help? Antivirus Pro woes...now iexplore.exe

deedawson · December 3, 2009

Need help!?! Day 2 of this antivirus Pro and I'm ready to throw my Lenovo thinkpad at the wall. Running Windows XP.

Through this forum (thank you!) I was finally able to get mbam to work and then Superspyware as well. Ugly popups gone but my system still will not let me re-install AVG after it cleverly removed all the components. I was successful installing Avira but it doesn't run...just sits in task manager.

Now iexplore.exe starts rogue in task manager (even though I'm running firefox). While installing AVG I noticed it indeed seems to be taking me to websites in the background...just not on screen...probably downloading more malware.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:50 PM, on 12/2/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\WISPTIS.EXE

C:\WINDOWS\System32\tabbtnu.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe

C:\WINDOWS\system32\tp4serv.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Brother\ControlCenter2\brccMCtl.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\SYSTEM32\taskmgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)

O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe

O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [iBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\DeesStuff\wauclt.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Update ThinkPad Software - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O15 - Trusted Zone: *.finevirginiahomes.com

O15 - Trusted Zone: *.mris.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://download.boulder.ibm.com/ibmdl/pub/...bp_pc/acpir.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.1.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://create.realestateshows.com/create/s...geUploader5.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37570.cab

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ilsfiserv.webex.com/client/T25L/nbr/ieatgpc.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--

End of file - 10439 bytes

mbam log

Malwarebytes' Anti-Malware 1.41

Database version: 3277

Windows 5.1.2600 Service Pack 3 (Safe Mode)

12/2/2009 6:04:52 PM

mbam-log-2009-12-02 (18-04-52).txt

Scan type: Quick Scan

Objects scanned: 121202

Time elapsed: 13 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

kahdah · December 3, 2009

Hello deedawson

Welcome to Malwarebytes. <_<

=====================

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Under Custom scan's and fixes section paste in the below in bold

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

/md5stop
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

===========

Download This file. Note its name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

deedawson · December 3, 2009

post too long - sending separate posts --Dee

OTL.txt

OTL logfile created on: 12/3/2009 11:18:57 AM - Run 1

OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Dee\Desktop

Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 55.04% Memory free

1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.86% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.08 Gb Total Space | 2.00 Gb Free Space | 6.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM

Current User Name: Dee

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dee\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

PRC - C:\WINDOWS\system32\wisptis.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\tabtip.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()

PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)

PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)

PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.exe (IBM Corporation)

PRC - C:\WINDOWS\system32\TpShocks.exe (IBM Corp.)

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)

PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (IBM Corp.)

PRC - C:\WINDOWS\system32\tp4serv.exe (IBM Corporation)

PRC - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()

PRC - C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()

PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Program Files\Brother\ControlCenter2\BrCcMCtl.exe (Brother Industries, Ltd.)

PRC - C:\WINDOWS\system32\TPHDEXLG.exe (IBM Corporation)

PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()

PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

PRC - C:\WINDOWS\system32\tabbtnu.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dee\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Common Files\Microsoft Shared\Ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Microsoft Shared\Ink\tipcomponentsps.dll (Microsoft Corporation)

MOD - C:\WINDOWS\ime\sptip.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msctfp.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\xpsp2res.dll (Microsoft Corporation)

MOD - C:\WINDOWS\ime\spgrmr.dll (Microsoft Corporation)

MOD - C:\Program Files\Windows Journal\nbmaptip.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Microsoft Shared\Ink\skchui.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\Microsoft Shared\Ink\penusa.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)

SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)

SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)

SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)

SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

SRV - (PLFlash DeviceIoControl Service) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)

SRV - (PsaSrv) -- C:\WINDOWS\system32\drivers\psasrv.exe ()

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe ()

SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

SRV - (IBM Rapid Restore Ultra Service) -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe ()

SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (IBM Corporation)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)

SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()

SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (grmnusb) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)

DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Roxio)

DRV - (ACGPRS) -- C:\WINDOWS\system32\drivers\acgprs.sys (Sierra Wireless Inc.)

DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)

DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Roxio)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (IBM Corporation)

DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)

DRV - (QCNDISIF) -- C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()

DRV - (fcdabus) -- C:\WINDOWS\system32\drivers\fcdabus.sys (FarStone Inc.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel

Extras.Txt

deedawson · December 3, 2009

OTL Extras logfile created on: 12/3/2009 11:18:57 AM - Run 1

OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Dee\Desktop

Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 55.04% Memory free

1.83 Gb Paging File | 1.41 Gb Available in Paging File | 76.86% Paging File free

Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 33.08 Gb Total Space | 2.00 Gb Free Space | 6.05% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IBM

Current User Name: Dee

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Disabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Disabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)

"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)

"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Dee\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Dee\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)

"C:\Program Files\Intel\Wireless\Bin\1XConfig.exe" = C:\Program Files\Intel\Wireless\Bin\1XConfig.exe:*:Enabled:1XConfig -- (Intel)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Disabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{FA0F0A01-4631-4161-A6C2-948BF694382E}\setup\hpznui01.exe:*:Disabled:hpznui01.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Disabled:spoolsv -- (Microsoft Corporation)

"C:\Documents and Settings\Dee\Local Settings\Temp\RarSFX1\Windows Utilities\Installer32\InstallationManager.exe" = C:\Documents and Settings\Dee\Local Settings\Temp\RarSFX1\Windows Utilities\Installer32\InstallationManager.exe:*:Disabled:Xerox Windows Common Installer -- File not found

"C:\Documents and Settings\Dee\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe" = C:\Documents and Settings\Dee\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe:*:Disabled:Xerox Windows Common Installer -- File not found

"C:\WINDOWS\SYSTEM32\winlogon.exe" = C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop

"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2

"{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare

"{0DAFA494-B988-46E2-ADFB-BBA795D04AB3}" = Brother HL-4040CN

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message

"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore

"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility

"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

"{14081443-583A-4605-BB91-83D38ADAC939}" = Microsoft Windows XP Tablet PC Edition 2005 Recognizer Pack

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows

"{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}" = Ink Art

"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility

"{2175F2B1-E91A-4FA8-98B4-1558D2E09A53}" = Calculator for Tablet PC

"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2F06411B-B6EB-4B58-A13F-E1C372713BAA}" = FranklinCovey PlanPlus for Windows

"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java SE Development Kit 6 Update 11

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU

"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005

"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan

"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer

"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini

"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{703C4409-D597-433A-9B17-E411D9236451}" = Button Manager v1.836

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}" = Brother MFL-Pro Suite

"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU

"{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1033}" = Nero 8 Essentials

"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext

"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter

"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2DB59F-091A-40B4-958D-1C8264624126}" = IBM ThinkPad Tablet Shortcut Menu

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager

"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC

"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D5BB0907-4BB0-46A3-AA68-0173D111058D}" = VirtualDrive

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs

"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder

"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne

"{E693459B-8BDD-4534-95E5-CD8147268715}" = Alias SketchBook Pro 1.1.1

"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features

"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help

"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5

"{F3244633-69AA-4EB7-ADCB-1C71325D447F}" = IBM ThinkPad Tablet Button Driver

"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers

"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2

"{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series

"{FA7314E7-9428-4866-80A8-762A538444DB}" = Microsoft Energy Blue Theme Pack

"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001

"{FE90E9E7-A158-4687-8853-DF677A939A61}" = WIDCOMM Bluetooth Software

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe SVG Viewer" = Adobe SVG Viewer 6.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem

"Creation Source v1.4" = Creation Source v1.4

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DjVu" = Lizardtech DjVu Control (autoinstall)

"Easy Street" = Easy Street

"HijackThis" = HijackThis 2.0.2

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0

"HPOCR" = OCR Software by I.R.I.S. 12.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows

"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23

"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer

"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU

"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0

"Power Management Driver" = ThinkPad Power Management Driver

"Presentation Director" = IBM ThinkPad Presentation Director

"ProInst" = Intel® PROSet/Wireless Software

"PUBLISHERR" = Microsoft Office Publisher 2007 Trial

"Snapshot Viewer" = Snapshot Viewer

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = ThinkPad Software Installer

"TrackPoint" = IBM TrackPoint Support

"WebConCentral_0" = WebConCentral 3.0.10

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xerox_Support_Centre" = Xerox Support Centre

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Zinio Reader" = Zinio Reader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/14/2009 11:45:27 AM | Computer Name = IBM | Source = MSDTC | ID = 4112

Description = Could not start the MS DTC Transaction Manage

Error - 11/14/2009 12:17:46 PM | Computer Name = IBM | Source = MSDTC | ID = 4163

Description = MS DTC log file not found. After ensuring that all Resource Managers

coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog

to create the log fil

Error - 11/14/2009 12:17:46 PM | Computer Name = IBM | Source = MSDTC | ID = 4185

Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/14/2009 12:17:46 PM | Computer Name = IBM | Source = MSDTC | ID = 4112

Description = Could not start the MS DTC Transaction Manage

Error - 11/14/2009 12:24:34 PM | Computer Name = IBM | Source = MSDTC | ID = 4163

Description = MS DTC log file not found. After ensuring that all Resource Managers

coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog

to create the log fil

Error - 11/14/2009 12:24:34 PM | Computer Name = IBM | Source = MSDTC | ID = 4185

Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/14/2009 12:24:34 PM | Computer Name = IBM | Source = MSDTC | ID = 4112

Description = Could not start the MS DTC Transaction Manage

Error - 11/16/2009 11:18:39 AM | Computer Name = IBM | Source = MSDTC | ID = 4163

Description = MS DTC log file not found. After ensuring that all Resource Managers

coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog

to create the log fil

Error - 11/16/2009 11:18:39 AM | Computer Name = IBM | Source = MSDTC | ID = 4185

Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 11/16/2009 11:18:39 AM | Computer Name = IBM | Source = MSDTC | ID = 4112

Description = Could not start the MS DTC Transaction Manage

[ System Events ]

Error - 12/3/2009 12:13:02 PM | Computer Name = IBM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/3/2009 12:14:41 PM | Computer Name = IBM | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Scheduler

service to connect.

Error - 12/3/2009 12:14:41 PM | Computer Name = IBM | Source = Service Control Manager | ID = 7000

Description = The Avira AntiVir Scheduler service failed to start due to the following

error: %%1053

Error - 12/3/2009 12:14:41 PM | Computer Name = IBM | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Avira AntiVir Guard service

to connect.

Error - 12/3/2009 12:14:41 PM | Computer Name = IBM | Source = Service Control Manager | ID = 7000

Description = The Avira AntiVir Guard service failed to start due to the following

error: %%1053

Error - 12/3/2009 12:15:36 PM | Computer Name = IBM | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/3/2009 12:16:30 PM | Computer Name = IBM | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/3/2009 12:20:37 PM | Computer Name = IBM | Source = BROWSER | ID = 8032

Description = The browser service has failed to retrieve the backup list too many

times on transport \Device\NetBT_Tcpip_{2A823453-6B84-4A80-9BF5-A9EC7F59382A}. The

backup browser is stopping.

Error - 12/3/2009 12:23:28 PM | Computer Name = IBM | Source = DCOM | ID = 10010

Description = The server {0002DF01-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 12/3/2009 12:24:06 PM | Computer Name = IBM | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

deedawson · December 3, 2009

Results.log

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-12-03 17:44:50

Windows 5.1.2600 Service Pack 3

Running: 233wf25b.exe; Driver: C:\DOCUME~1\Dee\LOCALS~1\Temp\ugtdrpob.sys

---- System - GMER 1.0.15 ----

Code 8A4E8E18 ZwEnumerateKey

Code 8A1083B8 ZwFlushInstructionCache

Code 8A4E0BEE IofCallDriver

Code 8A4DFE7E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A4E0BF3

.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A4DFE83

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC6 5 Bytes JMP 8A1083BC

PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB72 5 Bytes JMP 8A4E8E1C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTdxfemppyot.sys (*** hidden *** ) A8CF5000-A8D11000 (114688 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTdxfemppyot.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55fb3a43

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55fb3a43@0007e05bffac 0xFD 0x63 0x5A 0x90 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdxfemppyot.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdxfemppyot.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTkodiqjerje.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTtaekqjitum.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTnapgahdvpx.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtav \\?\globalroot\systemroot\system32\H8SRTrodmdmyehs.dll

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c55fb3a43 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c55fb3a43@0007e05bffac 0xFD 0x63 0x5A 0x90 ...

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdxfemppyot.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdxfemppyot.sys

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTkodiqjerje.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTtaekqjitum.dat

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTnapgahdvpx.dll

Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtav \\?\globalroot\systemroot\system32\H8SRTrodmdmyehs.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\H8SRTdxfemppyot.sys 40448 bytes executable <-- ROOTKIT !!!

File C:\WINDOWS\system32\h8srtcfg.dat 603 bytes

File C:\WINDOWS\system32\H8SRTkodiqjerje.dll 23040 bytes executable

File C:\WINDOWS\system32\H8SRTnapgahdvpx.dll 40960 bytes executable

File C:\WINDOWS\system32\H8SRTrodmdmyehs.dll 1167360 bytes executable

File C:\WINDOWS\system32\H8SRTtaekqjitum.dat 156 bytes

File C:\WINDOWS\Temp\H8SRT97f0.tmp 156 bytes

File C:\WINDOWS\Temp\H8SRT9a87.tmp 156 bytes

File C:\WINDOWS\Temp\H8SRTa24.tmp 156 bytes

File C:\Documents and Settings\Dee\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{580BCE12-E04B-11DE-B906-B1A36C3DBF68}.dat 4608 bytes

File C:\Documents and Settings\Dee\Local Settings\Temp\~DF77B5.tmp 0 bytes

File C:\Documents and Settings\Dee\Local Settings\Temp\H8SRT16b.tmp 343040 bytes executable

File C:\Documents and Settings\Dee\Local Settings\Temp\H8SRT23.tmp 52736 bytes executable

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource.class-3d5392f9-3b3c0d92.class 15126 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource.class-3d5392f9-3b3c0d92.idx 377 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en.class-15c35489-506d1adc.class 15126 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en.class-15c35489-506d1adc.idx 380 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en.class-1b41a1a1-51a9e94d.class 0 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en.class-1b41a1a1-51a9e94d.idx 316 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en_US.class-730cbb26-6d940570.class 0 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en_US.class-730cbb26-6d940570.idx 319 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en_US.class-78965b2e-711fd0a5.class 15126 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource_en_US.class-78965b2e-711fd0a5.idx 383 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right-over.jpg-1ffc55e7-14f5fd30.idx 261 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right-over.jpg-1ffc55e7-14f5fd30.jpg 585 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right-over.jpg-1ffc55e7-450bba37.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right-over.jpg-1ffc55e7-450bba37.jpg 585 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right.jpg-ac27172-3037bc4c.idx 252 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right.jpg-ac27172-3037bc4c.jpg 558 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\lr_mp.jpg-fc27bbf-7ba829aa.idx 330 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\lr_mp.jpg-fc27bbf-7ba829aa.jpg 144477 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.jpg-31e011f7-6e22daad.jpg 16411 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\waterproofing_01.gif-5fa8109b-29f8bb16.gif 7708 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\waterproofing_01.gif-5fa8109b-29f8bb16.idx 274 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\white.jpg-565ac64f-585585ec.idx 310 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\white.jpg-565ac64f-585585ec.jpg 334 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\white.jpg-565ac652-4defbb76.idx 255 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\white.jpg-565ac652-4defbb76.jpg 334 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-64c5b0f3-154144e2.class 9990 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-64c5b0f3-154144e2.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-6bc368e2-50583c2f.class 9990 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-6bc368e2-50583c2f.idx 267 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-6bc368e2-6e39482f.class 9990 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu0360.class-6bc368e2-6e39482f.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu2.jpg-ac02289-5b4fa9fa.idx 256 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu2.jpg-ac02289-5b4fa9fa.jpg 900 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\newfolder.gif-16b97822-6cf1ae1b.gif 114 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\newfolder.gif-16b97822-6cf1ae1b.idx 266 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\nine.gif-5b669da8-2f82c339.gif 1000 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\nine.gif-5b669da8-2f82c339.idx 335 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\NoticeboardTrial.class-5d4ea35a-311751e8.class 5940 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right.jpg-ac27172-4a3a183e.jpg 558 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_1.jpg-686e4149-4cf40f0a.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_1.jpg-686e4149-4cf40f0a.jpg 7939 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_2.jpg-687c58ca-3c94f315.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_2.jpg-687c58ca-3c94f315.jpg 9514 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_3.jpg-688a704b-23958e62.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_3.jpg-688a704b-23958e62.jpg 9943 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_4.jpg-689887cc-5275f9f0.idx 259 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_4.jpg-689887cc-5275f9f0.jpg 10098 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-t-000-106x24-315.gif-3f32f10e-18bbb79e.gif 516 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-t-000-106x24-315.gif-3f32f10e-18bbb79e.idx 280 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\six.gif-172bf600-2fd2d38d.gif 1000 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\six.gif-172bf600-2fd2d38d.idx 334 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\slow2.gif-a5f9e3c-409792e4.gif 1300 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\slow2.gif-a5f9e3c-409792e4.idx 256 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_hotspots.gif-55f73c2c-59919b88.gif 655 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_hotspots.gif-55f73c2c-59919b88.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_hotspots.gif-55f73c2c-7f552161.gif 655 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_hotspots.gif-55f73c2c-7f552161.idx 267 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\one.gif-4b0f8584-5d0602ca.gif 968 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\one.gif-4b0f8584-5d0602ca.idx 333 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pan1.gif-33e987d1-3b74d302.gif 859 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pan1.gif-33e987d1-3b74d302.idx 254 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_12_noseScale01.m3g.au-184874fb-228afbd0.au 527 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_12_noseScale01.m3g.au-184874fb-228afbd0.idx 317 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_12_skin01.m3g.au-54a84f5b-62763cc8.au 634 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_12_skin01.m3g.au-54a84f5b-62763cc8.idx 312 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_24_eyes01.m3g.au-3c5a1c77-158e9636.au 698 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_24_eyes01.m3g.au-3c5a1c77-158e9636.idx 312 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_f_12_noseScale03.m3g.au-120c13e0-1ceb1f67.au 553 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\pa_f_12_noseScale03.m3g.au-120c13e0-1ceb1f67.idx 319 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl1.jpg-19c87267-6769d6f6.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl1.jpg-19c87267-6769d6f6.jpg 21936 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\two.gif-6377366a-5df40e2b.gif 996 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\two.gif-6377366a-5df40e2b.idx 333 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up-over.jpg-6cf889c-50f478eb.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up-over.jpg-6cf889c-50f478eb.jpg 565 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up-over.jpg-6cf889c-5a4c4b86.idx 254 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up-over.jpg-6cf889c-5a4c4b86.jpg 565 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up.jpg-64cda19d-799e6f6c.idx 253 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up.jpg-64cda19d-799e6f6c.jpg 538 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up.jpg-64cda19d-7ef8be23.idx 249 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomin.gif-1326aee0-5c2aed0b.gif 179 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomin.gif-1326aee0-5c2aed0b.idx 265 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomout.gif-28901ec3-299d7eaf.gif 162 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomout.gif-28901ec3-299d7eaf.idx 262 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomout.gif-28901ec3-442db57c.gif 162 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomout.gif-28901ec3-442db57c.idx 266 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text.gif-3f4f4d85-232845fe.gif 1926 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu.jpg-7f4390e1-49ebad02.jpg 1845 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\NoticeboardTrial.class-5d4ea35a-311751e8.idx 280 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl2.jpg-19d689e8-6a29df96.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-78f35c9c-6423f0b5.idx 264 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad16c7a.jpg-1f7da197-77350a1b.jpg 52232 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad3bb08.jpg-748707b8-3482c636.jpg 96101 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad76981.jpg-3ecadd48-7767d31b.jpg 68339 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radbc7bc.jpg-497e106c-65872bae.jpg 63754 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad3bb08.jpg-748707b8-75071a10.idx 276 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad3bb08.jpg-748707b8-75071a10.jpg 96101 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad67edb.jpg-77c18557-4ee1a2c5.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad67edb.jpg-77c18557-4ee1a2c5.jpg 34732 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad7516c.jpg-2f0ebc55-11262d58.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad7516c.jpg-2f0ebc55-11262d58.jpg 24865 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad76981.jpg-3ecadd48-2232c842.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad76981.jpg-3ecadd48-2232c842.jpg 68339 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad76981.jpg-3ecadd48-7767d31b.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_start.gif-6054710a-16fc45f8.gif 149 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_start.gif-6054710a-16fc45f8.idx 260 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_start.gif-6054710a-214165c6.gif 149 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_start.gif-6054710a-214165c6.idx 264 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_stop.gif-5862d9aa-2f25cd70.gif 148 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_stop.gif-5862d9aa-2f25cd70.idx 259 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_stop.gif-5862d9aa-369d9550.gif 148 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_stop.gif-5862d9aa-369d9550.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomin.gif-1326aee0-24835c9d.gif 179 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ticker_bgd.jpg-38aa8363-3a6d588b.idx 255 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ticker_bgd.jpg-38aa8363-3a6d588b.jpg 1719 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\TimeStamp.class-5b92918c-71aa67bc.class 6883 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\TimeStamp.class-5b92918c-71aa67bc.idx 266 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tinyHScroll.class-7f6eaf8d-3e8b21e2.class 3666 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tinyHScroll.class-7f6eaf8d-3e8b21e2.idx 362 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\toolbar.gif-5d4479f2-1b1da05f.gif 1657 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\toolbar.gif-5d4479f2-1b1da05f.idx 264 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\toolbar.gif-5d4479f2-44098053.gif 1657 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\toolbar.gif-5d4479f2-44098053.idx 260 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\to_f_camiunderwear01.m3g.au-6cf1e308-64fe94f6.au 7468 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\to_f_camiunderwear01.m3g.au-6cf1e308-64fe94f6.idx 321 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\trans.class-6acff86e-50462c9c.class 4807 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-006-80x80-ss.gif-46c85fac-306cd569.idx 271 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-006-80x80-ss.gif-4c87617a-34d5a9f3.gif 1243 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-006-80x80-ss.gif-4c87617a-34d5a9f3.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-159-80x80-SS.gif-56dea9ad-5a13e2aa.gif 1688 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-159-80x80-SS.gif-56dea9ad-5a13e2aa.idx 267 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-807-80x80-SS.gif-7cd71443-196992b7.gif 1340 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-807-80x80-SS.gif-7cd71443-196992b7.idx 271 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-807-80x80-SS.gif-7cd71443-6becbafd.gif 1340 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-807-80x80-SS.gif-7cd71443-6becbafd.idx 267 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad29e08.jpg-1b66479b-72d0753c.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad29e08.jpg-1b66479b-72d0753c.jpg 57182 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad2a4bd.jpg-e424c3c-1da6ccf4.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad2a4bd.jpg-e424c3c-1da6ccf4.jpg 39437 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad2a4bd.jpg-e424c3c-4fb548db.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad2a4bd.jpg-e424c3c-4fb548db.jpg 39437 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad341d1.jpg-41da28d2-4db80b34.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad341d1.jpg-41da28d2-4db80b34.jpg 61117 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad3bb08.jpg-748707b8-3482c636.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radcd02b.jpg-1615834-6991403c.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radcd02b.jpg-1615834-6991403c.jpg 54099 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radce2f4.jpg-2942c2b3-51dcd42d.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radce2f4.jpg-2942c2b3-51dcd42d.jpg 32310 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radd722a.jpg-3ccf4303-462591be.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radd722a.jpg-3ccf4303-462591be.jpg 44730 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rade8c43.jpg-59e7ae64-7dad03f3.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rade8c43.jpg-59e7ae64-7dad03f3.jpg 61100 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rade9625.jpg-7202ee9a-7317ed21.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rade9625.jpg-7202ee9a-7317ed21.jpg 43111 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad912ff.jpg-3f0c066f-704b20f9.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad912ff.jpg-3f0c066f-704b20f9.jpg 40655 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rada4409.jpg-2c8d887f-49323dcb.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rada4409.jpg-2c8d887f-49323dcb.jpg 46655 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radbc7bc.jpg-497e106c-3784429b.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radbc7bc.jpg-497e106c-3784429b.jpg 63754 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radbc7bc.jpg-497e106c-65872bae.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf78b2.jpg-720fd1ac-73130537.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf78b2.jpg-720fd1ac-73130537.jpg 94257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf7b1b.jpg-f5b4f3f-36bc13b6.idx 276 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf7b1b.jpg-f5b4f3f-36bc13b6.jpg 96101 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf7b1b.jpg-f5b4f3f-542518ed.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\radf7b1b.jpg-f5b4f3f-542518ed.jpg 96101 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\RedwoodHS.GIF-58c8e399-796666dd.GIF 1565 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\RedwoodHS.GIF-58c8e399-796666dd.idx 266 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\regular.gif-3496c847-252c6dcd.gif 1287 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\regular.gif-3496c847-252c6dcd.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource.class-26f606f1-1c220db5.class 0 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn.jpg-c7925da-2cd686c3.jpg 625 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn.jpg-c7925da-2ef89d1e.idx 253 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn.jpg-c7925da-2ef89d1e.jpg 625 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut-over.jpg-2224dee8-1fcb8a89.idx 259 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut-over.jpg-2224dee8-1fcb8a89.jpg 634 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut-over.jpg-2224dee8-69fc3c01.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut-over.jpg-2224dee8-69fc3c01.jpg 634 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomout.gif-aa4a7c6-379629ca.gif 838 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomout.gif-aa4a7c6-379629ca.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut.jpg-71368bd1-29ac0627.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut.jpg-71368bd1-29ac0627.jpg 596 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut.jpg-71368bd1-554fff58.idx 254 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomOut.jpg-71368bd1-554fff58.jpg 596 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopCart.class-776b651f-7ce95d02.class 5321 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopCart.class-776b651f-7ce95d02.idx 279 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopCartBase.class-2a1735d0-44dbff11.class 191 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopCartBase.class-2a1735d0-44dbff11.idx 282 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopLibrary.class-7f4604f4-601dedc2.class 3815 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopLibrary.class-7f4604f4-601dedc2.idx 282 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopProducts.class-335096e3-664b68ef.class 11941 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text2.gif-5bac507f-4fe9a9cd.gif 1321 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text2.gif-5bac507f-4fe9a9cd.idx 283 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text3.gif-5bba6800-493e2017.gif 1012 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text3.gif-5bba6800-493e2017.idx 283 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text4.gif-5bc87f81-4f4a0ca8.gif 1522 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text4.gif-5bc87f81-4f4a0ca8.idx 283 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text5.gif-5bd69702-6e87a6b4.gif 1768 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text5.gif-5bd69702-6e87a6b4.idx 283 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\TextScroll_1_0.class-3e07968a-45ff36f6.class 11940 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\TextScroll_1_0.class-3e07968a-45ff36f6.idx 281 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\three.gif-1c499bbc-50efd0e3.gif 997 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\resource.class-26f606f1-1c220db5.idx 313 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\right.jpg-ac27172-4a3a183e.idx 256 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_5.jpg-68a69f4d-3f8eb6d7.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-d-006-80x80-ss.gif-46c85fac-306cd569.gif 1243 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\tb_zoomin.gif-1326aee0-24835c9d.idx 261 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\text.gif-3f4f4d85-232845fe.idx 282 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\three.gif-1c499bbc-50efd0e3.idx 335 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\trans.class-6acff86e-50462c9c.idx 259 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\up.jpg-64cda19d-7ef8be23.jpg 538 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\uShopProducts.class-335096e3-664b68ef.idx 284 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.jpg-31e011f7-6e22daad.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn.jpg-c7925da-2cd686c3.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\segNums.class-158b76ac-23731cc9.class 4388 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\segNums.class-158b76ac-23731cc9.idx 346 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\seven.gif-247966ab-3ebd8557.gif 981 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\seven.gif-247966ab-3ebd8557.idx 335 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-b-001-80x80-ss.gif-544fab53-6c09090d.gif 1260 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\sign-b-001-80x80-ss.gif-544fab53-6c09090d.idx 271 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-78f35c9c-678ebe56.class 50425 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-78f35c9c-678ebe56.idx 268 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptvwaitHS.jpg-36b6aae4-3ef08f42.idx 269 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptvwaitHS.jpg-36b6aae4-3ef08f42.jpg 6636 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad01967.jpg-2670cfae-2de1075a.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad01967.jpg-2670cfae-2de1075a.jpg 71163 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rad16c7a.jpg-1f7da197-77350a1b.idx 276 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rotatingtxt_5.jpg-68a69f4d-3f8eb6d7.jpg 9652 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rrlogo.jpg-2e6e107f-2cf9ea0f.idx 304 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\rrlogo.jpg-2e6e107f-2cf9ea0f.jpg 27562 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ScrollM.class-c5c9cc9-77e269d2.class 3918 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ScrollM.class-c5c9cc9-77e269d2.idx 272 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl2.jpg-19d689e8-6a29df96.jpg 17531 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl3.jpg-19e4a169-4dc4ac4f.idx 257 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\postergirl3.jpg-19e4a169-4dc4ac4f.jpg 41032 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptvarrows-new.gif-58b27664-4baf609e.gif 244 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptvarrows-new.gif-58b27664-4baf609e.idx 271 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-71f5a4ad-27308c8d.class 50822 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-71f5a4ad-27308c8d.idx 264 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\ptviewer.class-78f35c9c-6423f0b5.class 50425 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\XeoList.class-6ab2f7a-4605959f.class 12911 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\XeoList.class-6ab2f7a-4605959f.idx 271 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zero.gif-6dbc189e-4042942b.gif 1008 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zero.gif-6dbc189e-4042942b.idx 335 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn-over.jpg-19ce227f-4e2057df.idx 258 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn-over.jpg-19ce227f-4e2057df.jpg 665 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn-over.jpg-19ce227f-7fada212.idx 262 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomIn-over.jpg-19ce227f-7fada212.jpg 665 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomin.gif-5dd1c495-71b875ce.gif 869 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\zoomin.gif-5dd1c495-71b875ce.idx 256 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\vt_loading.gif-493934-30a51ecf.gif 1380 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\vt_loading.gif-493934-30a51ecf.idx 263 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\vt_loading.gif-493934-643564c6.gif 1380 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\vt_loading.gif-493934-643564c6.idx 267 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.gif-639ad92-7385996a.gif 4677 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.gif-639ad92-7385996a.idx 255 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.jpg-31e011f7-25c0eed5.idx 253 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\wait.jpg-31e011f7-25c0eed5.jpg 16411 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mandalay_bay_two_bedroom_suite.jpg-11ffd606-469ca4a2.idx 315 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mandalay_bay_two_bedroom_suite.jpg-11ffd606-469ca4a2.jpg 249749 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mb_mp.jpg-2d7608d-429957b4.idx 322 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mb_mp.jpg-2d7608d-429957b4.jpg 137933 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mb_mp.jpg-5ea36e75-66d0dcb7.idx 321 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\mb_mp.jpg-5ea36e75-66d0dcb7.jpg 29933 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu.jpg-7f4390e1-3a6664ed.idx 256 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu.jpg-7f4390e1-3a6664ed.jpg 1845 bytes

File C:\Documents and Settings\Dee\Application Data\IBM\Java\Deployment\cache\javapi\v1.0\file\menu.jpg-7f4390e1-49ebad02.idx 252 bytes

---- EOF - GMER 1.0.15 ----

kahdah · December 4, 2009

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

deedawson · December 4, 2009

Many thanks for your assistance - it is greatly appreciated.

I will proceed with the format/re-install, however, I have 2 quick questions:

1) Can I backup the past 2 weeks of data files (since my last backup), to transfer once I format/reinstall? - or do you recommend I scrap that data due to the possibility of infection? I am most worried about email files and a few customer data files.

2) Do I need to worry about other systems in my household that are on the same network and behind the same FIOS router? I ran MBAM and an updated MCAFEE on the additional computers. MBAM found something on 1 of the computers on day 1, but everything "seems" fine with that computer (see log below)

Thank you!!

MBAM log:

Malwarebytes' Anti-Malware 1.41

Database version: 3269

Windows 5.1.2600 Service Pack 3

12/2/2009 1:04:38 AM

mbam-log-2009-12-02 (01-04-38).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 241914

Time elapsed: 3 hour(s), 9 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

kahdah · December 4, 2009

1) Can I backup the past 2 weeks of data files (since my last backup), to transfer once I format/reinstall? - or do you recommend I scrap that data due to the possibility of infection? I am most worried about email files and a few customer data files.

These files you can back up safely.

That log produced there is fine it was just a leftover of my web search.

Your other computers should be fine.

If you want me to check the others I will but for each computer I will need you to run the same set of scans on it as this one.

I can then tell you if they are infected or not.

But I would think that they are fine.

deedawson · December 4, 2009

Thank you for all your assistance! --Dee

kahdah · December 4, 2009

You are welcome

kahdah · December 18, 2009

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

help? Antivirus Pro woes...now iexplore.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information