OTL logfile created on: 12/27/2009 3:35:56 PM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Shel\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 352.00 Mb Available Physical Memory | 34.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 48.41 Gb Free Space | 64.98% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FRED Current User Name: Shel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/12/27 15:34:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shel\My Documents\Downloads\OTL.exe PRC - [2009/12/18 19:23:35 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/28 19:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/10/28 19:21:22 | 10,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe PRC - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/08/28 18:48:08 | 00,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe PRC - [2009/08/28 18:48:02 | 00,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/07/27 19:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe PRC - [2009/05/21 22:13:36 | 00,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2009/05/21 21:46:36 | 00,559,104 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2009/05/21 21:46:36 | 00,168,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009/03/30 18:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 18:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/03/27 15:56:12 | 00,438,272 | ---- | M] () -- C:\Program Files\PCSecurityShield\BitDefender 2009\seccenter.exe PRC - [2009/03/27 15:54:32 | 01,626,112 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe PRC - [2009/03/25 16:05:08 | 00,413,696 | ---- | M] (PCSecurityShield) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2009/03/23 12:14:14 | 00,778,240 | ---- | M] (PCSecurityShield) -- C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/27 00:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe PRC - [2008/04/14 07:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2004/07/01 16:20:20 | 00,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe PRC - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2002/04/03 03:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009/12/27 15:34:27 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shel\My Documents\Downloads\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/10/28 19:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009/05/21 22:13:36 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2009/05/21 22:09:24 | 00,660,992 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC) SRV - [2009/05/21 22:03:06 | 00,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2009/03/30 18:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/27 15:54:32 | 01,626,112 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\PCSecurityShield\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2009/03/25 16:05:08 | 00,413,696 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2009/03/23 14:20:06 | 00,323,584 | ---- | M] (PCSecurityShield) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2009/01/20 19:16:20 | 00,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/12/03 20:05:42 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2008/12/03 20:05:32 | 00,044,544 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2003/11/03 12:46:00 | 00,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.0000 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.0.2.0 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\PCSecurityShield\BitDefender 2009\FFToolbar\ [2009/12/09 12:43:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/11/16 18:29:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 11:26:05 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/18 19:23:46 | 00,000,000 | ---D | M] [2009/08/17 09:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Mozilla\Extensions [2009/12/27 12:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\75rmg86k.default\extensions [2009/11/26 22:44:36 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\75rmg86k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/11/15 10:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\75rmg86k.default\extensions\toolbar@alot.com [2009/10/11 13:48:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\75rmg86k.default\extensions\toolbar@shopathome.com [2009/12/27 12:32:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/03/05 18:08:04 | 00,049,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll [2009/11/19 17:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll [2009/11/19 17:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll O1 HOSTS File: (818 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 78.159.110.57 www.google.com O1 - Hosts: 78.159.110.57 www.google.de O1 - Hosts: 78.159.110.57 www.google.fr O1 - Hosts: 78.159.110.57 www.google.co.uk O1 - Hosts: 78.159.110.57 www.google.com.br O1 - Hosts: 78.159.110.57 www.google.it O1 - Hosts: 78.159.110.57 www.google.es O1 - Hosts: 78.159.110.57 www.google.co.jp O1 - Hosts: 78.159.110.57 www.google.com.mx O1 - Hosts: 78.159.110.57 www.google.ca O1 - Hosts: 78.159.110.57 www.google.com.au O1 - Hosts: 78.159.110.57 www.google.nl O1 - Hosts: 78.159.110.57 www.google.co.za O1 - Hosts: 78.159.110.57 www.google.be O1 - Hosts: 78.159.110.57 www.google.gr O1 - Hosts: 78.159.110.57 www.google.at O1 - Hosts: 78.159.110.57 www.google.se O1 - Hosts: 78.159.110.57 www.google.ch O1 - Hosts: 78.159.110.57 www.google.pt O1 - Hosts: 78.159.110.57 www.google.dk O1 - Hosts: 78.159.110.57 www.google.fi O1 - Hosts: 78.159.110.57 www.google.ie O1 - Hosts: 78.159.110.57 www.google.no O1 - Hosts: 78.159.110.57 search.yahoo.com O1 - Hosts: 2 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (The Shield Deluxe 2009 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\PCSecurityShield\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDAgent] C:\Program Files\PCSecurityShield\BitDefender 2009\bdagent.exe (PCSecurityShield) O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\PCSecurityShield\BitDefender 2009\IEShow.exe (The Shield Deluxe 2009 ) O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [iRiver Updater] \Updater.exe () O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250518990312 (WUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://whiteoaksys.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/16 17:05:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/16 17:05:27 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16892003295952896) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/12/26 20:39:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shel\Application Data\Malwarebytes [2009/12/26 20:39:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 20:39:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/26 20:39:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 20:39:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/26 20:23:08 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/09/25 19:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2009/09/07 19:45:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/08/26 19:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2009/08/20 15:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/08/20 11:10:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/08/20 11:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/08/16 20:51:51 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/12/27 08:30:59 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E519F541-3FEF-453E-A994-C3BE663729CF}.job [2009/12/26 20:39:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/26 20:30:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/26 20:30:46 | 00,000,462 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job [2009/12/26 20:30:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/26 20:30:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/26 20:29:14 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2009/12/26 20:29:09 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\Shel\NTUSER.DAT [2009/12/26 20:29:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Shel\ntuser.ini [2009/12/26 20:29:04 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI [2009/12/26 20:27:19 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\Shortcut to TFC.lnk [2009/12/25 22:03:59 | 05,364,650 | -H-- | M] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\IconCache.db [2009/12/25 13:12:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2009/12/25 10:14:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/12/25 10:02:05 | 03,864,524 | R--- | M] () -- C:\Documents and Settings\Shel\Desktop\ComboFix.exe [2009/12/25 09:41:38 | 00,000,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/25 01:15:21 | 00,171,204 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/12/20 17:56:01 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\Shel\Desktop\Shortcut to 99.9 F°.lnk [2009/12/20 13:15:40 | 00,075,577 | ---- | M] () -- C:\Documents and Settings\Shel\My Documents\list xmas.xml [2009/12/19 17:53:04 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/19 15:29:42 | 00,000,687 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009/12/26 20:39:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/26 20:27:19 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\Shel\Desktop\Shortcut to TFC.lnk [2009/12/25 10:02:01 | 03,864,524 | R--- | C] () -- C:\Documents and Settings\Shel\Desktop\ComboFix.exe [2009/12/20 17:56:01 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Shel\Desktop\Shortcut to 99.9 F°.lnk [2009/11/03 12:34:46 | 00,006,496 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/10/12 10:32:10 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2009/09/14 07:59:03 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\fusioncache.dat [2009/08/31 18:39:57 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009/08/31 18:38:25 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPM_PAL260.ini [2009/08/29 18:31:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009/08/28 00:46:21 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009/08/18 22:31:56 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Shel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/17 09:19:27 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/08/17 08:40:23 | 00,000,464 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2009/08/16 21:32:07 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2009/08/16 20:52:18 | 00,000,066 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2009/08/16 20:51:51 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll [2009/08/16 20:51:51 | 00,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI [2009/08/16 20:51:51 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini [2009/08/16 20:51:51 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008/10/09 16:31:54 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2007/09/27 12:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 12:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 12:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/01/31 14:50:32 | 00,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999/01/04 15:25:00 | 00,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [1998/11/04 04:20:00 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [1998/03/22 12:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [color=#E56717]========== LOP Check ==========[/color] [2009/08/20 09:42:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender [2009/08/17 08:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2009/09/22 11:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner [2009/08/31 18:40:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2009/09/14 11:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office-Kit.com [2009/08/18 21:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2009/08/17 23:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads [2009/09/22 11:41:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} [2009/09/23 08:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/08/20 09:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\BitDefender [2009/12/04 15:54:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\CheckPoint [2009/11/23 15:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009/10/05 10:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\DeviceDoctorSoftware [2009/09/14 12:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\EzySoft [2009/08/31 18:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Leadertech [2009/09/14 11:32:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Office-Kit.com [2009/10/23 08:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\SmartDraw [2009/12/04 13:20:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Uniblue [2009/09/23 08:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\webex [2009/08/20 10:57:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Windows Desktop Search [2009/09/01 19:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shel\Application Data\Windows Search [2009/12/26 20:30:46 | 00,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job [2009/12/27 08:30:59 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E519F541-3FEF-453E-A994-C3BE663729CF}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2004/03/10 16:16:33 | 00,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe [2004/07/01 16:20:20 | 00,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys [2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/14 02:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003/07/16 11:18:31 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008/04/14 02:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2009/01/20 19:16:14 | 00,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll [2008/04/14 07:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 07:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/14 07:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll [2003/07/16 11:22:12 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/14 07:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 07:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/14 07:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2003/07/16 11:32:31 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll [2003/07/16 11:37:42 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/14 07:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 07:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/14 07:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] < End of report >