14:22:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2011/12/06 14:22:35 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcfg.exe
[2011/12/06 14:22:35 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwih.exe
[2011/12/03 13:08:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jordan Solomon\Desktop\Tech Connect
[2011/12/03 12:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/03 12:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2011/12/03 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/02 17:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/02 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/02 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:28:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/02 17:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/02 17:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/12/02 17:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/02 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Adobe
[2011/12/02 17:26:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/02 13:53:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/02 13:07:13 | 000,000,000 | ---D | C] -- C:\found.000
[2011/12/02 12:59:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 12:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/02 12:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/02 12:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/02 12:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/02 12:58:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 12:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/02 12:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\CleanUp!
[2011/12/02 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/11/28 15:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2010/08/02 12:44:56 | 000,785,920 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChat.ocx
[2010/08/02 12:44:55 | 004,515,328 | ---- | C] (WBI) -- C:\Program Files\SFServer.dll
[2010/08/02 12:44:55 | 000,103,424 | ---- | C] (Worden Bros) -- C:\Program Files\AutoLabelN.ocx
[2010/08/02 12:44:55 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB3.ocx
[2010/08/02 12:44:55 | 000,054,784 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\WBScroll.ocx
[2010/08/02 12:44:55 | 000,019,968 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBSplit.ocx
[2010/08/02 12:44:55 | 000,015,872 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBHandle.ocx
[2010/08/02 12:44:54 | 000,102,912 | ---- | C] (Worden Bros) -- C:\Program Files\TC2000Dev.dll
[2010/08/02 12:44:54 | 000,095,232 | ---- | C] (WBI Inc.) -- C:\Program Files\WBChartH.ocx
[2010/08/02 12:44:54 | 000,092,672 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBIFileTransfer.dll
[2010/08/02 12:44:54 | 000,084,480 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBList.ocx
[2010/08/02 12:44:54 | 000,078,336 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolBar.ocx
[2010/08/02 12:44:54 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB.ocx
[2010/08/02 12:44:54 | 000,046,592 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChart.ocx
[2010/08/02 12:44:54 | 000,033,280 | ---- | C] (Worden Brothers, Inc.) -- C:\Program Files\UploadWP.exe
[2010/08/02 12:44:54 | 000,024,064 | ---- | C] (WBI) -- C:\Program Files\ZipUtil.exe
[2010/08/02 12:44:54 | 000,020,992 | ---- | C] (wbi) -- C:\Program Files\WBIMediaPlayer.dll
[2010/08/02 12:44:54 | 000,019,968 | ---- | C] (Worden Bros) -- C:\Program Files\TCWatchListReader.dll
[2010/08/02 12:44:54 | 000,013,312 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\RemProg.exe
[2010/08/02 12:44:51 | 005,168,128 | ---- | C] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
[2010/08/02 12:44:50 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\Program Files\Qpro32.dll
[2010/08/02 12:44:50 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Regsvr32.exe
[2009/04/03 17:57:14 | 000,436,224 | ---- | C] (Irfan Skiljan) -- C:\Program Files\i_view32.exe
[2009/04/03 17:56:58 | 001,618,664 | ---- | C] (Connected Software, Inc.) -- C:\Program Files\ePreserver.exe

========== Files - Modified Within 30 Days ==========

[2011/12/21 20:41:58 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TCScan+.lnk
[2011/12/21 19:16:06 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/21 19:15:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/21 18:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/20 23:45:44 | 000,001,927 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TC2000.lnk
[2011/12/19 19:17:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/18 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/17 17:22:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Word 2007.lnk
[2011/12/17 17:09:10 | 000,013,948 | -HS- | M] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b
[2011/12/17 17:09:10 | 000,013,948 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b
[2011/12/17 16:03:27 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/17 14:44:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 11:57:23 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/12/14 20:19:10 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CorrelScan.lnk
[2011/12/14 15:09:33 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/13 13:31:15 | 000,159,964 | ---- | M] () -- C:\WINDOWS\RampRT Uninstaller.exe
[2011/12/13 13:31:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\ramprt.lnk
[2011/12/12 19:26:22 | 000,000,008 | RH-- | M] () -- C:\Documents and Settings\Jordan Solomon\hwid
[2011/12/12 17:15:31 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/10 01:19:53 | 000,000,118 | ---- | M] () -- C:\user.js
[2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 14:34:44 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/06 14:34:44 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/06 14:34:43 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/06 14:31:25 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:26:16 | 000,141,122 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/12/04 13:21:42 | 000,000,071 | ---- | M] () -- C:\Program Files\i_view32.ini
[2011/12/04 00:30:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Bracket Trader.lnk
[2011/12/03 23:11:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:38:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Excel 2007.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/03 13:00:44 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/03 12:50:27 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-130044.backup
[2011/12/02 17:51:41 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-125027.backup
[2011/12/02 17:50:51 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175141.backup
[2011/12/02 17:48:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/02 13:22:13 | 000,457,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/02 13:22:12 | 000,076,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/02 13:20:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175051.backup
[2011/12/02 11:34:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/02 11:34:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

========== Files Created - No Company Name ==========

[2011/12/20 23:45:44 | 000,001,933 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\TC2000.lnk
[2011/12/20 23:45:44 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TC2000.lnk
[2011/12/17 16:07:29 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/12/17 16:07:29 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/12/17 16:07:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/12/17 16:07:29 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/12/17 16:03:27 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/16 19:31:22 | 000,013,948 | -HS- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b
[2011/12/16 19:31:22 | 000,013,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b
[2011/12/15 11:57:22 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/12/14 15:09:33 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/13 13:31:15 | 000,159,964 | ---- | C] () -- C:\WINDOWS\RampRT Uninstaller.exe
[2011/12/13 13:31:15 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\ramprt.lnk
[2011/12/12 19:26:22 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Jordan Solomon\hwid
[2011/12/10 01:15:41 | 000,000,118 | ---- | C] () -- C:\user.js
[2011/12/06 14:31:25 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:25:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2011/12/06 14:25:30 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2011/12/06 14:25:22 | 000,072,625 | ---- | C] () -- C:\WINDOWS\System32\dldwprpr.chm
[2011/12/06 14:24:45 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2011/12/06 14:24:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2011/12/06 14:24:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2011/12/06 14:24:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2011/12/06 14:24:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2011/12/06 14:24:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2011/12/06 14:23:08 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2011/12/06 14:23:08 | 000,017,064 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.exe
[2011/12/06 14:22:36 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2011/12/06 14:22:36 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2011/12/06 14:22:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2011/12/06 14:22:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2011/12/06 14:22:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2011/12/06 14:22:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2011/12/06 14:22:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2011/12/06 14:22:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2011/12/06 14:22:35 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2011/12/06 14:22:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2011/12/06 14:22:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2011/12/06 14:22:35 | 000,001,957 | ---- | C] () -- C:\WINDOWS\System32\dldw.loc
[2011/12/06 13:54:32 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Set Program Access and Defaults.lnk
[2011/12/06 13:54:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update.lnk
[2011/12/06 13:54:32 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Catalog.lnk
[2011/12/04 13:21:42 | 000,000,071 | ---- | C] () -- C:\Program Files\i_view32.ini
[2011/12/03 23:11:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/02 17:30:36 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/02 12:59:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 12:59:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 12:59:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 12:59:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 12:59:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/23 13:03:58 | 001,846,075 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2011/07/29 14:09:32 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/15 18:25:51 | 000,001,225 | ---- | C] () -- C:\Program Files\GoMeetNow.lnk
[2011/06/09 08:11:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 08:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/10/28 23:22:25 | 000,158,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 12:44:50 | 000,074,752 | ---- | C] () -- C:\Program Files\TCPatch.exe
[2010/08/02 12:44:50 | 000,006,783 | ---- | C] () -- C:\Program Files\Disclaim.rtf
[2010/08/02 12:44:50 | 000,002,518 | ---- | C] () -- C:\Program Files\DftL.def
[2009/09/24 20:43:11 | 000,000,809 | ---- | C] () -- C:\Program Files\STC Series 7.lnk
[2009/08/28 17:29:26 | 000,005,772 | ---- | C] () -- C:\Program Files\AUDTEST.WAV
[2009/08/28 17:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/04/22 20:14:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/20 11:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/20 11:42:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/13 23:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/07 17:05:58 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/28 02:13:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/28 02:07:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 02:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 20:59:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 20:56:22 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 18:32:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/27 17:39:00 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/12/27 17:38:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/12/27 15:35:12 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 15:08:57 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/12/27 15:08:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/12/27 13:36:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/11 10:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/10/29 17:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 12:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 12:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/10/04 03:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 03:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 03:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 03:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 03:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 03:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 03:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 03:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 03:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/29 10:39:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ZlibOCX2.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,457,910 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,076,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/24 17:26:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GSMessageBox.dll
[1998/06/13 21:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL

========== LOP Check ==========

[2009/02/25 09:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1stWorks
[2008/12/27 13:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2011/12/02 17:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/29 14:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/03 12:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/12/03 12:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2008/12/27 13:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/28 15:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2008/12/27 14:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\948 Series
[2009/06/30 13:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Any Video Converter
[2010/08/02 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\BlocksDataDownloader
[2011/10/05 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Five9
[2008/12/27 13:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Foxit
[2011/12/02 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\GoMeetNow
[2011/06/11 22:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\IrfanView
[2011/12/21 21:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\RampRT
[2011/12/13 13:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\RegServers
[2011/08/07 11:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Sammsoft
[2009/09/03 11:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Software Defender
[2011/12/03 12:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2008/12/27 13:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Thinstall
[2011/12/06 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\V505 Series
[2009/01/15 09:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Viewpoint
[2010/08/02 13:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Worden Brothers, Inc
[2011/12/18 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/10 11:09:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2004/08/04 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{08E1774C-5E49-424D-9CCF-E3C38FB0DC2F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{14A3AF00-3749-4A39-B102-7626449673AE}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3F7824B8-58E1-499E-BB4B-EF1B560689DD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{42C0BEBA-96F1-4872-873D-8591929E62B6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{794E1C2E-0F0B-4B14-84A7-C1DEB1F25731}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7E9A838D-AC7A-43E1-A8F5-4A56DA7A8076}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2004/08/04 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 05 01 00 00 01 00 02 00 06 00 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 07:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


2.

aswMBR version 0.9.9.1116 Copyright© 2011 AVAST Software
Run date: 2011-12-21 22:36:53
-----------------------------
22:36:53.453 OS Version: Windows 5.1.2600 Service Pack 2
22:36:53.453 Number of processors: 2 586 0x1706
22:36:53.453 ComputerName: JORDAN-B44B7F29 UserName: Jordan Solomon
22:37:01.250 Initialize success
22:37:09.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
22:37:09.953 Disk 0 Vendor: ST3500413AS JC4B Size: 476940MB BusType: 3
22:37:11.968 Disk 0 MBR read successfully
22:37:11.968 Disk 0 MBR scan
22:37:11.968 Disk 0 Windows XP default MBR code
22:37:11.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
22:37:11.968 Disk 0 scanning sectors +976768065
22:37:12.015 Disk 0 scanning C:\WINDOWS\system32\drivers
22:37:17.171 Service scanning
22:37:21.921 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
22:37:22.468 Modules scanning
22:37:26.437 Disk 0 trace - called modules:
22:37:26.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:37:26.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6daab8]
22:37:26.468 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000006b[0x8a7bcf18]
22:37:26.468 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a780940]
22:37:26.468 Scan finished successfully
22:37:37.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jordan Solomon\Desktop\MBR.dat"
22:37:37.203 The log file has been saved successfully to "C:\Documents and Settings\Jordan Solomon\Desktop\aswMBR.txt"


3.

Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.
On computer: JORDAN-B44B7F29

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D CD-ROM 0 B
Volume 1 C NTFS Partition 466 GB Healthy System
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi ok once this run has completed could you update to service pack 3 and then let me know what the current problems are

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..keyword.URL: "http://search.babylo...021851a66ea&q="
    [2011/12/10 01:19:50 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O3 - HKLM\..\Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - No CLSID value found.
    [2011/12/10 01:19:53 | 000,000,118 | ---- | M] () -- C:\user.js
    [2011/12/16 19:31:22 | 000,013,948 | -HS- | C] () -- C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b
    [2011/12/16 19:31:22 | 000,013,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rmvfhv6g4gok0dbx8afl8b081a3b

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Essexboy,

I have to ask -- is there any way to do this process without me having to install Service Pack 3? Service Pack 2 is what the technician who installed my system recommended, and quite frankly, I just don't like change when it comes to my computer. I've gone through this process before with Service Pack 2, so I have to think that it's possible. Please let me know. Thanks.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Without service pack 3 I believe that MS will no longer provide updates.

SP3 blocks security loopholes and improves slightly the performance of the system..

You can refuse the service pack but you must be aware that your system will become more liable to infection as time progresses

IE6 will very soon cease to be supported online so you will need at least IE7 and for that, again you require SP3

But it is your choice
  • 0

#7
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Essexboy,

Okay, I'll definitely put Service Pack 3 on my to-do list, but would kind of like to take care of one thing at a time and make sure everything is okay in terms of spyware, etc. So, is there any problem doing the rest of the steps you just described without the service pack upgrade?
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Most certainly we can do that first
  • 0

#9
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi. Okay, first one minor point. I'm not sure if the word "Quote" was supposed to be included in what I pasted into the OTL Custom Scans/Fixes box. I did NOT include this word. I hope that's okay and didn't ruin anything -- please let me know if not. Now, here are the results of your two requests.

1.

OTL logfile created on: 12/26/2011 10:46:45 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jordan Solomon\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.15% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 369.67 Gb Free Space | 79.37% Space Free | Partition Type: NTFS

Computer Name: JORDAN-B44B7F29 | User Name: Jordan Solomon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
PRC - [2011/06/08 09:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/04/03 11:55:18 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
PRC - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
PRC - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\dldwcoms.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/11/06 06:42:59 | 000,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 06:42:59 | 000,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/06/24 13:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1230403542\ee\aolsoftware.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files\Dell V505\dldwmon.exe
MOD - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files\Dell V505\dldwmsdmon.exe
MOD - [2010/01/21 05:09:30 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.core.dll
MOD - [2010/01/21 05:09:30 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V505\app4r.monitor.common.dll
MOD - [2010/01/21 05:08:34 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
MOD - [2009/07/23 14:52:40 | 001,036,288 | ---- | M] () -- C:\Program Files\Dell V505\dldwdrs.dll
MOD - [2009/07/23 14:51:56 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V505\dldwscw.dll
MOD - [2009/07/02 07:41:16 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldwdrpp.dll
MOD - [2009/05/14 06:23:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLDWPMON.DLL
MOD - [2009/05/14 06:22:00 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell V505\ipcmt.dll
MOD - [2009/05/13 09:50:52 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V505\dldwcaps.dll
MOD - [2009/05/13 09:48:00 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V505\dldwmonr.dll
MOD - [2009/02/20 13:06:53 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\b82c00e2d24305ad6cb08556e3779b75\System.Configuration.ni.dll
MOD - [2009/02/20 11:54:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\773a9786013451d3baaeff003dc4230f\System.Xml.ni.dll
MOD - [2009/02/20 11:54:39 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce\System.Windows.Forms.ni.dll
MOD - [2009/02/20 11:54:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3da96ee075bab9202626ae44c18d226c\System.Drawing.ni.dll
MOD - [2009/02/20 11:52:45 | 007,868,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\80978a322d7dd39f0a71be1251ae395a\System.ni.dll
MOD - [2009/02/20 11:52:35 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni.dll
MOD - [2008/11/06 06:42:59 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.1\xmltok.dll
MOD - [2008/11/06 06:42:59 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.1\xmlparse.dll
MOD - [2008/11/06 06:42:59 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.1\zlib.dll
MOD - [2008/04/25 01:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V505\DLDWcfg.dll
MOD - [2008/03/25 03:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2008/03/10 06:30:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwdatr.dll
MOD - [2008/02/26 14:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V505\dldwcnv4.dll
MOD - [2008/01/28 06:38:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\dldwoem.dll
MOD - [2007/03/26 02:39:36 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldwcats.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/24 16:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldwcoms.exe -- (dldw_device)
SRV - [2009/07/24 16:04:06 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldwserv.exe -- (dldwCATSCustConnectService)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 06:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111226.004\navex15.sys -- (NAVEX15)
DRV - [2011/10/18 06:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111226.004\naveng.sys -- (NAVENG)
DRV - [2009/01/14 02:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/11/18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/09/20 06:07:40 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/09/20 06:07:38 | 000,053,632 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/09/11 04:23:22 | 004,614,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/07 02:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/05/31 02:19:22 | 000,096,896 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:44:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/02 16:39:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/04/03 12:01:26 | 000,000,000 | ---D | M]

[2009/01/02 17:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Extensions
[2011/12/10 14:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jordan Solomon\Application Data\Mozilla\Firefox\Profiles\f69fi6vv.default\extensions
[2011/11/11 07:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/09 08:41:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/10 09:44:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/27 13:47:00 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/11/10 09:44:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 09:44:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = \Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = \Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = \Documents and Settings\Jordan Solomon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/12/26 22:34:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell V505 Fax Server] C:\Program Files\Dell V505\fm3032.exe ()
O4 - HKLM..\Run: [dldwamon] C:\Program Files\Dell V505\dldwamon.exe ()
O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files\Dell V505\dldwmon.exe ()
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - C:\Program Files\DzSoft\Favorites Search\FavSeek.dll (DzSoft Ltd)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1230402208544 (WUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C0BEBA-96F1-4872-873D-8591929E62B6}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{794E1C2E-0F0B-4B14-84A7-C1DEB1F25731}: DhcpNameServer = 167.206.251.130 167.206.251.129
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jordan Solomon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 02:06:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 22:34:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/26 22:34:29 | 000,000,000 | ---D | C] -- \_OTL
[2011/12/25 18:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\TCScan+
[2011/12/25 18:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\TCScan+
[2011/12/21 22:36:42 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jordan Solomon\Desktop\aswMBR.exe
[2011/12/20 23:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/20 23:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/19 20:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Autoruns
[2011/12/19 19:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\ProcessMonitor
[2011/12/19 19:26:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/12/16 20:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/16 20:10:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2011/12/16 20:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/13 13:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\RegServers
[2011/12/13 13:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\RampRT
[2011/12/13 13:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RampRT
[2011/12/13 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\RampRT
[2011/12/10 22:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/12/10 22:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\Yahoo!
[2011/12/06 22:52:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 16:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/06 14:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Toolbar
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell V505
[2011/12/06 14:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Printers
[2011/12/06 14:22:36 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwserv.dll
[2011/12/06 14:22:36 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwusb1.dll
[2011/12/06 14:22:36 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwpmui.dll
[2011/12/06 14:22:36 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwlmpm.dll
[2011/12/06 14:22:36 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDWhcp.dll
[2011/12/06 14:22:36 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwinpa.dll
[2011/12/06 14:22:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwiesc.dll
[2011/12/06 14:22:35 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomc.dll
[2011/12/06 14:22:35 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwhbn3.dll
[2011/12/06 14:22:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcoms.exe
[2011/12/06 14:22:35 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcomm.dll
[2011/12/06 14:22:35 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwcfg.exe
[2011/12/06 14:22:35 | 000,328,360 | ---- | C] ( ) -- C:\WINDOWS\System32\dldwih.exe
[2011/12/03 13:08:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jordan Solomon\Desktop\Tech Connect
[2011/12/03 12:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/03 12:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2011/12/03 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cookies
[2011/12/03 12:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Cookies
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011/12/03 12:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/02 17:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/02 17:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/02 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/02 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 17:28:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/02 17:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/02 17:28:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/12/02 17:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/12/02 17:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/02 17:26:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/02 17:26:14 | 000,000,000 | -HSD | C] -- \RECYCLER
[2011/12/02 13:53:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/12/02 13:07:13 | 000,000,000 | ---D | C] -- C:\found.000
[2011/12/02 13:07:13 | 000,000,000 | ---D | C] -- \found.000
[2011/12/02 12:59:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/02 12:59:37 | 000,000,000 | RHSD | C] -- \cmdcons
[2011/12/02 12:59:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/02 12:59:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/02 12:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/02 12:59:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/02 12:58:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/02 12:58:14 | 000,000,000 | ---D | C] -- \Qoobox
[2011/12/02 12:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/12/02 12:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\CleanUp!
[2011/12/02 12:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/11/28 15:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2010/08/02 12:44:56 | 000,785,920 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChat.ocx
[2010/08/02 12:44:55 | 004,515,328 | ---- | C] (WBI) -- C:\Program Files\SFServer.dll
[2010/08/02 12:44:55 | 000,103,424 | ---- | C] (Worden Bros) -- C:\Program Files\AutoLabelN.ocx
[2010/08/02 12:44:55 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB3.ocx
[2010/08/02 12:44:55 | 000,054,784 | ---- | C] (Dell Computer Corporation) -- C:\Program Files\WBScroll.ocx
[2010/08/02 12:44:55 | 000,019,968 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBSplit.ocx
[2010/08/02 12:44:55 | 000,015,872 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBHandle.ocx
[2010/08/02 12:44:54 | 000,102,912 | ---- | C] (Worden Bros) -- C:\Program Files\TC2000Dev.dll
[2010/08/02 12:44:54 | 000,095,232 | ---- | C] (WBI Inc.) -- C:\Program Files\WBChartH.ocx
[2010/08/02 12:44:54 | 000,092,672 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBIFileTransfer.dll
[2010/08/02 12:44:54 | 000,084,480 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBList.ocx
[2010/08/02 12:44:54 | 000,078,336 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolBar.ocx
[2010/08/02 12:44:54 | 000,060,416 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBCoolB.ocx
[2010/08/02 12:44:54 | 000,046,592 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\WBChart.ocx
[2010/08/02 12:44:54 | 000,033,280 | ---- | C] (Worden Brothers, Inc.) -- C:\Program Files\UploadWP.exe
[2010/08/02 12:44:54 | 000,024,064 | ---- | C] (WBI) -- C:\Program Files\ZipUtil.exe
[2010/08/02 12:44:54 | 000,020,992 | ---- | C] (wbi) -- C:\Program Files\WBIMediaPlayer.dll
[2010/08/02 12:44:54 | 000,019,968 | ---- | C] (Worden Bros) -- C:\Program Files\TCWatchListReader.dll
[2010/08/02 12:44:54 | 000,013,312 | ---- | C] (Worden Brothers Inc) -- C:\Program Files\RemProg.exe
[2010/08/02 12:44:51 | 005,168,128 | ---- | C] (Worden Brothers Inc.) -- C:\Program Files\TeleChart.exe
[2010/08/02 12:44:50 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\Program Files\Qpro32.dll
[2010/08/02 12:44:50 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Regsvr32.exe
[2009/04/03 17:57:14 | 000,436,224 | ---- | C] (Irfan Skiljan) -- C:\Program Files\i_view32.exe
[2009/04/03 17:56:58 | 001,618,664 | ---- | C] (Connected Software, Inc.) -- C:\Program Files\ePreserver.exe

========== Files - Modified Within 30 Days ==========

[2011/12/26 22:36:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 22:36:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/26 22:34:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/26 17:26:18 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TCScan+.lnk
[2011/12/25 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/21 22:37:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\MBR.dat
[2011/12/21 22:36:52 | 001,917,952 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jordan Solomon\Desktop\aswMBR.exe
[2011/12/21 19:16:06 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/20 23:45:44 | 000,001,927 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TC2000.lnk
[2011/12/19 19:17:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/17 17:22:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Word 2007.lnk
[2011/12/17 16:03:27 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/17 14:44:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 11:57:23 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/12/14 20:19:10 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CorrelScan.lnk
[2011/12/14 15:09:33 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/13 13:31:15 | 000,159,964 | ---- | M] () -- C:\WINDOWS\RampRT Uninstaller.exe
[2011/12/13 13:31:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\ramprt.lnk
[2011/12/12 19:26:22 | 000,000,008 | RH-- | M] () -- C:\Documents and Settings\Jordan Solomon\hwid
[2011/12/06 22:52:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jordan Solomon\Desktop\OTL.exe
[2011/12/06 14:34:44 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/06 14:34:44 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/06 14:34:43 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/06 14:34:43 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/06 14:31:25 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:26:16 | 000,141,122 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2011/12/04 13:21:42 | 000,000,071 | ---- | M] () -- C:\Program Files\i_view32.ini
[2011/12/04 00:30:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Bracket Trader.lnk
[2011/12/03 23:11:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:38:08 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Microsoft Office Excel 2007.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/03 12:50:27 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-130044.backup
[2011/12/02 17:51:41 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111203-125027.backup
[2011/12/02 17:50:51 | 000,438,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175141.backup
[2011/12/02 17:48:12 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/02 13:22:13 | 000,457,910 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/02 13:22:12 | 000,076,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/02 13:20:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111202-175051.backup
[2011/12/02 11:34:58 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/02 11:34:58 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

========== Files Created - No Company Name ==========

[2011/12/25 18:43:05 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TCScan+.lnk
[2011/12/21 22:37:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\MBR.dat
[2011/12/20 23:45:44 | 000,001,933 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Start Menu\Programs\TC2000.lnk
[2011/12/20 23:45:44 | 000,001,927 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TC2000.lnk
[2011/12/17 16:07:29 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/12/17 16:07:29 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/12/17 16:07:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/12/17 16:07:29 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/12/17 16:03:27 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml
[2011/12/15 11:57:22 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\g2mdlhlpx.exe
[2011/12/14 15:09:33 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2011/12/13 13:31:15 | 000,159,964 | ---- | C] () -- C:\WINDOWS\RampRT Uninstaller.exe
[2011/12/13 13:31:15 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\ramprt.lnk
[2011/12/12 19:26:22 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Jordan Solomon\hwid
[2011/12/06 14:31:25 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Imaging Toolbox - V505.LNK
[2011/12/06 14:25:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldwvs.dll
[2011/12/06 14:25:30 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldwcoin.dll
[2011/12/06 14:25:22 | 000,072,625 | ---- | C] () -- C:\WINDOWS\System32\dldwprpr.chm
[2011/12/06 14:24:45 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\dldwdrs.dll
[2011/12/06 14:24:45 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldwcaps.dll
[2011/12/06 14:24:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldwcnv4.dll
[2011/12/06 14:24:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\dldwoem.dll
[2011/12/06 14:24:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDWPMON.DLL
[2011/12/06 14:24:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDWFXPU.DLL
[2011/12/06 14:23:08 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.dll
[2011/12/06 14:23:08 | 000,017,064 | ---- | C] () -- C:\WINDOWS\System32\DLDWwupd.exe
[2011/12/06 14:22:36 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\dldwutil.dll
[2011/12/06 14:22:36 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\DLDWinst.dll
[2011/12/06 14:22:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldwinsb.dll
[2011/12/06 14:22:36 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldwins.dll
[2011/12/06 14:22:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\dldwjswr.dll
[2011/12/06 14:22:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldwinsr.dll
[2011/12/06 14:22:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldwgrd.dll
[2011/12/06 14:22:35 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldwcub.dll
[2011/12/06 14:22:35 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDWcfg.dll
[2011/12/06 14:22:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldwcu.dll
[2011/12/06 14:22:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldwcur.dll
[2011/12/06 14:22:35 | 000,001,957 | ---- | C] () -- C:\WINDOWS\System32\dldw.loc
[2011/12/06 13:54:32 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Set Program Access and Defaults.lnk
[2011/12/06 13:54:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update.lnk
[2011/12/06 13:54:32 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Catalog.lnk
[2011/12/04 13:21:42 | 000,000,071 | ---- | C] () -- C:\Program Files\i_view32.ini
[2011/12/03 23:11:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011/12/03 16:44:07 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\CCleaner.lnk
[2011/12/03 14:44:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/12/03 14:43:59 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/03 14:43:56 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL.lnk
[2011/12/03 13:49:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Firefox.lnk
[2011/12/03 13:46:54 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\Defragler.lnk
[2011/12/03 13:37:27 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\TeleChart.lnk
[2011/12/03 13:13:12 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Jordan Solomon\Desktop\AOL.lnk
[2011/12/02 17:30:36 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/12/02 12:59:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/02 12:59:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/02 12:59:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/02 12:59:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/02 12:59:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/23 13:03:58 | 001,846,075 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2011/07/29 14:09:32 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/15 18:25:51 | 000,001,225 | ---- | C] () -- C:\Program Files\GoMeetNow.lnk
[2011/06/09 08:11:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/09 08:11:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/08/02 12:44:50 | 000,074,752 | ---- | C] () -- C:\Program Files\TCPatch.exe
[2010/08/02 12:44:50 | 000,006,783 | ---- | C] () -- C:\Program Files\Disclaim.rtf
[2010/08/02 12:44:50 | 000,002,518 | ---- | C] () -- C:\Program Files\DftL.def
[2009/09/24 20:43:11 | 000,000,809 | ---- | C] () -- C:\Program Files\STC Series 7.lnk
[2009/08/28 17:29:26 | 000,005,772 | ---- | C] () -- C:\Program Files\AUDTEST.WAV
[2009/08/28 17:28:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2009/04/22 20:14:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/02 17:13:10 | 000,000,211 | ---- | C] () -- \Boot.bak
[2009/03/02 17:13:07 | 000,260,272 | RHS- | C] () -- \cmldr
[2009/02/25 09:27:57 | 000,000,262 | ---- | C] () -- \HCFRAME.HCD
[2009/02/20 11:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/02/20 11:42:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/13 23:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/13 23:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/07 17:05:58 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/28 02:13:52 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/28 02:07:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/28 02:06:14 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2008/12/28 02:06:14 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2008/12/28 02:06:14 | 000,000,000 | ---- | C] () -- \CONFIG.SYS
[2008/12/28 02:06:14 | 000,000,000 | ---- | C] () -- \AUTOEXEC.BAT
[2008/12/28 02:03:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 20:59:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/27 20:56:22 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/27 20:55:42 | 000,000,327 | RHS- | C] () -- \boot.ini
[2008/12/27 18:32:47 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/27 17:39:00 | 000,000,042 | ---- | C] () -- C:\WINDOWS\ib.ini
[2008/12/27 17:38:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll
[2008/12/27 15:08:57 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarIe7.dll
[2008/12/27 15:08:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\TwcToolbarBho.dll
[2008/12/27 13:36:36 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/11 10:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2008/10/29 17:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/10/21 12:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 12:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/10/04 03:14:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 03:14:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/10/04 03:14:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 03:14:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/10/04 03:14:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 03:14:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 03:14:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/10/04 03:14:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/10/04 03:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/29 10:39:50 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ZlibOCX2.dll
[2004/08/04 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,457,910 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,250,032 | RHS- | C] () -- \ntldr
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,076,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/24 17:26:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\GSMessageBox.dll
[1998/06/13 21:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL

========== LOP Check ==========

[2009/02/25 09:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1stWorks
[2008/12/27 13:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2011/12/02 17:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/07/29 14:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/03 12:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/12/03 12:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505
[2009/09/09 18:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\V505 Series
[2008/12/27 13:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/28 15:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\6F411BF1
[2008/12/27 14:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\948 Series
[2009/06/30 13:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Any Video Converter
[2010/08/02 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\BlocksDataDownloader
[2011/10/05 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Five9
[2008/12/27 13:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Foxit
[2011/12/02 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\GoMeetNow
[2011/06/11 22:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\IrfanView
[2011/12/26 18:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\RampRT
[2011/12/13 13:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\RegServers
[2011/08/07 11:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Sammsoft
[2009/09/03 11:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Software Defender
[2011/12/03 12:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\TeamViewer
[2008/12/27 13:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Thinstall
[2011/12/06 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\V505 Series
[2009/01/15 09:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Viewpoint
[2010/08/02 13:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jordan Solomon\Application Data\Worden Brothers, Inc
[2011/12/25 09:10:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/10 11:09:18 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


2.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122605

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/26/2011 10:55:35 PM
mbam-log-2011-12-26 (22-55-35).txt

Scan type: Quick scan
Objects scanned: 173717
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by jss10, 26 December 2011 - 10:01 PM.

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you knowingly install the Babylon toolbar ?

What are your current problems ?

No, you were correct the Quote was not part of the fix
  • 0

Advertisements


#11
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Did you knowingly install the Babylon toolbar ?


That's a really good question, and the answer is no. It kind of snuck in there with something else I intentionally downloaded -- I forgot what. I had never heard of it before and certainly didn't want it, so I thought I uninstalled it. And now, when I go to the Add or Remove Programs tool in the Control Panel, it's no longer listed there. So, I'm surprised it showed up on this scan and you asked me about it. If I could do more than I already have to get rid of it, I would be happy to do so, ESPECIALLY if it could be causing problems, but I don't know if it is or not.

What are your current problems ?


Kind of what I described in my first post. The "Views" settings in folders such as My Downloads (or whatever) changing without my having changed them. I use a program that uses Microsoft Silverlight that won't load -- I click on the icon, the hourglass appears for about a millisecond and then disappears (the "launcher" won't work, from what I was told). Some pages seem to load a bit slower than usual, although I guess that could be my imagination (that is, I have it in my head that something is wrong, so I suspect unusual slowness where perhaps there isn't any). I guess overall something just seems a bit "off" compared to the way it was before, but I know that's too vague to help you much. All that said, I'll say again that this post was kind of precautionary anyway, so it's possible that my system is clean now and that these issues I've told you about are non-virus/malware related. Hope this information helps.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets tackel them one at a time. Once you have completed these steps let me know what problems remain

First Babylon

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Next silverlight

Go here and download the latest version to your desktop and then install
If that fails then uninstall the current copy of silverlight and then re-install the fresh one on your desktop
What programme is it that requires silverlight ?

Browser and general system speed

Run a discheck :

To do this:

Step One: Open "My Computer", RIGHT click on the C drive icon, choose "Properties".

Step Two: When that loads, click on the "Tools" tab, then click on the "Check Now" button in the "Error Checking" section.

Step Three: When that little window loads, place a CHECK in BOTH boxes, then click on "Start Now".

Step Four: A message will pop up saying that Error Checking will run after you restart the computer, so......Restart the computer. Error Checking will run automatically after the restart and it locks you out from doing anything until it's finished. It takes a little time to perform the task but after it's finished, it will restart into Windows automatically.

Step Five: Download and run Puran defrag... Do not accept the babylon tool bar when it installs
  • 0

#13
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hi Essexboy,

Okay, a few things.

1. I did your most recent OTL fix. You didn't specifically ask me to post the output that came up on my screen after my computer rebooted, but I thought I'd do so anyway just in case (it's below these comments). I don't know if you can tell from this, but I hope that it actually got of all remnants of the Babylon toolbar. It's interesting that it also came with the defrag program, by the way -- that's pretty much how I got it in the first place.

2. I did the disk check process you recommended (it took a LONG time by the way). After finishing, it didn't give me any indication of whether or not it was successful or anything (no log or report). Windows just started up as usual. Hope that's what's supposed to happen.

3. I also downloaded Puran defrag. You said to "run" it. I assume that you meant click on "Defrag" and choose the C Drive. I did so, and it went through the process. It did provide an "analysis report" -- let me know if you want it.

4. As for what problems remain, again, a lot of it's kind of hard to explain. I told you about the Views selection in various Windows folders keeps changing without my having changed it. Here's another example. Are you familiar with the Google Toolbar? Well, I actually prefer an older version of the toolbar, so I keep downloading that one. However, after a few hours or so (sometimes less), the current version of the toolbar somehow reappears. I learned, from doing some research online, that this has to do with the Google Update Service, and I can go to Start, Run, services.msc, double click on Google Software Update, and choose Disabled for Startup type, and that this should turn this service off. Well, this worked at first, but then a few hours later the current version once again appeared. I went back to services.msc, and the Startup type was now listed as Manual. Remember, I had just changed it to Disabled earlier in the day. So, again, it's like my system is making changes without my permission, as if it has a life of its own. To me, this is indicative of a problem, as if something is still messing with the system. I don't know if this is a virus itself, or the after-effects of a virus, or something completely random (a setting that's wrong but has nothing to do with a virus).

Sorry for the long answer, but I hope it conveys to you what's causing my concern. Thanks.


All processes killed
========== OTL ==========
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jordan Solomon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jordan Solomon
->Temp folder emptied: 13396285 bytes
->Temporary Internet Files folder emptied: 167412909 bytes
->Java cache emptied: 820046 bytes
->FireFox cache emptied: 39157119 bytes
->Google Chrome cache emptied: 6245753 bytes
->Flash cache emptied: 740 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7698 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 62484 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 217.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 12292011_172000

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope 'tis all good... The problem with the Google toolbar is that it always assumes it knows what is best for you. As soon as the browser starts there is a BHO (Browser Helper Object) which will check for updates and turn on the service for you, how nice :lol:

The relevant entries are :

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=11: C:\Program Files\Google\Google Updater\2.1.886.21021\npCIDetect11.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll



I can delete them if you wish but, at some stage they will return
  • 0

#15
jss10

jss10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hmm, that's too bad. If deleting those files will make a lasting difference, I'll do it. If it would only last a few days or so, probably not worth bothering. I'm just not sure what you mean by "at some stage."

Anyway, so you don't see, from the other things I've posted, any more problems? If so, other than maybe this Google thing, I guess we're done here. Please also tell me if I should delete/uninstall anything else that I've downloaded during this process. Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP