Solved False virus alert that hides all files and also hijacked search links

[Broni]

Now.....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[mjrii]

OTL.txt (part 1)

OTL logfile created on: 6/20/2011 4:16:21 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mike Reilly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.86% Memory free
4.71 Gb Paging File | 3.37 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 291.75 Gb Total Space | 217.67 Gb Free Space | 74.61% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LENOVO-571EC673 | User Name: Mike Reilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/20 04:13:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Reilly\Desktop\OTL.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Mike Reilly\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2010/03/02 12:20:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/03/01 16:18:44 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/03/01 16:18:42 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/03/01 16:18:40 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/03/01 16:18:38 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/03/01 15:17:34 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/02/25 18:23:54 | 000,020,541 | ---- | M] (Apache Software Foundation) -- C:\InterSystems\Cache\httpd\bin\httpd.exe
PRC - [2010/02/25 17:16:10 | 000,073,728 | ---- | M] (InterSystems Corporation) -- c:\InterSystems\Cache\Bin\cservice.exe
PRC - [2010/02/25 17:08:22 | 003,043,328 | ---- | M] () -- c:\InterSystems\Cache\Bin\cache.exe
PRC - [2009/11/25 03:36:20 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/10/26 19:01:24 | 000,417,842 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
PRC - [2009/10/26 19:01:24 | 000,077,878 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
PRC - [2009/09/28 03:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/08/24 11:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/08/19 20:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/07 08:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/27 02:35:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/07/01 20:31:52 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/07/01 20:22:12 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/07/01 20:12:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/06/10 15:31:00 | 000,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 04:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/03/05 04:23:28 | 000,052,600 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/03/05 03:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009/03/05 01:27:20 | 000,865,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/02/02 05:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/01/28 14:10:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/13 12:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/20 04:13:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Reilly\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/03/02 12:20:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/03/01 16:18:40 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 16:18:38 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/02/25 18:23:54 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- C:\InterSystems\Cache\httpd\bin\httpd.exe -- (CACHEhttpd)
SRV - [2010/02/25 17:16:10 | 000,073,728 | ---- | M] (InterSystems Corporation) [Auto | Running] -- c:\InterSystems\Cache\Bin\cservice.exe -- (Cache_c-_intersystems_cache)
SRV - [2009/10/26 19:01:24 | 000,417,842 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2009/10/26 19:01:24 | 000,077,878 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2009/08/07 08:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/27 02:35:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/07/14 21:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/03 05:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/01 20:31:52 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/07/01 20:22:12 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/07/01 20:12:38 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/03/05 00:54:34 | 000,750,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/11/24 18:34:02 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/04/25 11:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/04/25 11:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/04/25 11:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/04/25 11:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/06/27 13:05:02 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/03/02 12:20:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/10/26 18:58:46 | 000,139,832 | ---- | M] (SafeNet) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2009/10/22 18:44:02 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2009/08/27 21:23:16 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Crypto.sys -- (Crypto)
DRV - [2009/07/14 03:19:44 | 000,142,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/07/10 05:09:44 | 005,792,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/19 14:28:22 | 005,929,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw1x32.sys -- (NETw1x32) Intel(R)
DRV - [2009/06/10 15:31:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/18 01:20:40 | 000,119,256 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/03/26 23:25:36 | 000,029,184 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2009/03/04 18:57:38 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/03/04 18:56:08 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/12/04 13:33:52 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/13 20:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/12 23:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/12 05:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/09/28 20:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 13:46:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/06/19 23:18:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110606075706.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - Startup: C:\Documents and Settings\Mike Reilly\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Mike Reilly\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {9C5FFF8F-0FE6-47AC-A0E6-85EF424F9D32} https://ftp.firstbanks.com/COM/MOVEitUploadWizard6.0.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6138/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 18:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

[mjrii]

OTL.txt (part 2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 04:13:08 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Reilly\Desktop\OTL.exe
[2011/06/20 01:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/19 23:03:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/19 23:01:26 | 004,130,419 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike Reilly\Desktop\ComboFix.exe
[2011/06/19 15:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/19 15:08:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/19 15:08:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/19 15:08:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/19 15:08:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/19 15:08:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/19 15:05:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/19 13:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Desktop\tdsskiller
[2011/06/19 00:58:35 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike Reilly\Desktop\aswMBR.exe
[2011/06/19 00:11:41 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike Reilly\Desktop\dds.scr
[2011/06/18 08:33:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Recent
[2011/06/17 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync
[2011/06/14 18:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Desktop\CPF FILES
[2011/06/13 14:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Desktop\Litigious Debtor
[2011/06/13 12:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Desktop\Workflow Assignments
[2011/06/09 16:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Desktop\MSD Recall
[2011/06/02 09:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/05/29 11:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike Reilly\Application Data\Sammsoft
[2011/05/29 11:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/05/29 11:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/05/29 04:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/28 19:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/28 19:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/28 06:06:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/20 04:24:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/20 04:15:51 | 000,574,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 04:15:51 | 000,114,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 04:13:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Reilly\Desktop\OTL.exe
[2011/06/20 04:05:15 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\AppPaths.exe
[2011/06/20 00:00:05 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\SystemLook.exe
[2011/06/19 23:35:17 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\unhide.exe
[2011/06/19 23:30:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/06/19 23:29:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 23:29:47 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 23:29:02 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 23:29:00 | 3079,516,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/19 23:18:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/19 23:03:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/06/19 23:01:33 | 004,130,419 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike Reilly\Desktop\ComboFix.exe
[2011/06/19 22:43:46 | 000,035,204 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\rkunhooker2
[2011/06/19 22:29:55 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F17DD6B-3336-47F0-87B4-8E91F9C482E3}.job
[2011/06/19 19:52:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 12:59:00 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\tdsskiller.zip
[2011/06/19 01:04:31 | 000,036,810 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\rkunhooker report1
[2011/06/19 01:01:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\RKUnhookerLE.EXE
[2011/06/19 01:00:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\MBR.dat
[2011/06/19 00:58:28 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike Reilly\Desktop\aswMBR.exe
[2011/06/19 00:11:42 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike Reilly\Desktop\dds.scr
[2011/06/19 00:04:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\mq02i124.exe
[2011/06/18 08:14:47 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 21:28:08 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/06/17 21:28:08 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HTC Sync.lnk
[2011/06/16 09:41:52 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\Default.rdp
[2011/06/16 03:09:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 01:37:24 | 000,011,765 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\cache.cpf
[2011/06/14 13:53:42 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\1st Bank Recon.rpt
[2011/06/14 11:03:15 | 000,152,413 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\new sales commission report v2 201105 cep.pdf
[2011/06/13 17:44:27 | 000,914,432 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\All client stats.rpt
[2011/06/13 16:33:50 | 000,357,846 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\clientupdate20110525.csv
[2011/06/13 13:24:53 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Arrangement History.rpt
[2011/06/10 10:22:00 | 000,091,136 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\cmax.rpt
[2011/06/09 20:48:19 | 000,050,593 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\!lcibk0602_1-62251,71302.dat
[2011/06/09 09:32:50 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\Purchase Analysis Report.rpt
[2011/06/07 09:59:56 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\Remote Desktop Connection (2).lnk
[2011/06/06 18:26:15 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Clean Registry for Free!.lnk
[2011/06/03 15:53:22 | 000,079,360 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\DSC Payment Analysis.rpt
[2011/06/03 14:55:08 | 001,618,432 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\SFG Inv.rpt
[2011/06/02 15:54:57 | 009,905,664 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\Current DSC.rpt
[2011/06/02 07:18:44 | 000,076,771 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\mtd_rev_by_coll final 05_2011.pdf
[2011/06/01 08:58:20 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Client Routes.rpt
[2011/05/31 06:45:02 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Shortcut to guiClient.lnk
[2011/05/30 15:31:28 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Shortcut to pidgin.lnk
[2011/05/29 11:56:45 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Check PC For Errors.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:56:00 | 000,434,580 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110529-092544.backup
[2011/05/28 07:50:15 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/28 07:50:14 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Dropbox.lnk
[2011/05/27 11:03:46 | 000,196,434 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\SystemAdministrationAccessRequestDocumentP.pdf
[2011/05/26 19:08:43 | 000,568,766 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCZ0003D.AGNCYCCL(0)
[2011/05/26 19:08:42 | 000,677,851 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCD420.CCL(+0)
[2011/05/26 19:08:42 | 000,006,527 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCZ0001D.EXTRCCL(+0)
[2011/05/26 18:46:28 | 002,754,048 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\JHP Payment extract.rpt
[2011/05/26 08:31:15 | 000,165,240 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\quintltrreq20110526.csv
[2011/05/26 08:30:32 | 000,286,208 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Training Test.rpt
[2011/05/25 22:59:10 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\RouteInv.rpt
[2011/05/25 15:15:54 | 000,357,846 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\clientupdate20110525.csv
[2011/05/25 11:26:35 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\SFG Forecast Report.rpt
[2011/05/25 03:14:41 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\bad roles.rpt
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 04:05:14 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\AppPaths.exe
[2011/06/20 00:00:03 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\SystemLook.exe
[2011/06/19 23:35:15 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\unhide.exe
[2011/06/19 23:03:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/06/19 23:03:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/19 22:43:46 | 000,035,204 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\rkunhooker2
[2011/06/19 22:27:32 | 3079,516,160 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/19 15:08:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/19 15:08:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/19 15:08:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/19 15:08:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/19 15:08:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/19 13:03:23 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\tdsskiller.zip
[2011/06/19 01:04:31 | 000,036,810 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\rkunhooker report1
[2011/06/19 01:01:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\RKUnhookerLE.EXE
[2011/06/19 01:00:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\MBR.dat
[2011/06/19 00:04:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\mq02i124.exe
[2011/06/18 08:14:47 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 21:28:08 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk
[2011/06/17 21:28:08 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HTC Sync.lnk
[2011/06/14 13:41:51 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\1st Bank Recon.rpt
[2011/06/14 11:03:13 | 000,152,413 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\new sales commission report v2 201105 cep.pdf
[2011/06/13 16:33:49 | 000,357,846 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\clientupdate20110525.csv
[2011/06/10 11:25:30 | 000,050,593 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\!lcibk0602_1-62251,71302.dat
[2011/06/09 20:33:00 | 000,091,136 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\cmax.rpt
[2011/06/07 14:58:11 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Arrangement History.rpt
[2011/06/06 18:26:14 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Clean Registry for Free!.lnk
[2011/06/02 07:18:43 | 000,076,771 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\My Documents\mtd_rev_by_coll final 05_2011.pdf
[2011/06/01 08:58:19 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Client Routes.rpt
[2011/05/31 06:45:02 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Shortcut to guiClient.lnk
[2011/05/30 15:31:28 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Shortcut to pidgin.lnk
[2011/05/29 11:56:45 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Check PC For Errors.lnk
[2011/05/27 11:03:46 | 000,196,434 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\SystemAdministrationAccessRequestDocumentP.pdf
[2011/05/26 19:06:02 | 000,677,851 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCD420.CCL(+0)
[2011/05/26 19:06:02 | 000,568,766 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCZ0003D.AGNCYCCL(0)
[2011/05/26 19:06:02 | 000,006,527 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\@EFRPF.C51016.OCZ0001D.EXTRCCL(+0)
[2011/05/26 18:46:26 | 002,754,048 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\My Documents\JHP Payment extract.rpt
[2011/05/26 08:31:05 | 000,165,240 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\My Documents\quintltrreq20110526.csv
[2011/05/25 22:59:09 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\RouteInv.rpt
[2011/05/25 12:36:22 | 000,357,846 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\My Documents\clientupdate20110525.csv
[2011/05/24 12:45:31 | 000,286,208 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Desktop\Training Test.rpt
[2011/04/10 19:56:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Local Settings\Application Data\rx_image32.Cache
[2011/01/18 14:31:38 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2010/12/12 22:03:41 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Local Settings\Application Data\fusioncache.dat
[2010/12/07 21:21:52 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/12/06 23:06:16 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Mike Reilly\Local Settings\Application Data\d3d9caps.dat
[2010/10/29 12:27:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 07:48:55 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ConnectionGUI.INI
[2010/08/03 16:37:06 | 000,079,368 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2010/08/03 16:37:06 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2010/08/03 16:36:39 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2010/08/03 16:36:39 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/07/29 18:13:13 | 001,240,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/29 05:18:35 | 000,000,013 | ---- | C] () -- C:\WINDOWS\OemOut.ini
[2010/07/28 21:03:27 | 000,000,168 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/27 13:43:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/27 13:16:34 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/06/27 13:07:27 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/06/27 13:07:27 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/06/27 13:07:16 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/06/27 13:03:21 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010/06/27 13:03:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/27 12:50:44 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/06/27 12:50:44 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/06/27 12:50:27 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010/06/27 12:46:41 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/22 11:22:09 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/21 18:50:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/07/21 18:50:00 | 000,574,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/07/21 18:50:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/07/21 18:50:00 | 000,114,768 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/07/21 18:50:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/07/21 18:49:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/07/21 18:49:59 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/07/21 18:49:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/07/21 18:49:55 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/07/21 18:49:55 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/07/21 18:49:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/07/21 18:49:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/07/21 18:04:47 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 18:00:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 10:55:48 | 000,004,379 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 10:55:02 | 000,317,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/01/17 08:10:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2004/08/09 08:00:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2002/02/27 12:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 12:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[1999/10/26 17:00:00 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT

========== LOP Check ==========

[2010/06/27 13:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Downloaded Installations
[2010/07/29 05:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2010/06/27 13:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/06/27 13:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DDNI
[2010/07/29 05:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/06/27 13:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/02/24 09:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2010/06/27 13:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/11/23 00:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/06/27 13:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Downloaded Installations
[2010/07/29 05:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2011/06/18 23:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\.purple
[2010/07/29 15:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Avaya
[2010/06/27 13:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Downloaded Installations
[2011/06/19 23:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Dropbox
[2011/06/03 10:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\gtk-2.0
[2010/07/29 16:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Helios
[2011/04/10 08:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\HTC
[2011/04/10 08:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/12/25 11:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\InterVideo
[2011/02/24 09:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Lenovo
[2010/08/04 16:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Notepad++
[2011/04/20 11:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\ntr
[2010/07/30 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Ontario Systems
[2011/02/24 09:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\PGP Corporation
[2011/05/29 11:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Sammsoft
[2010/09/26 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\vShare
[2011/01/13 16:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\webex
[2010/07/29 15:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Windows Desktop Search
[2010/07/29 16:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Windows Search
[2010/12/21 13:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\Xcelsius
[2010/12/21 13:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\XcelsiuscustomThemes
[2010/12/21 13:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike Reilly\Application Data\XcelsiuscustomThemesAutoInfo
[2011/04/08 21:00:42 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/19 23:30:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2011/06/19 22:29:55 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F17DD6B-3336-47F0-87B4-8E91F9C482E3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/21 18:02:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 04:57:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/19 23:03:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/19 23:20:52 | 000,017,642 | ---- | M] () -- C:\ComboFix.txt
[2008/07/21 18:02:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/19 23:29:00 | 3079,516,160 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/21 18:02:34 | 000,000,000 | ---- | M] () -- C:\IO.SYS
[2008/07/21 18:02:34 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | ---- | M] () -- C:\NTLDR
[2011/06/19 23:28:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/27 12:50:40 | 000,002,721 | ---- | M] () -- C:\RHDSetup.log
[2011/02/17 10:23:18 | 000,083,982 | ---- | M] () -- C:\sysiclog.txt
[2011/06/19 22:09:47 | 000,059,118 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_19.06.2011_22.05.39_log.txt
[2010/06/27 13:03:52 | 000,502,884 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2006/04/18 18:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 17:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 18:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 17:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/21 18:02:08 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/10 20:48:48 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 15:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/21 10:54:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/21 10:54:31 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/21 10:54:31 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2005/06/27 18:02:38 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\AccRestore.exe
[2011/06/20 04:05:15 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\AppPaths.exe
[2011/06/19 00:58:28 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike Reilly\Desktop\aswMBR.exe
[2011/06/19 23:01:33 | 004,130,419 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike Reilly\Desktop\ComboFix.exe
[2011/06/19 00:04:51 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\mq02i124.exe
[2011/05/20 09:47:02 | 000,812,496 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Mike Reilly\Desktop\ODBCDriverPatch1463.exe
[2011/06/20 04:13:10 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Reilly\Desktop\OTL.exe
[2011/06/19 01:01:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\RKUnhookerLE.EXE
[2011/06/20 00:00:05 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\SystemLook.exe
[2011/06/19 23:35:17 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\unhide.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2006/01/05 13:40:18 | 001,462,023 | ---- | M] (Free Software Foundation) -- C:\Documents and Settings\Mike Reilly\My Documents\gnupg-w32cli-1.4.2.exe
[2005/11/09 13:57:26 | 000,812,496 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Mike Reilly\My Documents\ODBCDriverPatch1463.exe
[2009/11/15 22:42:45 | 014,436,216 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\My Documents\pidgin-2.6.3.exe
[2009/03/09 17:51:13 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Mike Reilly\My Documents\spybotsd162.exe
[2005/11/07 18:46:45 | 002,128,042 | ---- | M] (Helios ) -- C:\Documents and Settings\Mike Reilly\My Documents\txpeng473.exe
[2011/04/26 06:51:41 | 000,741,744 | ---- | M] (RealVNC Ltd. ) -- C:\Documents and Settings\Mike Reilly\My Documents\vnc-4_1_3-x86_win32.exe
[2010/07/29 16:19:36 | 011,880,802 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Mike Reilly\My Documents\wsftp20071_SNWS-E000581215MM7GJXRX.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/19 22:44:30 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/06/20 04:16:12 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 04:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 02:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 02:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 02:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 08:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 02:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 02:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 02:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 02:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 02:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Files - Unicode (All) ==========
[2010/07/28 23:47:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Mike Reilly\My Documents\??pPatch) -- C:\Documents and Settings\Mike Reilly\My Documents\ΑрpPatch
[2010/07/28 23:47:39 | 000,000,000 | ---D | C](C:\Documents and Settings\Mike Reilly\My Documents\??pPatch) -- C:\Documents and Settings\Mike Reilly\My Documents\ΑрpPatch

< End of report >

 

[mjrii]

Extras.txt

OTL Extras logfile created on: 6/20/2011 4:16:21 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Mike Reilly\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.86% Memory free
4.71 Gb Paging File | 3.37 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 291.75 Gb Total Space | 217.67 Gb Free Space | 74.61% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LENOVO-571EC673 | User Name: Mike Reilly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Documents and Settings\Mike Reilly\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Mike Reilly\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe" = C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe" = C:\Program Files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe" = C:\Program Files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\Juniper\NetScreen-Remote\vpn.exe" = C:\Program Files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{165E9FED-53F2-4355-9396-FC96DAEEC37A}" = Caché in C:\InterSystems\Cache
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40B2CCC5-CB5E-4656-B85C-AE7B81E4BC42}" = Lenovo Welcome
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C018129-1793-48D2-B82C-6FA71C96B476}" = Online Data Backup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{830C1687-F55F-45C1-AD2B-405824DC65DB}" = Network Recording Player
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E7CD6B1-1F89-49D9-9E2C-F7FADC5C9390}" = Intel(R) PROSet/Wireless WiFi Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99F4FC4E-171A-4121-BB54-8159198C89A8}" = OnDemand Desktop Publisher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAB6C24A-9D62-4317-A22E-78A0ABF2DD4F}" = InterSystems ODBC Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C042AFD4-32D3-4287-BBE8-845EE4D78C3E}" = Xcelsius 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C17EF3-83ED-4956-8638-7354EBE7FFFF}" = Lenovo Idea Notes
"{C3B4274C-50FE-43B7-88A9-4D45F316E777}" = Artiva Workstation
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7E2FF9D-D503-4312-B769-6B0284B161CC}" = Mobile Broadband Connect
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECCAEF3-D37A-48D5-8E39-8D0727C8C6E2}" = ACH Origination Application
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D7868F4B-944C-4264-834E-CEBC354EC704}" = Artiva Manager
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ARO 2011_is1" = ARO 2011
"Artiva Studio" = Artiva Studio
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CT Term GUI" = CT Term GUI
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"Lenovo Central" = Lenovo Central
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee AntiVirus Plus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"RealVNC_is1" = VNC Free Edition 4.1.3
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2011 10:29:18 PM | Computer Name = LENOVO-571EC673 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sun Jun
19 22:29:18 2011] [notice] Disabled use of AcceptEx() WinSock2 API .

Error - 6/19/2011 10:36:25 PM | Computer Name = LENOVO-571EC673 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sun Jun
19 22:36:25 2011] [notice] Disabled use of AcceptEx() WinSock2 API .

Error - 6/19/2011 11:11:14 PM | Computer Name = LENOVO-571EC673 | Source = Application Error | ID = 1000
Description = Faulting application dumphive.cfxxe, version 0.0.0.0, faulting module
dumphive.cfxxe, version 0.0.0.0, fault address 0x00008444.

Error - 6/19/2011 11:11:42 PM | Computer Name = LENOVO-571EC673 | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 6/19/2011 11:19:55 PM | Computer Name = LENOVO-571EC673 | Source = Application Error | ID = 1000
Description = Faulting application dumphive.cfxxe, version 0.0.0.0, faulting module
dumphive.cfxxe, version 0.0.0.0, fault address 0x00008444.

Error - 6/19/2011 11:29:46 PM | Computer Name = LENOVO-571EC673 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> [Sun Jun
19 23:29:46 2011] [notice] Disabled use of AcceptEx() WinSock2 API .

Error - 6/20/2011 1:17:24 AM | Computer Name = LENOVO-571EC673 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/20/2011 1:17:24 AM | Computer Name = LENOVO-571EC673 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/20/2011 1:17:25 AM | Computer Name = LENOVO-571EC673 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 6/20/2011 1:17:25 AM | Computer Name = LENOVO-571EC673 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE
ANTIVIRUS PLUS.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


[ Lenovo-Message Center Plus/Admin Events ]
Error - 3/8/2011 11:11:59 PM | Computer Name = LENOVO-571EC673 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 5/24/2011 6:11:51 AM | Computer Name = LENOVO-571EC673 | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted

[ OSession Events ]
Error - 7/29/2010 5:22:43 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5450
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:23:18 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:23:57 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:24:45 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:30:45 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 245
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2010 5:32:05 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/14/2010 11:32:19 PM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 682
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/8/2011 9:36:17 AM | Computer Name = LENOVO-571EC673 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 454
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/19/2011 10:39:08 PM | Computer Name = LENOVO-571EC673 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3
9969496c, parameter4 00000000.

Error - 6/19/2011 10:39:16 PM | Computer Name = LENOVO-571EC673 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3
a1a9496c, parameter4 00000000.

Error - 6/19/2011 10:39:22 PM | Computer Name = LENOVO-571EC673 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3
a319596c, parameter4 00000000.

Error - 6/19/2011 10:39:25 PM | Computer Name = LENOVO-571EC673 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3
9af9f96c, parameter4 00000000.

Error - 6/19/2011 10:42:14 PM | Computer Name = LENOVO-571EC673 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MIKERPC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{8E2FEB0E-8564-4463-8. The master browser is stopping or an election
is being forced.

Error - 6/19/2011 11:29:10 PM | Computer Name = LENOVO-571EC673 | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/19/2011 11:29:10 PM | Computer Name = LENOVO-571EC673 | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/19/2011 11:43:49 PM | Computer Name = LENOVO-571EC673 | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 6/19/2011 11:43:49 PM | Computer Name = LENOVO-571EC673 | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 6/20/2011 3:54:51 AM | Computer Name = LENOVO-571EC673 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.15.4 on
the Network Card with network address 0026C748FFEA.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: internet ([]about in Trusted sites)
  O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: mcafee.com ([]http in Trusted sites)
  O15 - HKU\S-1-5-21-2539251137-84547536-1959951320-1008\..Trusted Domains: mcafee.com ([]https in Trusted sites)
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2011/06/06 18:26:15 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\Mike Reilly\Desktop\Clean Registry for Free!.lnk
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[mjrii]

OTL results: others to follow

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2539251137-84547536-1959951320-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\qfe1DC.tmp deleted successfully.
C:\Documents and Settings\Mike Reilly\Desktop\Clean Registry for Free!.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========
C:\Documents and Settings\Mike Reilly\My Documents\ΑрpPatch folder moved successfully.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56823 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike Reilly
->Temp folder emptied: 951654 bytes
->Temporary Internet Files folder emptied: 72717234 bytes
->Java cache emptied: 73524761 bytes
->Google Chrome cache emptied: 6858223 bytes
->Flash cache emptied: 260649 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53103 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 37900722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 184.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mike Reilly
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06202011_203715

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[mjrii]

Security Check log


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee AntiVirus Plus
McAfee Virtual Technician
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

 

[mjrii]

sorry, fell asleep last night during the scan. nothing found.

Updated adobe to newest version

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[mjrii]

otl log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike Reilly
->Temp folder emptied: 7494384 bytes
->Temporary Internet Files folder emptied: 97376590 bytes
->Java cache emptied: 285371 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3027 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4840753 bytes

Total Files Cleaned = 105.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Mike Reilly
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.24.1 log created on 06212011_215425

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mike Reilly\Local Settings\Temp\hsperfdata_Mike Reilly\7444 not found!
C:\Documents and Settings\Mike Reilly\Local Settings\Temp\~DF5F3D.tmp moved successfully.
C:\Documents and Settings\Mike Reilly\Local Settings\Temporary Internet Files\Content.IE5\TJC2SUTT\topic166728-2[2].html moved successfully.
C:\Documents and Settings\Mike Reilly\Local Settings\Temporary Internet Files\Content.IE5\N7JFYB6L\sh44[1].html moved successfully.
C:\Documents and Settings\Mike Reilly\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

[mjrii]

Thanks for all your help! You guys are great.

It appears it is back to normal. I still have to clean up the start programs but that is no big deal.

I downloaded the suggested programs and will take your suggestion to run those often.

Question, is it a good idea to invest in MalwareBytes for the real time protechtion?

 

[Broni]

I think, it's a very good idea.

Way to go!!

Good luck and stay safe