wilkelldad

Hi Elise, You thought I was gone. I think we've got it. I reset the router, changed the passwords, reran some of the scans and fixes we did earlier, and have been searching all afternoon. Not one re-direct. Thanks you for your help gaining control of my cyberworld! Sincerely, David Watch for donation, on my way (Would have gone anyway).

Happy Saturday Elise, I am still being redirected. I thought I'd ask, since at one point we turned off the Spybot teatimer and rescanned...do you think that there is anything else we did along the way may have been hindered by that program? If you don't think that anything dangerous is going on, and really it's just an inconvenience, I may just wait until I have the time to sit down and reformat the hard drive to factory condition. I do appreciate the time you've spent helping me.

Right click menu on only has RUN (not "as administrator") I am running it now.

This time I did the same search in all three browsers, clicked the same three links in each.

:) First search out of the box in FF and IE. Chrome remains unaffected (seemingly).

Ran it and didn't paste log, reran. Here are the logs: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: David ->Temp folder emptied: 4886 bytes ->Temporary Internet Files folder emptied: 47861 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 4079026 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.9.0 log created on 07182010_120744 Files\Folders moved on Reboot... Registry entries deleted on Reboot... I'll let you know how it performs. Thanks Elise! David

Good morning Elise, It's back. After a night of un-redirected searchs, when clicking on the result of the first search I did this morning, in FF, the page half loaded then hung-up. I hit f5 for a reload and the redirects started. Nothing, yet, in IE. The initial redirect was going to a site that McAfee warned was malicious, thereafter to other search engines. Thoughts?

I am cautiously optimistic At least 50 search in each, IE and FF, with NO REDIRECTS. I'll kick it around over the next day or so before rejoicing. I may have just hit the "on" switch. You're a trooper to keep working with me. I'll let you know. Thanks David

as an FYI...the sdhelper and teatimer boxes were already unchecked when I went there. If this is hiding things I can uninstall the whole program if it helps. Let me know. The result of the OTL scan All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: David ->Temp folder emptied: 5462289 bytes ->Temporary Internet Files folder emptied: 30828605 bytes ->Java cache emptied: 52521834 bytes ->FireFox cache emptied: 36816511 bytes ->Google Chrome cache emptied: 12512444 bytes ->Flash cache emptied: 42114 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41044 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65787 bytes ->Flash cache emptied: 567 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1510 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2554944 bytes Total Files Cleaned = 134.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.9.0 log created on 07172010_133059 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF1E79.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF1FCE.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF2687.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF29F0.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF364E.tmp not found! File\Folder C:\Documents and Settings\David\Local Settings\Temp\~DF3EBE.tmp not found! C:\Documents and Settings\David\Local Settings\Temp\~DF3F2B.tmp moved successfully. C:\Documents and Settings\David\Local Settings\Temp\~DF83CA.tmp moved successfully. Registry entries deleted on Reboot... AGAIN, THANKS FOR YOUR HELP

Just finished this and rebooted. Searched and was redirected. I was able to capture the redirects in screen shots, I don't know if these would help. Thanks for sticking with me.

With the exception of yesterday's (Thursday) redirect, they all occurred at home. Even so, I reset my router and changed the network key and password to the dashboard. redirect. The un-nerving things is, I guess, there is something stealth in here and I suppose I can only hope it's just a pest. I appreciate your help to this point, but I've got to decide whether it's not just time to cry uncle.

The redirects yesterday were while I was in the hotel, on the public network. I never thought about the router. While there have been unexplained delays, almost like an overworked computer, on all of the other computers on my home network. None of the other computers are being redirected. Should I replace the router, then just plan on restoring the computer to factory condition?

Finished the ESET scan. Nothing found. OK....REALLY dumb question here (actually, dumb guy asking question) I have a log file from when all of this began, before I contacted you where MBAM found something. MBAM quarantined and deleted it. I didn't even think of mentioning it, since everything had been cleaned, until I was watching the ESET scan window with 0 infections found. Would this log help? I'll paste it below. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4191 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/12/2010 12:57:56 PM mbam-log-2010-06-12 (12-57-56).txt Scan type: Quick scan Objects scanned: 133504 Time elapsed: 19 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

There are some scanning options here... Remove threats I assume? How about scan archives?

The windows scan is finished, but no log or anything. Is that right?

The only pattern I see is the redirect starts with going to the website, at least in the address bar, the site I mentioned earlier, ohtgnoeriga.com (with prefixes and suffixes)or a site aslds.com (? or similar). I'll try to capture at least the domain of the redirect. I'll scan until the computer prompts for the XP discs ( maybe it won't). If it does, I'll have to wait to get back home, I'm in a hotel for now, will be home tonight. would you want to wait to scan with ESET until after the sfc scannow? Is it safe from a public network?

Good morning Elise, Same issue. Many searches yesterday with no redirects on FF safemode. This morning, the first search after booting up and going into FF safe mode I was redirected.

Good morning Elise, I continue to be redirected in both browsers. I'm not sure if I've mentioned this, it on "clicks" only. If I copy and paste the links I go where the link intended. Thoughts?

I REALLY appreciate your support!

I get diverted with IE, nothing with FF for now. I'll kick it around and see if it's limited to IE only, if you'd like.

Elise, Here are the results of test.bat. Windows IP Configuration Host Name . . . . . . . . . . . . : DC62K091 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1370 WLAN Mini-PCI Card Physical Address. . . . . . . . . : 00-90-4B-E7-A2-9F Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.102 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 Lease Obtained. . . . . . . . . . : Tuesday, July 13, 2010 2:24:16 PM Lease Expires . . . . . . . . . . : Wednesday, July 14, 2010 2:24:16 PM Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : 00-14-22-90-E4-67 Server: resolver1.opendns.com Address: 208.67.222.222 DNS request timed out. timeout was 2 seconds. Name: google.com Address: 173.194.33.104 Server: resolver1.opendns.com Address: 208.67.222.222 Name: yahoo.com Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70 67.195.160.76 Pinging google.com [173.194.33.104] with 32 bytes of data: Reply from 173.194.33.104: bytes=32 time=113ms TTL=51 Reply from 173.194.33.104: bytes=32 time=109ms TTL=51 Ping statistics for 173.194.33.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 109ms, Maximum = 113ms, Average = 111ms Pinging yahoo.com [98.137.149.56] with 32 bytes of data: Reply from 98.137.149.56: bytes=32 time=81ms TTL=50 Reply from 98.137.149.56: bytes=32 time=78ms TTL=50 Ping statistics for 98.137.149.56: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 78ms, Maximum = 81ms, Average = 79ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 90 4b e7 a2 9f ...... Dell Wireless 1370 WLAN Mini-PCI Card - McAfee Core NDIS Intermediate Filter Miniport 0x10004 ...00 14 22 90 e4 67 ...... Broadcom 440x 10/100 Integrated Controller - McAfee Core NDIS Intermediate Filter Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20 192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 25 192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 25 192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 25 224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 25 255.255.255.255 255.255.255.255 192.168.1.102 10004 1 255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None

Once I shut down Firefox, the redirects started. They are occurring in both IE and FF

Before writing you this morning both browsers were redirecting me..neither is right now.

Elise, Below is the log. It did not prompt for a reboot....should I? Thanks David 12:39:46:593 5996 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 12:39:46:593 5996 ================================================================================ 12:39:46:593 5996 SystemInfo: 12:39:46:593 5996 OS Version: 5.1.2600 ServicePack: 3.0 12:39:46:593 5996 Product type: Workstation 12:39:46:593 5996 ComputerName: DC62K091 12:39:46:593 5996 UserName: David 12:39:46:593 5996 Windows directory: C:\WINDOWS 12:39:46:593 5996 System windows directory: C:\WINDOWS 12:39:46:593 5996 Processor architecture: Intel x86 12:39:46:593 5996 Number of processors: 1 12:39:46:593 5996 Page size: 0x1000 12:39:46:593 5996 Boot type: Normal boot 12:39:46:593 5996 ================================================================================ 12:39:47:390 5996 Initialize success 12:39:47:390 5996 12:39:47:390 5996 Scanning Services ... 12:39:48:515 5996 Raw services enum returned 365 services 12:39:48:531 5996 12:39:48:531 5996 Scanning Drivers ... 12:39:50:640 5996 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 12:39:50:750 5996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:39:50:796 5996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:39:50:875 5996 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 12:39:50:953 5996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:39:51:093 5996 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 12:39:51:109 5996 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 12:39:51:140 5996 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 12:39:51:171 5996 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 12:39:51:187 5996 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 12:39:51:203 5996 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 12:39:51:218 5996 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 12:39:51:234 5996 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 12:39:51:265 5996 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 12:39:51:281 5996 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 12:39:51:328 5996 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 12:39:51:359 5996 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 12:39:51:390 5996 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 12:39:51:406 5996 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 12:39:51:468 5996 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 12:39:51:531 5996 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 12:39:51:578 5996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:39:51:625 5996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:39:51:750 5996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:39:51:796 5996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:39:52:187 5996 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 12:39:52:515 5996 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 12:39:52:734 5996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:39:52:968 5996 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 12:39:53:078 5996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:39:53:140 5996 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 12:39:53:187 5996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:39:53:218 5996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:39:53:265 5996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:39:53:312 5996 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys 12:39:53:390 5996 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 12:39:53:406 5996 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 12:39:53:421 5996 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 12:39:53:468 5996 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 12:39:53:515 5996 crlscsi (e08ac114b931dacafbdd9d5e0b93815c) C:\WINDOWS\system32\drivers\crlscsi.sys 12:39:53:562 5996 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 12:39:53:593 5996 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 12:39:53:609 5996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:39:53:734 5996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:39:53:812 5996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:39:53:843 5996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:39:53:906 5996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:39:53:968 5996 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 12:39:54:109 5996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:39:54:234 5996 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 12:39:54:250 5996 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 12:39:54:296 5996 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 12:39:54:343 5996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:39:54:390 5996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:39:54:421 5996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:39:54:468 5996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:39:54:515 5996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:39:54:562 5996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:39:54:609 5996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:39:54:656 5996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12:39:54:750 5996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:39:54:781 5996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:39:54:796 5996 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:39:54:859 5996 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 12:39:54:921 5996 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 12:39:55:125 5996 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 12:39:55:328 5996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:39:55:359 5996 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 12:39:55:406 5996 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 12:39:55:453 5996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:39:55:546 5996 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 12:39:55:640 5996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:39:55:765 5996 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 12:39:55:828 5996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 12:39:55:859 5996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:39:55:890 5996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:39:55:937 5996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:39:56:062 5996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:39:56:125 5996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:39:56:171 5996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:39:56:234 5996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:39:56:265 5996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:39:56:281 5996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:39:56:328 5996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:39:56:359 5996 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 12:39:56:421 5996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:39:56:468 5996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:39:56:531 5996 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12:39:56:640 5996 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys 12:39:56:750 5996 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys 12:39:56:812 5996 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys 12:39:56:859 5996 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys 12:39:57:000 5996 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys 12:39:57:093 5996 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 12:39:57:093 5996 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 12:39:57:125 5996 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys 12:39:57:187 5996 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 12:39:57:218 5996 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 12:39:57:265 5996 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys 12:39:57:281 5996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:39:57:296 5996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:39:57:328 5996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:39:57:375 5996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:39:57:390 5996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:39:57:437 5996 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 12:39:57:453 5996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:39:57:531 5996 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:39:57:671 5996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:39:57:843 5996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:39:57:859 5996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:39:57:875 5996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:39:57:921 5996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:39:57:937 5996 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 12:39:57:953 5996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:39:58:078 5996 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:39:58:093 5996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:39:58:109 5996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:39:58:125 5996 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 12:39:58:140 5996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:39:58:187 5996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:39:58:203 5996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:39:58:250 5996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:39:58:328 5996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:39:58:468 5996 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:39:58:578 5996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:39:58:593 5996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:39:58:671 5996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:39:58:781 5996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:39:58:796 5996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:39:58:812 5996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:39:58:859 5996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:39:58:906 5996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:39:59:062 5996 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 12:39:59:109 5996 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 12:39:59:156 5996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:39:59:171 5996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:39:59:203 5996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:39:59:250 5996 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:39:59:265 5996 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 12:39:59:359 5996 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 12:39:59:359 5996 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 12:39:59:375 5996 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 12:39:59:406 5996 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 12:39:59:437 5996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:39:59:500 5996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:39:59:562 5996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:39:59:578 5996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:39:59:609 5996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:39:59:625 5996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:39:59:703 5996 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:39:59:859 5996 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 12:39:59:906 5996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:39:59:953 5996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:40:00:078 5996 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:40:00:125 5996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:40:00:203 5996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:40:00:250 5996 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 12:40:00:296 5996 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 12:40:00:343 5996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:40:00:390 5996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:40:00:453 5996 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 12:40:00:500 5996 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 12:40:00:500 5996 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 12:40:00:640 5996 STHDA (4d8af5d86a8f7778b93069e0f2e30b33) C:\WINDOWS\system32\drivers\sthda.sys 12:40:01:093 5996 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 12:40:01:140 5996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:40:01:187 5996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:40:01:234 5996 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 12:40:01:265 5996 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 12:40:01:281 5996 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 12:40:01:296 5996 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 12:40:01:343 5996 SynTP (643b3e821a00b2b6a35cc099cb9653a1) C:\WINDOWS\system32\DRIVERS\SynTP.sys 12:40:01:375 5996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:40:01:453 5996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:40:01:515 5996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:40:01:546 5996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:40:01:578 5996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:40:01:656 5996 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 12:40:01:765 5996 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 12:40:01:859 5996 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 12:40:01:906 5996 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 12:40:01:906 5996 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 12:40:01:937 5996 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 12:40:01:953 5996 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 12:40:02:062 5996 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 12:40:02:093 5996 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 12:40:02:140 5996 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 12:40:02:171 5996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:40:02:218 5996 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 12:40:02:546 5996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:40:03:171 5996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:40:03:359 5996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:40:03:546 5996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:40:03:625 5996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:40:03:656 5996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:40:03:734 5996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:40:03:796 5996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:40:03:953 5996 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 12:40:04:203 5996 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 12:40:04:437 5996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:40:04:500 5996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:40:04:562 5996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:40:04:781 5996 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 12:40:04:953 5996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:40:04:953 5996 12:40:04:953 5996 Completed 12:40:04:953 5996 12:40:04:953 5996 Results: 12:40:04:968 5996 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 12:40:04:968 5996 File objects infected / cured / cured on reboot: 0 / 0 / 0 12:40:04:968 5996 12:40:04:968 5996 KLMD(ARK) unloaded successfully

Thanks Elise. Here are the results: OTL logfile created on: 7/13/2010 12:00:03 PM - Run 3 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\David\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 17.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.11 Gb Total Space | 20.47 Gb Free Space | 60.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DC62K091 Current User Name: David Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe PRC - [2010/06/26 04:41:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010/06/26 04:41:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2010/04/21 11:20:06 | 001,193,336 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/04/14 12:29:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/12/15 08:58:55 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe PRC - [2005/09/08 21:20:46 | 000,464,384 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe PRC - [2005/09/08 21:20:46 | 000,110,592 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe PRC - [2005/09/08 21:20:46 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe PRC - [2005/08/24 01:42:26 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2005/08/01 18:00:00 | 000,610,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2005/05/15 04:04:12 | 000,332,800 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe PRC - [2005/03/14 13:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe PRC - [2003/10/29 04:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe ========== Modules (SafeList) ========== MOD - [2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/04/14 12:29:58 | 000,170,144 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2005/12/15 08:58:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2005/08/30 07:55:56 | 001,031,720 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/08/05 05:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/06/24 08:19:52 | 000,190,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004/12/06 23:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa) DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf) DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs) DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs) DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio) DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio) DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool) DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct) DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres) DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb) DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm) DRV - [2004/08/18 17:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5) DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln) DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [1995/11/07 05:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\crlscsi.sys -- (crlscsi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 19:31:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 10:47:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/13 10:46:42 | 000,000,000 | ---D | M] [2010/07/13 10:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions [2010/07/13 11:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ekdhxapw.default\extensions [2010/07/13 11:03:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\ekdhxapw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/07/13 10:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/04/18 06:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/07/11 11:16:34 | 000,411,183 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14235 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100520093031.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.) O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP) O4 - HKU\S-1-5-21-3670191694-21722307-330312701-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: LAEK = rundll32 "C:\WINDOWS\system32\mstsc1.dll",Ppar () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/13 11:36:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe [2010/07/13 10:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Mozilla [2010/07/11 12:46:43 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\David\Desktop\ATF-Cleaner.exe [2010/07/07 16:51:13 | 000,000,000 | --SD | C] -- C:\ComboFix [2010/07/07 14:23:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/07 11:25:11 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/07 11:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/04 11:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2010/07/04 11:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2010/07/01 22:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/07/01 07:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\ebooks [2010/06/21 22:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\recipes [2010/06/21 08:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\Container Pictorials [2010/06/17 12:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\Sam Moore Program updates [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/13 11:37:32 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT [2010/07/13 11:37:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe [2010/07/13 11:09:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3670191694-21722307-330312701-1006UA.job [2010/07/13 10:47:03 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/13 10:47:03 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/07/13 09:10:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk [2010/07/13 09:09:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/13 09:09:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/13 09:09:32 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys [2010/07/13 09:08:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini [2010/07/12 16:53:24 | 000,037,237 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Home Furniture (4459) 636-75-415 .pdf [2010/07/12 15:09:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3670191694-21722307-330312701-1006Core.job [2010/07/12 12:59:19 | 003,359,505 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SummerSpecial - July.pdf [2010/07/12 12:04:55 | 003,343,781 | ---- | M] () -- C:\Documents and Settings\David\Desktop\July Overstock Special.pdf [2010/07/12 11:19:57 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access.lnk [2010/07/12 11:07:39 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\David\Desktop\HookerJULYOSSTOCK.xls [2010/07/11 12:46:44 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\David\Desktop\ATF-Cleaner.exe [2010/07/11 11:16:34 | 000,411,183 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/10 07:31:17 | 000,372,339 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Accommodations Program package.pdf [2010/07/10 07:24:23 | 000,303,644 | ---- | M] () -- C:\Documents and Settings\David\Desktop\envision styles Market April 2010.pdf [2010/07/09 12:37:25 | 001,111,040 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Container Builder.xls [2010/07/09 12:27:19 | 000,123,124 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Truckload Order.pdf [2010/07/09 10:26:28 | 000,642,653 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Discontinued goods PICS.pdf [2010/07/09 10:10:13 | 000,333,855 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Overstocked Priced goods PICS.pdf [2010/07/09 09:59:17 | 000,129,222 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Truckload Event Selections.pdf [2010/07/09 09:49:51 | 001,049,530 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Regular@LandedPICS.pdf [2010/07/08 22:44:27 | 000,082,349 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued, Overstock Truck Load.pdf [2010/07/08 22:04:17 | 000,043,961 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued Truck Load.pdf [2010/07/08 13:15:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/07/07 15:02:23 | 000,607,374 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SM Envision for ORI.pdf [2010/07/07 14:30:59 | 000,013,217 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Burke SM PO S25203.pdf [2010/07/07 13:58:24 | 034,136,064 | ---- | M] () -- C:\Documents and Settings\David\My Documents\2XChairSolutionCostNew American Home June 22 2010.pub [2010/07/07 13:55:06 | 001,285,189 | ---- | M] () -- C:\Documents and Settings\David\Desktop\2XChairSolutionCostNew American Home June 22 2010.pdf [2010/07/07 13:12:10 | 000,100,617 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Home Furniture PO.pdf [2010/07/07 12:54:18 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher.lnk [2010/07/07 11:41:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/07 11:41:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100711-111634.backup [2010/07/07 11:25:30 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/02 22:27:39 | 000,005,236 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SMHkrGrn.jpg [2010/07/02 22:19:32 | 000,020,619 | ---- | M] () -- C:\Documents and Settings\David\Desktop\KTGroomingSS.JPG [2010/07/02 22:07:57 | 004,535,653 | ---- | M] () -- C:\Documents and Settings\David\Desktop\DiscontinuedSpecials.pdf [2010/06/30 14:06:31 | 000,014,130 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RETAIL SS600 Components - 601 & 606.pdf [2010/06/30 14:05:15 | 000,014,002 | ---- | M] () -- C:\Documents and Settings\David\Desktop\WHOLESALE SS600 Components - 601 & 606.pdf [2010/06/30 08:34:25 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/06/29 12:58:04 | 000,002,941 | ---- | M] () -- C:\Documents and Settings\David\My Documents\David taylor.tif [2010/06/28 22:29:55 | 000,011,369 | ---- | M] () -- C:\Documents and Settings\David\Desktop\catchklst.pdf [2010/06/23 18:40:46 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\David\My Documents\deanbosler internetlogo.pub [2010/06/23 17:54:19 | 000,024,461 | ---- | M] () -- C:\Documents and Settings\David\Desktop\63770401.jpg [2010/06/23 03:11:05 | 000,504,314 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/23 03:11:05 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/23 03:11:05 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/22 09:33:34 | 000,042,604 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Ford Proposal.pdf [2010/06/22 09:33:34 | 000,042,604 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Ford Proposal.pdf [2010/06/21 10:32:04 | 001,002,496 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Macy's Logo.pub [2010/06/21 08:09:12 | 000,263,160 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Accommodations Price List - June 2010.pdf [2010/06/21 08:06:33 | 000,319,780 | ---- | M] () -- C:\Documents and Settings\David\Desktop\THF Retail Accommodations Price List - June 2010.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/13 10:47:03 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/13 10:47:03 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/07/12 16:52:43 | 000,037,237 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Home Furniture (4459) 636-75-415 .pdf [2010/07/12 12:54:24 | 003,359,505 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SummerSpecial - July.pdf [2010/07/12 11:59:04 | 003,343,781 | ---- | C] () -- C:\Documents and Settings\David\Desktop\July Overstock Special.pdf [2010/07/12 09:13:56 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\David\Desktop\HookerJULYOSSTOCK.xls [2010/07/10 07:31:16 | 000,372,339 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Accommodations Program package.pdf [2010/07/10 07:24:06 | 000,303,644 | ---- | C] () -- C:\Documents and Settings\David\Desktop\envision styles Market April 2010.pdf [2010/07/09 12:27:18 | 000,123,124 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Truckload Order.pdf [2010/07/09 10:26:20 | 000,642,653 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Discontinued goods PICS.pdf [2010/07/09 10:09:54 | 000,333,855 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Overstocked Priced goods PICS.pdf [2010/07/09 09:54:11 | 000,129,222 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Truckload Event Selections.pdf [2010/07/09 09:49:11 | 001,049,530 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Regular@LandedPICS.pdf [2010/07/08 23:30:28 | 001,111,040 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Container Builder.xls [2010/07/08 22:44:26 | 000,082,349 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued, Overstock Truck Load.pdf [2010/07/08 22:03:11 | 000,043,961 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Cherry House Discontinued Truck Load.pdf [2010/07/07 15:01:32 | 000,607,374 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SM Envision for ORI.pdf [2010/07/07 14:30:51 | 000,013,217 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Burke SM PO S25203.pdf [2010/07/07 13:54:53 | 001,285,189 | ---- | C] () -- C:\Documents and Settings\David\Desktop\2XChairSolutionCostNew American Home June 22 2010.pdf [2010/07/07 13:11:05 | 000,100,617 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Home Furniture PO.pdf [2010/07/07 13:03:28 | 034,136,064 | ---- | C] () -- C:\Documents and Settings\David\My Documents\2XChairSolutionCostNew American Home June 22 2010.pub [2010/07/07 11:25:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/07 11:25:18 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/02 22:33:09 | 000,237,269 | ---- | C] () -- C:\Documents and Settings\David\My Documents\6 piecesLD 612 product.png [2010/07/02 22:31:48 | 000,166,530 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Pg 018-076 B-Y Wholesale May 2010.pdf [2010/07/02 22:28:58 | 000,042,515 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Individual - BY Taylor2009.pdf [2010/07/02 22:27:37 | 000,005,236 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SMHkrGrn.jpg [2010/07/02 22:24:57 | 000,724,480 | ---- | C] () -- C:\Documents and Settings\David\My Documents\3-1-2010 - Price List Reference Document.xls [2010/07/02 22:22:48 | 000,042,604 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Ford Proposal.pdf [2010/07/02 22:19:29 | 000,020,619 | ---- | C] () -- C:\Documents and Settings\David\Desktop\KTGroomingSS.JPG [2010/07/02 15:26:18 | 004,535,653 | ---- | C] () -- C:\Documents and Settings\David\Desktop\DiscontinuedSpecials.pdf [2010/06/30 14:06:29 | 000,014,130 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RETAIL SS600 Components - 601 & 606.pdf [2010/06/30 14:05:14 | 000,014,002 | ---- | C] () -- C:\Documents and Settings\David\Desktop\WHOLESALE SS600 Components - 601 & 606.pdf [2010/06/29 12:58:03 | 000,002,941 | ---- | C] () -- C:\Documents and Settings\David\My Documents\David taylor.tif [2010/06/28 22:29:38 | 000,011,369 | ---- | C] () -- C:\Documents and Settings\David\Desktop\catchklst.pdf [2010/06/23 18:40:34 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\David\My Documents\deanbosler internetlogo.pub [2010/06/23 17:53:47 | 000,024,461 | ---- | C] () -- C:\Documents and Settings\David\Desktop\63770401.jpg [2010/06/22 09:33:26 | 000,042,604 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Ford Proposal.pdf [2010/06/21 09:27:09 | 001,002,496 | ---- | C] () -- C:\Documents and Settings\David\My Documents\Macy's Logo.pub [2010/06/21 08:08:58 | 000,263,160 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Accommodations Price List - June 2010.pdf [2010/06/21 08:06:21 | 000,319,780 | ---- | C] () -- C:\Documents and Settings\David\Desktop\THF Retail Accommodations Price List - June 2010.pdf [2010/06/05 11:52:15 | 000,135,680 | RHS- | C] () -- C:\WINDOWS\System32\mstsc1.dll [2009/10/09 10:32:39 | 000,000,211 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2009/09/29 18:24:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\longfile.INI [2009/09/29 18:18:55 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\scpext.dll [2009/09/20 17:06:12 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2009/09/20 10:14:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2009/09/20 10:13:44 | 000,000,685 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/09/20 09:53:02 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009/09/20 09:34:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/09/19 23:38:57 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/04/27 00:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2008/08/05 02:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll [2005/12/15 09:14:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/12/15 09:02:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/12/15 08:31:32 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005/12/01 11:33:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.DLL [2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report > OTL Extras logfile created on: 7/13/2010 12:00:03 PM - Run 3 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\David\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 17.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 34.11 Gb Total Space | 20.47 Gb Free Space | 60.00% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DC62K091 Current User Name: David Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-3670191694-21722307-330312701-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- () "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000 "{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007 "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management "{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy "{331C9768-BAD9-F31B-8DA2-0268D346C702}" = Times Reader "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1 "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool "{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts "{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605 "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch