OTL logfile created on: 8/19/2012 6:17:59 PM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = F:\Documents and Settings\brad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1007.48 Mb Total Physical Memory | 168.09 Mb Available Physical Memory | 16.68% Memory free
2.38 Gb Paging File | 1.55 Gb Available in Paging File | 65.14% Paging File free
Paging file location(s): F:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 55.91 Gb Total Space | 46.16 Gb Free Space | 82.57% Space Free | Partition Type: NTFS
Drive F: | 76.68 Gb Total Space | 38.62 Gb Free Space | 50.37% Space Free | Partition Type: NTFS
 
Computer Name: ADAIR | User Name: brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/08/19 18:16:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
PRC - [2012/08/19 17:52:45 | 011,977,080 | ---- | M] (LogMeIn, Inc.) -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\join.me.exe
PRC - [2012/06/21 09:41:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Real\realone player\Update\realsched.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
PRC - [2007/04/24 14:26:00 | 000,910,896 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/04/24 14:25:40 | 000,149,040 | ---- | M] (Nero AG) -- F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/03/21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- F:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/08/04 12:06:39 | 000,052,736 | ---- | M] (Macrovision) -- F:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/12/01 02:54:22 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\SOUNDMAN.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/08/19 17:52:45 | 000,075,640 | ---- | M] () -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\LMIInputHook32.dll
MOD - [2012/08/19 17:52:45 | 000,075,640 | ---- | M] () -- F:\Documents and Settings\brad\Local Settings\Application Data\join.me\LMIFilterHook32-Clone000.dll
MOD - [2012/06/14 03:29:21 | 000,221,696 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:26:45 | 000,212,992 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:21:24 | 003,186,688 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 03:21:23 | 002,933,248 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 03:21:22 | 000,425,984 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 03:21:17 | 000,630,784 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/14 03:21:17 | 000,303,104 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 03:21:15 | 000,261,632 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/14 03:21:15 | 000,258,048 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/14 03:21:14 | 002,048,000 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 03:21:12 | 000,114,688 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/14 03:21:06 | 005,025,792 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 03:18:10 | 013,197,824 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:09:58 | 001,666,048 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/05/10 03:34:32 | 000,762,368 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:34:29 | 000,786,944 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:34:27 | 000,646,656 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/05/10 03:23:46 | 007,953,408 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:22:56 | 011,492,352 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/10 03:08:34 | 005,618,176 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/10 03:08:26 | 000,980,480 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/10 03:07:15 | 006,798,336 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/05/10 03:06:51 | 007,052,800 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/10 03:06:32 | 009,090,560 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/10 03:06:11 | 014,412,800 | ---- | M] () -- F:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2010/03/15 22:03:27 | 000,755,712 | ---- | M] () -- F:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2010/03/15 22:03:24 | 001,058,304 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/03/15 22:03:23 | 000,471,040 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/03/15 22:03:22 | 000,458,752 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2010/03/15 22:03:22 | 000,065,536 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2010/03/15 22:03:22 | 000,045,056 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2010/03/15 22:03:21 | 000,073,728 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2010/03/15 22:03:19 | 000,402,208 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2010/03/15 22:03:19 | 000,238,368 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/03/15 22:03:19 | 000,047,392 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2010/03/15 22:03:19 | 000,023,840 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2010/03/15 22:03:19 | 000,018,720 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2010/03/15 22:03:19 | 000,012,064 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2010/03/15 22:03:18 | 000,130,848 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/03/15 22:03:18 | 000,120,608 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2010/03/15 22:03:18 | 000,072,992 | ---- | M] () -- F:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- F:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/08/15 04:40:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- F:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/02/25 18:06:42 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- F:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/08/04 12:06:39 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- F:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- F:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- f:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys -- (RapportIaso)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver)
DRV - File not found [Kernel | Auto | Stopped] --  -- (mrtRate)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | Auto | Stopped] -- F:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011/06/16 15:08:13 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- F:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 03:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/22 09:58:24 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System | Unknown] -- F:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2008/07/28 17:26:30 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/28 17:26:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/18 04:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- F:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/08/04 12:06:37 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2004/12/01 07:40:08 | 002,300,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004/04/13 07:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- F:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001/08/23 07:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2000/05/19 16:24:56 | 000,011,504 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- F:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {B0031D74-9ABA-4A14-92E6-236D734A5B81}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{20BA5A8A-474F-404D-BD9E-14E4D9E01863}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{7191B367-70CA-4C8C-8AEA-7C978BBBE3E0}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{882CA552-FBDF-4774-B8C8-A1C9475833E8}: "URL" = http://results.myway.com/dft_redir.jhtml?id=YD&ptb=2587A50C-4C27-4E94-B1A3-9C0ED8301F63&ind=2011081323&ptnrS=YD&si=&n=&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{92FBAD1C-2865-43CF-B949-8AE5E5230FC8}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{93E0BBBA-073A-4458-BF93-43A8FC5E8790}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{B0031D74-9ABA-4A14-92E6-236D734A5B81}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C5927096-BD38-4BCC-9CB6-ADF716FBDF9E}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{CF171107-C09F-439A-B896-2E2F84199B86}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
IE - HKLM\..\SearchScopes\{D697D355-BE54-421C-A433-E2CB3DE1042E}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B0031D74-9ABA-4A14-92E6-236D734A5B81}
IE - HKCU\..\SearchScopes\{0B21527E-43E2-4175-BA65-44E703D5FDBD}: "URL" = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=type=W3i_DS,136,0_0,Search,20120520,18807,0,8,0
IE - HKCU\..\SearchScopes\{2DBB298B-8C22-4D37-9FBA-20A0D961D2C9}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6526806D-9DBB-4F92-81E1-BDAA96A0770C}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{8352F997-8590-47C2-9AB1-F4FF64E8FFF6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{B0031D74-9ABA-4A14-92E6-236D734A5B81}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{C60B5CFA-62A7-4F27-B995-7EDDB190AB67}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{E009B318-93FD-45BD-A336-FA73904D26EA}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
IE - HKCU\..\SearchScopes\{E48EDB05-0F5D-4DB6-9259-8BA6691C42C0}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "PureDef Music"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.31
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.3
FF - prefs.js..keyword.URL: "http://results.myway.com/dft_redir.jhtml?id=YD&ptb=2587A50C-4C27-4E94-B1A3-9C0ED8301F63&ind=2011081323&ptnrS=YD&si=&n=&psa=&st=kwd&searchfor="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: f:\program files\real\realone player\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/21 09:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/06/21 09:41:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2012/08/18 07:40:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}: F:\Documents and Settings\brad\Local Settings\Application Data\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}\ [2012/07/08 14:04:38 | 000,000,000 | ---D | M]
 
[2011/12/13 10:52:07 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Extensions
[2010/08/11 17:37:57 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/12/13 11:29:18 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions
[2010/05/22 22:25:04 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/13 11:29:18 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2012/05/19 13:31:03 | 000,000,000 | ---D | M] ("I Want This") -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\crossriderapp2258@crossrider.com
[2011/12/12 21:35:38 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\inboxcomtoolbar@inbox.com
[2010/05/22 22:25:04 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\extensions\staged-xpis
[2010/05/22 22:25:28 | 000,002,168 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\inbox-search.xml
[2011/12/12 21:35:55 | 000,009,944 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\puredefmusic.xml
[2011/12/06 20:24:54 | 000,002,513 | ---- | M] () -- F:\Documents and Settings\brad\Application Data\Mozilla\Firefox\Profiles\cus5hz1y.default\searchplugins\Search_Results.xml
[2011/12/13 11:28:30 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2011/12/13 11:28:30 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2010/04/17 23:35:09 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/07/08 14:04:38 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- F:\DOCUMENTS AND SETTINGS\BRAD\LOCAL SETTINGS\APPLICATION DATA\{C0287E9E-C92F-11E1-8270-B8AC6F996F26}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/21 09:41:30 | 000,129,144 | ---- | M] (RealPlayer) -- F:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/12/06 20:24:54 | 000,002,513 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: http://www.google.com
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=20&systemid=2&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = F:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = F:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = F:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Earth Plugin (Enabled) = F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = F:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = F:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = F:\Documents and Settings\brad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2012/07/18 12:14:59 | 000,443,488 | R--- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15236 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe Photo Downloader] F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] F:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [robap] F:\Documents and Settings\brad\Application Data\robap.dll (SigmaTel, Inc.)
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realone player\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] F:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] "F:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O15 - HKCU\..Trusted Domains: compassweb.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toolbox.webex.com/client/T23L/support/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///F:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D398E6C-FB2A-44A7-A417-198B486AE7E2}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - F:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\brad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - F:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/07 18:58:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/08/19 18:16:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
[2012/08/19 17:39:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/08/19 17:39:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/08 14:04:35 | 000,402,944 | ---- | C] (SigmaTel, Inc.) -- F:\Documents and Settings\brad\Application Data\robap.dll
[2005/07/20 08:50:15 | 000,515,269 | ---- | C] (InstallShield Software Corporation) -- F:\Program Files\GoogleEarth.exe
[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/08/19 18:16:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\brad\Desktop\OTL.exe
[2012/08/19 17:52:38 | 000,001,324 | ---- | M] () -- F:\WINDOWS\System32\d3d9caps.dat
[2012/08/19 17:51:01 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/19 17:40:01 | 000,000,830 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/19 12:00:00 | 000,000,942 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/19 12:00:00 | 000,000,360 | ---- | M] () -- F:\WINDOWS\tasks\PerfectOptimizer_home.job
[2012/08/19 02:10:31 | 000,000,330 | -H-- | M] () -- F:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/08/18 22:51:00 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/18 07:39:18 | 000,000,308 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\BBVA Compass.url
[2012/08/15 14:16:00 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-1390067357-682003330-1003.job
[2012/08/15 03:22:50 | 000,000,276 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-1390067357-682003330-1003.job
[2012/08/15 03:22:48 | 000,013,002 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/08/15 03:22:38 | 000,000,236 | ---- | M] () -- F:\WINDOWS\tasks\OGALogon.job
[2012/08/15 03:22:10 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/08/15 03:22:03 | 000,345,808 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 03:21:58 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\lvuvc.hs
[2012/08/15 03:21:55 | 000,000,000 | ---- | M] () -- F:\WINDOWS\System32\drivers\logiflt.iad
[2012/08/15 03:05:11 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2012/07/31 13:13:46 | 000,003,102 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\Convert Area - Unit Converter.url
[2012/07/31 12:58:04 | 000,000,385 | ---- | M] () -- F:\Documents and Settings\brad\Desktop\Google Maps.url
[2012/07/27 16:43:17 | 000,211,862 | ---- | M] () -- F:\Documents and Settings\brad\My Documents\Customer Fax Express Form1.pdf
[2012/07/25 14:17:24 | 000,000,116 | ---- | M] () -- F:\WINDOWS\NeroDigital.ini
[5 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[35 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/07/27 16:43:17 | 000,211,862 | ---- | C] () -- F:\Documents and Settings\brad\My Documents\Customer Fax Express Form1.pdf
[2012/07/14 23:44:39 | 000,001,324 | ---- | C] () -- F:\WINDOWS\System32\d3d9caps.dat
[2012/04/18 03:36:06 | 000,308,358 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1390067357-682003330-1003-0.dat
[2012/04/18 03:36:05 | 000,308,358 | ---- | C] () -- F:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/17 18:01:13 | 000,000,590 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 07:03:01 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll
[2011/12/13 15:04:05 | 000,000,111 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2011/12/12 21:17:09 | 000,237,857 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\census.cache
[2011/12/12 21:16:31 | 000,204,352 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\ars.cache
[2011/12/12 20:41:51 | 000,000,036 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\housecall.guid.cache
[2011/12/05 12:25:26 | 000,000,024 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2010/05/01 09:40:13 | 000,019,968 | ---- | C] () -- F:\Documents and Settings\brad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 10:31:45 | 000,000,600 | ---- | C] () -- F:\Documents and Settings\brad\PUTTY.RND
[2009/03/27 12:15:32 | 000,000,064 | ---- | C] () -- F:\Documents and Settings\brad\default.pls
[2006/04/10 16:44:29 | 000,000,115 | ---- | C] () -- F:\Documents and Settings\brad\Q3.DIR
[2005/10/29 11:09:23 | 000,000,038 | ---- | C] () -- F:\Program Files\segment1.ram
[2005/09/26 11:05:22 | 000,001,755 | ---- | C] () -- F:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/12/11 16:22:04 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\430F
[2012/08/15 03:23:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/12/06 20:24:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/02 07:31:19 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2012/07/20 15:45:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GFI Software
[2011/06/27 20:06:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/03/25 14:01:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2012/05/19 23:35:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/07/14 23:36:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/28 09:57:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Trusteer
[2010/04/20 07:39:59 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/06 06:20:37 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 07:54:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/13 11:26:49 | 000,000,000 | -H-D | M] -- F:\Documents and Settings\All Users\Application Data\~0
[2012/06/08 22:07:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Ad-Aware Antivirus
[2009/03/26 11:35:29 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Canon
[2009/06/29 07:35:33 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/02 07:31:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\eFax Messenger
[2009/06/06 11:40:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\FUJIFILM
[2006/03/28 17:51:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\iPodder
[2010/07/02 07:30:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\j2 Global
[2007/05/17 10:27:22 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Keyhole
[2009/04/11 14:09:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Leadertech
[2010/05/13 12:53:28 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\NewSoft
[2009/03/25 18:16:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\ScanSoft
[2010/05/22 22:28:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\SiteRanker
[2010/04/03 09:41:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\SmartDraw
[2012/07/14 23:13:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\TestApp
[2007/11/16 14:15:25 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Uniblue
[2011/12/07 07:27:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\wincorebsband
[2012/05/19 13:33:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\brad\Application Data\Zeon
[2012/08/19 12:00:00 | 000,000,942 | ---- | M] () -- F:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/19 02:10:31 | 000,000,330 | -H-- | M] () -- F:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/08/15 03:22:38 | 000,000,236 | ---- | M] () -- F:\WINDOWS\Tasks\OGALogon.job
[2012/08/19 12:00:00 | 000,000,360 | ---- | M] () -- F:\WINDOWS\Tasks\PerfectOptimizer_home.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 105 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >