OTL logfile created on: 3/2/2010 11:13:57 AM - Run OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 820.00 Mb Available Physical Memory | 81.00% Memory free 902.00 Mb Paging File | 843.00 Mb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 2000 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.80 Gb Total Space | 134.02 Gb Free Space | 90.06% Space Free | Partition Type: NTFS Drive D: | 149.01 Gb Total Space | 132.35 Gb Free Space | 88.82% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO Current User Name: SYSTEM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard Using ControlSet: ControlSet002 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS) SRV - [2009/12/09 04:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (EraserSvc10923) SRV - [2008/09/10 16:39:48 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/09/10 15:50:26 | 000,116,040 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/08/29 09:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2005/12/20 14:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005/11/28 14:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005/11/28 14:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005/11/28 14:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr) SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service) SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SVRPEDRV) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2010/02/12 17:41:30 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100212.022\NAVEX15.SYS -- (NAVEX15) DRV - [2010/02/12 17:41:30 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010/02/12 17:41:30 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2010/02/12 17:41:30 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100212.022\NAVENG.SYS -- (NAVENG) DRV - [2010/02/12 17:06:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/12/09 04:06:51 | 000,501,888 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\ccHPx86.sys -- (ccHP) DRV - [2009/12/03 01:08:32 | 000,325,168 | R--- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SRTSP.SYS -- (SRTSP) DRV - [2009/12/03 01:08:32 | 000,043,696 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2009/11/26 01:41:48 | 000,172,592 | R--- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SymEFA.sys -- (SymEFA) DRV - [2009/11/26 01:41:22 | 000,116,272 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\Ironx86.SYS -- (SymIRON) DRV - [2009/11/26 01:40:54 | 000,529,456 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2009/11/21 19:43:48 | 000,362,032 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SYMTDI.SYS -- (SYMTDI) DRV - [2009/11/16 19:51:14 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20091105.001\IDSxpx86.sys -- (IDSxpx86) DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1105000.07F\SymDS.sys -- (SymDS) DRV - [2008/09/10 15:45:18 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL) DRV - [2008/04/17 12:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/08 18:08:11 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2006/02/16 04:56:07 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/12/16 03:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/12/09 19:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/12/04 12:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005/11/30 14:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2005/11/30 13:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005/11/28 01:20:20 | 001,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2005/11/25 05:38:00 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/10/26 15:12:48 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20) DRV - [2005/10/20 17:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005/10/10 02:31:42 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R) DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005/09/14 05:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005/09/09 17:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv) DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf) DRV - [2005/01/12 03:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N) DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock) DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\Ryan_L_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\Ryan_L_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Ryan_L_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ FF - HKLM\software\mozilla\Firefox\Extensions\\{453158F6-8D88-4D02-859C-0FE3C0EC045E}: C:\Documents and Settings\Ryan L\Local Settings\Application Data\{453158F6-8D88-4D02-859C-0FE3C0EC045E} [2010/02/02 15:59:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/02/12 17:06:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/02/12 17:06:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/23 19:40:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/23 19:40:03 | 000,000,000 | ---D | M] [2008/08/07 16:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2008/12/21 23:15:46 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation) O3 - HKU\Ryan_L_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\CoIEPlg.dll (Symantec Corporation) O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\Ryan_L_ON_C..\RunOnce: [*LogMeInRescue_509385126] C:\WINDOWS\LMIA.tmp\lmi_rescue.exe (LogMeIn, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 4 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\Ryan_L_ON_C\..Trusted Domains: 5 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/02/15 10:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/04/09 16:30:28 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ] O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010/03/02 11:09:13 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft [2010/03/02 11:07:49 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp [2010/03/02 11:07:48 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies [2010/03/02 11:07:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent [2010/03/02 11:07:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures [2010/03/02 11:07:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music [2010/03/02 11:07:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents [2010/03/02 11:07:48 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop [2010/03/02 11:07:48 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data [2010/02/26 14:01:46 | 000,000,000 | ---D | C] -- C:\_OTL [2010/02/23 17:21:11 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache [2010/02/12 18:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\Application Data\Malwarebytes [2010/02/12 18:43:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/12 18:43:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/12 18:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/12 18:17:21 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys [2010/02/12 17:43:52 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe [2010/02/12 17:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\Local Settings\Application Data\Symantec [2010/02/12 17:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\My Documents\Symantec [2010/02/12 17:06:34 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010/02/12 17:06:34 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010/02/12 17:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2010/02/12 17:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2010/02/12 17:06:19 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\cchpx86.sys [2010/02/12 17:06:19 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symtdi.sys [2010/02/12 17:06:19 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symtdiv.sys [2010/02/12 17:06:19 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymDS.sys [2010/02/12 17:06:19 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.sys [2010/02/12 17:06:19 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymEFA.sys [2010/02/12 17:06:19 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Ironx86.sys [2010/02/12 17:06:19 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.sys [2010/02/12 17:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security [2010/02/12 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2010/02/12 16:45:20 | 000,854,064 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Ryan L\My Documents\Norton_Removal_Tool.exe [2010/02/12 16:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2010/02/12 16:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMIA.tmp [2010/02/10 19:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\Application Data\Tific [2010/02/10 19:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS [2010/02/10 19:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1105000.07F [2010/02/10 19:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2010/02/10 19:25:01 | 094,227,272 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Ryan L\My Documents\NIS-UPGRADE-ESD-17-5-0-127-EN.exe [2010/02/10 17:12:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LMI4.tmp [2010/02/10 16:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\Local Settings\Application Data\ICS [2010/02/10 10:19:36 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan L\Desktop\mbam-setup.exe [2010/02/02 15:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan L\Local Settings\Application Data\{453158F6-8D88-4D02-859C-0FE3C0EC045E} [2006/02/15 11:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Ryan L\My Documents\*.tmp files -> C:\Documents and Settings\Ryan L\My Documents\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010/03/02 11:09:42 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/02/27 14:16:59 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/12 18:48:56 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/02/12 18:48:56 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/02/12 18:48:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/12 18:48:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/12 18:48:44 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Ryan L\NTUSER.DAT [2010/02/12 18:48:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ryan L\ntuser.ini [2010/02/12 18:34:21 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys [2010/02/12 17:43:52 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe [2010/02/12 17:06:34 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2010/02/12 17:06:34 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2010/02/12 17:06:34 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010/02/12 17:06:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010/02/12 16:45:25 | 000,854,064 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Ryan L\My Documents\Norton_Removal_Tool.exe [2010/02/12 16:28:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{119AAF91-F4B7-4674-82CA-1DD273A3E801}.job [2010/02/12 16:26:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/10 19:37:47 | 000,629,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB [2010/02/10 19:25:22 | 094,227,272 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Ryan L\My Documents\NIS-UPGRADE-ESD-17-5-0-127-EN.exe [2010/02/10 18:44:43 | 000,000,491 | ---- | M] () -- C:\WINDOWS\win.ini [2010/02/10 18:44:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/02/10 18:44:43 | 000,000,209 | RHS- | M] () -- C:\boot.ini [2010/02/10 10:19:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ryan L\Desktop\mbam-setup.exe [2010/02/01 16:09:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/31 13:32:49 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Ryan L\My Documents\fly.doc [2010/01/31 13:31:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Ryan L\My Documents\~$fly.doc [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Ryan L\My Documents\*.tmp files -> C:\Documents and Settings\Ryan L\My Documents\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/03/02 11:07:49 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk [2010/03/02 11:07:49 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk [2010/03/02 11:07:49 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk [2010/03/02 11:07:49 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk [2010/03/02 11:07:49 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk [2010/03/02 11:07:49 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk [2010/03/02 11:07:49 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk [2010/03/02 11:07:49 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk [2010/03/02 11:07:49 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk [2010/03/02 11:07:49 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk [2010/03/02 11:07:49 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk [2010/03/02 11:07:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk [2010/03/02 11:07:49 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk [2010/03/02 11:07:49 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk [2010/03/02 11:07:49 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk [2010/03/02 11:07:49 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk [2010/03/02 11:07:49 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk [2010/02/25 18:48:22 | 000,001,670 | ---- | C] () -- C:\sysprep [2010/02/12 17:06:34 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2010/02/12 17:06:34 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2010/02/12 17:06:11 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymEFA.inf [2010/02/12 17:06:11 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymDS.inf [2010/02/12 17:06:11 | 000,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\ccHPx86.inf [2010/02/12 17:06:11 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymNetV.inf [2010/02/12 17:06:11 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymNet.inf [2010/02/12 17:06:11 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.inf [2010/02/12 17:06:11 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.inf [2010/02/12 17:06:11 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Iron.inf [2010/02/12 17:06:00 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\symnetv.cat [2010/02/12 17:06:00 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymEFA.cat [2010/02/12 17:06:00 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtspx.cat [2010/02/12 17:06:00 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\srtsp.cat [2010/02/12 17:06:00 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\iron.cat [2010/02/12 17:06:00 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymDS.cat [2010/02/12 17:06:00 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\cchpx86.cat [2010/02/12 17:06:00 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\SymNet.cat [2010/02/12 17:06:00 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\isolate.ini [2010/02/10 19:37:30 | 000,629,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1105000.07F\Cat.DB [2010/01/31 13:31:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Ryan L\My Documents\~$fly.doc [2009/08/12 15:53:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/07/23 21:02:14 | 000,018,662 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll [2008/12/21 23:19:51 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Ryan L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/08 18:08:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Ryan L\Local Settings\Application Data\fusioncache.dat [2008/01/08 15:31:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/13 17:56:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006/02/24 23:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll [2006/02/17 04:57:19 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2006/02/16 10:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2006/02/16 04:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006/02/16 04:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/02/16 04:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/02/16 04:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/02/16 04:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/02/16 04:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/02/15 11:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006/02/15 11:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006/02/15 11:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006/02/15 11:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006/02/15 11:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006/02/15 11:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006/02/15 11:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006/02/15 11:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006/02/15 11:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/02/15 10:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/02/15 10:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/02/15 09:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005/09/02 17:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys [2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004/07/20 20:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004/01/15 17:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [color=#E56717]========== LOP Check ==========[/color] [2009/03/18 16:12:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore [2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba [2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba [2009/11/07 11:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2008/01/08 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan L\Application Data\acccore [2010/02/10 19:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan L\Application Data\Tific [2006/02/16 04:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan L\Application Data\toshiba [2008/01/08 23:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan L\Application Data\Viewpoint [2010/02/01 16:09:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/02/12 16:28:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{119AAF91-F4B7-4674-82CA-1DD273A3E801}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < End of report >