Please Help with Virus

**the1dbg** · 2010-01-26, 00:22

My computer is not letting me install spy bot. It keeps warning me of viruses. It disabled Norton. It says that it is Internet Security 2010. When I start up the computer it says that Worm.Win32.NetSky is on the computer but I cannot confirm it. I am attaching a HJT report. Please help, my computer is going crazy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:19 PM, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\Aveo\Attune\Updater1\Attunel.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\PermissionTV\bin\dmtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [BackupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Attune Download] C:\PROGRA~1\Aveo\Attune\Updater1\Attunel.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Osceola Library System Tray App.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148348000343
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 15650 bytes

**ken545** · 2010-01-28, 02:22

Hello

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Download OTL to your desktop.

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
[Unregister Dlls]
[Custom Items]
:Services
lmuytnv
ndisdrv
qvazdxe
:Files
helper32.dll /lsp
winhelper86.dll /lsp
%systemdrive%\Internet Security 2010.lnk /s
%systemroot%\System32\winlogon32.exe
%systemroot%\System32\smss32.exe
%systemroot%\System32\AVR10.exe
%systemroot%\System32\helper32.dll
%systemroot%\System32\winhelper86.dll
%systemroot%\System32\smss32.exe
%systemroot%\System32\warning.html
%systemroot%\system32\IS15.exe
%systemroot%\System32\winhelper86.dll
%systemdrive%\trhh.exe
%systemdrive%\sdigdvmg.exe
%systemdrive%\wgqi.exe
%systemdrive%\byyk.exe
%systemroot%\lsass.exe
%systemroot%\odbn0.exe
%systemroot%\System32\sdra64.exe
%systemroot%\System32\41.exe
%systemroot%\System32\153.exe
%systemroot%\System32\292.exe
%systemroot%\System32\491.exe
%systemroot%\System32\1869.exe
%systemroot%\system32\2876.exe
%systemroot%\System32\2995.exe
%systemroot%\System32\3902.exe
%systemroot%\System32\4827.exe
%systemroot%\System32\5436.exe
%systemroot%\System32\5447.exe
%systemroot%\System32\5705.exe
%systemroot%\System32\6334.exe
%systemroot%\System32\7376.exe
%systemroot%\System32\9961.exe
%systemroot%\System32\11478.exe
%systemroot%\System32\11538.exe
%systemroot%\System32\11942.exe
%systemroot%\System32\12382.exe
%systemroot%\system32\12662.exe
%systemroot%\System32\13931.exe
%systemroot%\system32\14070.exe
%systemroot%\System32\14604.exe
%systemroot%\System32\14771.exe
%systemroot%\System32\15724.exe
%systemroot%\System32\16827.exe
%systemroot%\System32\16944.exe
%systemroot%\system32\17125.exe
%systemroot%\System32\17421.exe
%systemroot%\System32\18467.exe
%systemroot%\System32\18716.exe
%systemroot%\System32\19169.exe
%systemroot%\System32\19718.exe
%systemroot%\System32\19895.exe
%systemroot%\system32\19905.exe
%systemroot%\System32\19912.exe
%systemroot%\system32\21386.exe
%systemroot%\System32\21726.exe
%systemroot%\system32\22934.exe
%systemroot%\System32\23281.exe
%systemroot%\system32\24242.exe
%systemroot%\System32\24464.exe
%systemroot%\system32\24478.exe
%systemroot%\System32\26308.exe
%systemroot%\System32\26500.exe
%systemroot%\System32\26962.exe
%systemroot%\system32\27213.exe
%systemroot%\System32\28145.exe
%systemroot%\system32\28466.exe
%systemroot%\System32\29358.exe
%systemroot%\System32\32391.exe
%systemroot%\System32\32439.exe
%systemroot%\system32\ndisdrv.sys
%systemdrive%\s
%systemroot%\system32\kbdsock.dll
%systemroot%\system32\mshlps.dll
%systemroot%\system32\drivers\kdrhkukb.sys
%PROGRAMFILES%\InternetSecurity2010
%systemroot%\System32\lowsec
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[CREATERESTOREPOINT]
[resethosts]
:end
[Purity]
[Empty Temp Folders]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report and also a new HJT log please

Post the OTL log, the Malwarebytes log and a new HJT log please

**the1dbg** · 2010-01-29, 04:03

I ran the OTL program and when it was done it did not show a log. I then ran the Malwarebytes and it removed some things (31). 2 of the process could not be removed and I restarted. I made a HTJ log. Please let me know where I can find the OTL log. The two logs that I got are below. Thank you for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:16 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PermissionTV\bin\dmtray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BackupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Osceola Library System Tray App.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 17 missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148348000343
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 14634 bytes

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/28/2010 7:58:09 PM
mbam-log-2010-01-28 (19-58-09).txt

Scan type: Quick Scan
Objects scanned: 146620
Time elapsed: 2 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 11
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Unloaded process successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{92c3f342-45da-4511-853a-b3836aaff5f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pmsngr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\SearchTool\nsk2D.dll (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

**ken545** · 2010-01-29, 12:19

Good Morning,

Lets just run a OTL scan, no script this time, this will show me the logs, I left the download link in case you removed it, ignore it if you have not

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**the1dbg** · 2010-01-30, 01:04

Good evening,

Here is the OTL log. I will sent the Extras log in the next post.

OTL logfile created on: 1/29/2010 5:32:39 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 657.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 12.37 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISAIAH
Current User Name: Lori
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PermissionTV\bin\dm.exe (PermissionTV)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE (Symantec Corporation)
PRC - C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
PRC - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corp.)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe (Hewlett-Packard )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (NewTech Infosystems, Inc.)
MOD - C:\Program Files\Common Files\Symantec Shared\CCL40.DLL (Symantec Corporation)
MOD - C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NTI BackupNowEZSvr) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (NewTech Infosystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (PermissionTVDownloadManager) -- C:\Program Files\PermissionTV\bin\dm.exe (PermissionTV)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (NSCService) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
SRV - (NTService1) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
SRV - (comHost) -- C:\Program Files\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\WINDOWS\system32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20061224.008\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20061215.005\SymIDSCo.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys (Symantec Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - (SMNDIS5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 18:20:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 18:15:31 | 00,000,000 | ---D | M]

[2009/11/24 18:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Mozilla\Extensions
[2009/11/24 18:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\f6l8y3gn.default\extensions
[2009/11/24 18:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/12/25 01:56:49 | 00,000,713 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Lori\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Osceola Library System Tray App.lnk = C:\Program Files\PermissionTV\bin\dmtray.exe (PermissionTV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1148348000343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab (IWinAmpActiveX Class)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 () - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell - "" = AutoRun
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cacbb651-06b9-11df-9a7a-00163622f0ad}\Shell\AutoRun\command - "" = restore\restorestarter.exe
O33 - MountPoints2\{d3b35806-979c-11db-9160-00163622f0ad}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\AutoRun\command - "" = click/jack.exe
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\explore\command - "" = click/jack.exe
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\open\command - "" = click/jack.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 20:01:45 | 00,000,000 | ---D | C] -- C:\Avenger
[2010/01/28 17:04:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Malwarebytes
[2010/01/28 17:03:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 17:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/28 17:02:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/28 17:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 16:43:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/28 16:42:15 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2010/01/25 18:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 18:52:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NTIReg
[2010/01/22 14:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\Copy of EmergencyResponseTerrorismStAugustine_files
[2010/01/22 14:43:18 | 00,014,464 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2010/01/22 14:43:16 | 00,013,440 | ---- | C] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Xp_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\w2k_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_ia64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_amd64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_x86
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_ia64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_amd64
[2010/01/22 14:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti
[2010/01/22 14:42:34 | 00,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2010/01/17 15:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/17 10:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/17 10:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/12 19:37:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/10 04:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\rti
[2010/01/10 04:49:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\usbfiles
[2010/01/10 04:47:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\southafrica
[2009/03/16 22:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/27 21:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/08 10:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/04/10 04:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/04/10 03:02:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/04/10 03:02:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[28 C:\Documents and Settings\Lori\Desktop\*.tmp files -> C:\Documents and Settings\Lori\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/29 17:47:46 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/01/29 17:27:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/29 17:27:08 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/28 22:12:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Lori\ntuser.ini
[2010/01/28 22:12:21 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Lori\NTUSER.DAT
[2010/01/28 17:04:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 16:53:50 | 00,002,931 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/01/28 16:47:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 16:47:26 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/28 16:28:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 16:16:46 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2010/01/25 18:28:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10638.exe
[2010/01/25 18:08:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22704.exe
[2010/01/25 18:06:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\HijackThis.lnk
[2010/01/25 03:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12513.exe
[2010/01/25 02:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\952.exe
[2010/01/25 02:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23910.exe
[2010/01/25 02:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1159.exe
[2010/01/25 01:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11224.exe
[2010/01/25 01:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18208.exe
[2010/01/25 01:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15387.exe
[2010/01/25 00:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18541.exe
[2010/01/25 00:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31239.exe
[2010/01/25 00:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14560.exe
[2010/01/24 23:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29924.exe
[2010/01/24 23:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20256.exe
[2010/01/24 23:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15104.exe
[2010/01/24 22:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4098.exe
[2010/01/24 22:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8077.exe
[2010/01/24 22:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2496.exe
[2010/01/24 21:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13834.exe
[2010/01/24 21:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24234.exe
[2010/01/24 21:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23004.exe
[2010/01/24 20:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30663.exe
[2010/01/24 20:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6645.exe
[2010/01/24 20:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25122.exe
[2010/01/24 19:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10120.exe
[2010/01/24 19:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16818.exe
[2010/01/24 19:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17470.exe
[2010/01/24 18:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31525.exe
[2010/01/24 18:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28534.exe
[2010/01/24 18:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18928.exe
[2010/01/24 17:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2918.exe
[2010/01/24 17:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\31343.exe
[2010/01/24 17:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12858.exe
[2010/01/24 17:00:00 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/24 10:23:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25820.exe
[2010/01/24 10:22:40 | 00,213,504 | ---- | M] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 10:03:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32468.exe
[2010/01/24 09:43:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9572.exe
[2010/01/24 09:23:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12387.exe
[2010/01/24 09:03:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32128.exe
[2010/01/24 08:43:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12903.exe
[2010/01/24 08:23:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21196.exe
[2010/01/24 08:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24042.exe
[2010/01/24 07:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18537.exe
[2010/01/24 07:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1548.exe
[2010/01/24 07:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8737.exe
[2010/01/24 06:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32294.exe
[2010/01/24 06:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28208.exe
[2010/01/24 06:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28423.exe
[2010/01/24 05:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\177.exe
[2010/01/24 05:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6051.exe
[2010/01/24 05:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\482.exe
[2010/01/24 04:53:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/24 04:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\22737.exe
[2010/01/24 04:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25787.exe
[2010/01/24 04:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25841.exe
[2010/01/24 03:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7562.exe
[2010/01/24 03:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27530.exe
[2010/01/24 03:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28823.exe
[2010/01/24 02:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28226.exe
[2010/01/24 02:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16123.exe
[2010/01/24 02:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26557.exe
[2010/01/24 01:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\25641.exe
[2010/01/24 01:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24134.exe
[2010/01/24 01:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4321.exe
[2010/01/24 00:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13141.exe
[2010/01/24 00:23:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\10374.exe
[2010/01/24 00:03:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20037.exe
[2010/01/23 23:43:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3081.exe
[2010/01/23 23:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29662.exe
[2010/01/23 23:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\487.exe
[2010/01/23 22:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1405.exe
[2010/01/23 22:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7407.exe
[2010/01/23 22:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20990.exe
[2010/01/23 21:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\13261.exe
[2010/01/23 21:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26556.exe
[2010/01/23 21:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14727.exe
[2010/01/23 20:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16949.exe
[2010/01/23 20:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9076.exe
[2010/01/23 20:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3904.exe
[2010/01/23 19:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4943.exe
[2010/01/23 19:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28371.exe
[2010/01/23 19:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17531.exe
[2010/01/23 18:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19917.exe
[2010/01/23 18:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20884.exe
[2010/01/23 18:03:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7993.exe
[2010/01/23 17:43:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23507.exe
[2010/01/23 17:23:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4366.exe
[2010/01/22 19:09:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6591.exe
[2010/01/22 18:00:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\30034.exe
[2010/01/22 17:40:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\27166.exe
[2010/01/22 17:20:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9266.exe
[2010/01/22 17:00:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\20979.exe
[2010/01/22 16:40:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6237.exe
[2010/01/22 16:20:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1354.exe
[2010/01/22 16:00:52 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17392.exe
[2010/01/22 15:40:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6562.exe
[2010/01/22 15:20:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9193.exe
[2010/01/22 15:00:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8971.exe
[2010/01/22 14:42:55 | 00,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/01/22 14:40:51 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19033.exe
[2010/01/21 14:10:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\8341.exe
[2010/01/21 13:50:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\1730.exe
[2010/01/17 15:57:49 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/17 15:51:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16483.exe
[2010/01/17 15:31:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3561.exe
[2010/01/17 15:11:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12512.exe
[2010/01/17 11:50:48 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21500.exe
[2010/01/17 11:09:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32530.exe
[2010/01/17 11:01:52 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/17 10:41:43 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\21764.exe
[2010/01/17 10:21:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7973.exe
[2010/01/17 10:16:29 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/17 10:01:41 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28449.exe
[2010/01/14 21:35:50 | 01,580,390 | -H-- | M] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\IconCache.db
[2010/01/13 09:58:55 | 42,567,027 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Master_Reader_The_Work_s.wma
[2010/01/12 13:30:05 | 00,317,555 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\RTI Catalog Version 10-2 20108.pdf
[2010/01/10 04:33:49 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Watchtower Library 2009 - English.lnk
[2010/01/09 20:21:54 | 00,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - BeBo.job
[2010/01/09 20:08:24 | 00,009,494 | ---- | M] () -- C:\Documents and Settings\Lori\My Documents\3 card Template PALS.tif
[2010/01/08 18:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[28 C:\Documents and Settings\Lori\Desktop\*.tmp files -> C:\Documents and Settings\Lori\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/28 17:04:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 18:28:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10638.exe
[2010/01/25 18:08:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22704.exe
[2010/01/25 18:06:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\HijackThis.lnk
[2010/01/25 03:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12513.exe
[2010/01/25 02:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\952.exe
[2010/01/25 02:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23910.exe
[2010/01/25 02:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1159.exe
[2010/01/25 01:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11224.exe
[2010/01/25 01:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18208.exe
[2010/01/25 01:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15387.exe
[2010/01/25 00:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18541.exe
[2010/01/25 00:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31239.exe
[2010/01/25 00:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14560.exe
[2010/01/24 23:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29924.exe
[2010/01/24 23:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20256.exe
[2010/01/24 23:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15104.exe
[2010/01/24 22:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4098.exe
[2010/01/24 22:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8077.exe
[2010/01/24 22:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2496.exe
[2010/01/24 21:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13834.exe
[2010/01/24 21:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24234.exe
[2010/01/24 21:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23004.exe
[2010/01/24 20:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30663.exe
[2010/01/24 20:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6645.exe
[2010/01/24 20:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25122.exe
[2010/01/24 19:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10120.exe
[2010/01/24 19:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16818.exe
[2010/01/24 19:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17470.exe
[2010/01/24 18:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31525.exe
[2010/01/24 18:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28534.exe
[2010/01/24 18:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18928.exe
[2010/01/24 17:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2918.exe
[2010/01/24 17:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\31343.exe
[2010/01/24 17:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12858.exe
[2010/01/24 10:23:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25820.exe
[2010/01/24 10:03:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32468.exe
[2010/01/24 09:43:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9572.exe
[2010/01/24 09:23:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12387.exe
[2010/01/24 09:03:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32128.exe
[2010/01/24 08:43:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12903.exe
[2010/01/24 08:23:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21196.exe
[2010/01/24 08:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24042.exe
[2010/01/24 07:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18537.exe
[2010/01/24 07:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1548.exe
[2010/01/24 07:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8737.exe
[2010/01/24 06:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32294.exe
[2010/01/24 06:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28208.exe
[2010/01/24 06:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28423.exe
[2010/01/24 05:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\177.exe
[2010/01/24 05:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6051.exe
[2010/01/24 05:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\482.exe
[2010/01/24 04:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\22737.exe
[2010/01/24 04:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25787.exe
[2010/01/24 04:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25841.exe
[2010/01/24 03:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7562.exe
[2010/01/24 03:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27530.exe
[2010/01/24 03:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28823.exe
[2010/01/24 02:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28226.exe
[2010/01/24 02:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16123.exe
[2010/01/24 02:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26557.exe
[2010/01/24 01:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\25641.exe
[2010/01/24 01:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24134.exe
[2010/01/24 01:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4321.exe
[2010/01/24 00:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13141.exe
[2010/01/24 00:23:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\10374.exe
[2010/01/24 00:03:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20037.exe
[2010/01/23 23:43:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3081.exe
[2010/01/23 23:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29662.exe
[2010/01/23 23:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\487.exe
[2010/01/23 22:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1405.exe
[2010/01/23 22:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7407.exe
[2010/01/23 22:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20990.exe
[2010/01/23 21:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\13261.exe
[2010/01/23 21:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26556.exe
[2010/01/23 21:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14727.exe
[2010/01/23 20:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16949.exe
[2010/01/23 20:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9076.exe
[2010/01/23 20:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3904.exe
[2010/01/23 19:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4943.exe
[2010/01/23 19:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28371.exe
[2010/01/23 19:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17531.exe
[2010/01/23 18:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19917.exe
[2010/01/23 18:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20884.exe
[2010/01/23 18:03:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7993.exe
[2010/01/23 17:43:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23507.exe
[2010/01/23 17:23:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4366.exe
[2010/01/22 19:09:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6591.exe
[2010/01/22 18:00:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\30034.exe
[2010/01/22 17:40:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\27166.exe
[2010/01/22 17:20:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9266.exe
[2010/01/22 17:00:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\20979.exe
[2010/01/22 16:40:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6237.exe
[2010/01/22 16:20:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1354.exe
[2010/01/22 16:00:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17392.exe
[2010/01/22 15:40:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6562.exe
[2010/01/22 15:20:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9193.exe
[2010/01/22 15:00:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8971.exe
[2010/01/22 14:42:55 | 00,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/01/22 14:40:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19033.exe
[2010/01/21 14:10:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\8341.exe
[2010/01/21 13:50:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\1730.exe
[2010/01/17 15:57:49 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/17 15:51:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16483.exe
[2010/01/17 15:31:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3561.exe
[2010/01/17 15:11:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12512.exe
[2010/01/17 11:50:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21500.exe
[2010/01/17 11:09:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32530.exe
[2010/01/17 10:41:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\21764.exe
[2010/01/17 10:21:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7973.exe
[2010/01/17 10:16:40 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/17 10:16:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/17 10:16:34 | 00,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/17 10:16:29 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/17 10:01:41 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28449.exe
[2010/01/16 07:13:45 | 00,002,931 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/01/13 09:58:52 | 42,567,027 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Master_Reader_The_Work_s.wma
[2010/01/12 13:29:56 | 00,317,555 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\RTI Catalog Version 10-2 20108.pdf
[2010/01/10 04:33:49 | 00,000,951 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Watchtower Library 2009 - English.lnk
[2010/01/09 20:08:23 | 00,009,494 | ---- | C] () -- C:\Documents and Settings\Lori\My Documents\3 card Template PALS.tif
[2009/08/04 12:10:43 | 00,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009/07/29 17:10:06 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/16 19:34:09 | 00,000,063 | ---- | C] () -- C:\WINDOWS\vpg_bcsb.ini
[2008/05/19 02:02:46 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/17 11:35:25 | 00,594,024 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2008/02/17 11:35:23 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2007/11/21 19:37:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\$_hpcst$.hpc
[2007/04/05 06:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/21 20:32:18 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\wklnhst.dat
[2006/12/20 21:46:00 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/20 21:46:00 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/20 12:09:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/10/12 10:07:47 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/20 22:26:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/07 21:15:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/18 11:52:31 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/04/13 14:52:51 | 00,213,504 | ---- | C] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/13 09:22:09 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/13 09:22:09 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/04/10 04:58:17 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/10 04:58:17 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/10 04:58:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/10 04:58:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/10 04:58:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/10 04:58:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/10 04:42:35 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 18:44:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2007/01/22 16:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2005/04/10 05:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/22 18:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTIReg
[2006/10/26 23:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pronto
[2010/01/17 10:16:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/02/21 20:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/10 09:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/04/13 15:07:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Aim
[2008/05/18 07:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Blackberry Desktop
[2008/02/17 11:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Diploma
[2009/12/06 10:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\EuroTalk
[2009/08/10 03:28:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\FileZilla
[2006/11/01 06:42:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\HotSync
[2006/06/09 12:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\InterVideo
[2006/05/07 21:16:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Leadertech
[2010/01/29 17:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\LimeWire
[2008/05/18 07:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Research In Motion
[2007/02/21 20:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Template
[2007/02/21 20:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Viewpoint
[2008/09/07 09:40:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Watchtower
[2010/01/24 17:00:00 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/01/28 16:47:26 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/01/24 04:53:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========

< End of report >

**the1dbg** · 2010-01-30, 01:06

Here is the extras log.

OTL Extras logfile created on: 1/29/2010 5:32:40 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 657.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 12.37 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISAIAH
Current User Name: Lori
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3644D09D-63D9-49A4-86DC-7858BB222804}" = EMTB, 9e - Skill Sheets
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{41537C62-D93A-4F21-BAB8-9C79CD96893F}" = EMTB, 9e - Assessments
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42EED331-936C-446E-9374-077F7B028518}" = Watchtower Library 2006 - English Edition
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A7A3701-3E93-4FBF-905C-BB1C55F7DF71}" = EMTB, 9e - Outlines
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{618F637A-5D4D-48F4-9679-D02F45BD4315}" = LS_HSI
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6EE4D1A7-38F2-4CC7-81BE-AC87D7E71C2D}" = SymNet
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{78DA97A9-37F2-41C5-858C-28F3F011753B}" = EMTB, 9e - PowerPoint
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = TIxx21
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A61B8757-A93C-4CDB-B090-1F41472CA8BA}" = EMTB, 9e - End of Chapter Answers
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 2.0
"Applian FLV Player2.0.23" = Applian FLV Player
"BlackBerry_{75D6745B-2239-4182-A31F-F95CEBB35099}" = BlackBerry Desktop Software 4.2.2
"BREE5" = Brownstone Equation Editor 5
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3080103C" = Soft Data Fax Modem with SmartCP
"CompanionWizard" = Companion wizard
"Conexant PCI Audio" = Conexant AC-Link Audio
"Corel Applications" = Corel Applications
"EuroTalk Talk Now Multi-Language" = EuroTalk Talk Now Multi-Language
"Exam" = Exam
"FileZilla Client" = FileZilla Client 3.2.6.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{8E50332B-772C-4AEA-BF56-94DE6A1D5F10}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"InstallShield_{A4DB0F6C-851E-44E3-82EF-40D1C215A5FD}" = Maxtor Encryption
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InterActual Player" = InterActual Player
"KS Alg for Col Students 8e" = KS Alg for Col Students 8e
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNINST" = MSN
"Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Osceola Library System Player_is1" = PermissionTV Osceola Library System Player 3.15
"PCFriendly" = PCFriendly
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"RegCure" = RegCure
"SearchEnhancer" = Search Enhancer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TestGen" = TestGen
"The Weather Channel Desktop" = The Weather Channel Desktop
"VideoCompressionCodec" = VideoCompressionCodec 10.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"ViewpointSearchBarV35" = Viewpoint Toolbar V35 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2010 9:14:56 PM | Computer Name = ISAIAH | Source = SENS | ID = 0
Description =

Error - 1/28/2010 9:21:21 PM | Computer Name = ISAIAH | Source = SENS | ID = 0
Description =

Error - 1/28/2010 9:25:01 PM | Computer Name = ISAIAH | Source = Application Error | ID = 1000
Description = Faulting application maxmenumgr.exe, version 1.0.1.12, faulting module
maxmenumgr.exe, version 1.0.1.12, fault address 0x00002f85.

Error - 1/29/2010 6:31:25 PM | Computer Name = ISAIAH | Source = SENS | ID = 0
Description =

Error - 1/29/2010 6:34:23 PM | Computer Name = ISAIAH | Source = Application Error | ID = 1000
Description = Faulting application maxmenumgr.exe, version 1.0.1.12, faulting module
maxmenumgr.exe, version 1.0.1.12, fault address 0x00002f85.

[ System Events ]
Error - 1/29/2010 6:37:02 PM | Computer Name = ISAIAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 1/29/2010 6:37:04 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Norton Protection Center
Service service to connect.

Error - 1/29/2010 6:37:07 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147952507 (0x8007277B).

Error - 1/29/2010 6:37:16 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7024
Description = The Remote Access Connection Manager service terminated with service-specific
error 3221356592 (0xC0020030).

Error - 1/29/2010 6:37:33 PM | Computer Name = ISAIAH | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 1/29/2010 6:37:38 PM | Computer Name = ISAIAH | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service NSCService
with arguments "" in order to run the server: {09B7ADDC-8BF0-409B-8571-43E8EA2AAFA3}

Error - 1/29/2010 6:37:39 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Norton Protection Center
Service service to connect.

Error - 1/29/2010 6:37:50 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7024
Description = The Remote Access Connection Manager service terminated with service-specific
error 3221356592 (0xC0020030).

Error - 1/29/2010 6:40:31 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7024
Description = The Remote Access Connection Manager service terminated with service-specific
error 3221356592 (0xC0020030).

Error - 1/29/2010 7:11:25 PM | Computer Name = ISAIAH | Source = Service Control Manager | ID = 7024
Description = The Remote Access Connection Manager service terminated with service-specific
error 3221356592 (0xC0020030).

< End of report >

**ken545** · 2010-01-30, 05:55

Hi,

Not sure why but a lot came back, run this script into OTL

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)


:Files
C:\WINDOWS\System32\10638.exe
C:\WINDOWS\System32\22704.exe
C:\WINDOWS\System32\12513.exe
C:\WINDOWS\System32\952.exe
C:\WINDOWS\System32\23910.exe
C:\WINDOWS\System32\1159.exe
C:\WINDOWS\System32\11224.exe
C:\WINDOWS\System32\18208.exe
C:\WINDOWS\System32\15387.exe
C:\WINDOWS\System32\18541.exe
C:\WINDOWS\System32\31239.exe
C:\WINDOWS\System32\14560.exe
C:\WINDOWS\System32\29924.exe
C:\WINDOWS\System32\20256.exe
C:\WINDOWS\System32\15104.exe
C:\WINDOWS\System32\4098.exe
C:\WINDOWS\System32\8077.exe
C:\WINDOWS\System32\2496.exe
C:\WINDOWS\System32\13834.exe
C:\WINDOWS\System32\24234.exe
C:\WINDOWS\System32\23004.exe
C:\WINDOWS\System32\30663.exe
C:\WINDOWS\System32\6645.exe
C:\WINDOWS\System32\25122.exe
C:\WINDOWS\System32\10120.exe
C:\WINDOWS\System32\16818.exe
C:\WINDOWS\System32\17470.exe
C:\WINDOWS\System32\31525.exe
C:\WINDOWS\System32\28534.exe
C:\WINDOWS\System32\18928.exe
C:\WINDOWS\System32\2918.exe
C:\WINDOWS\System32\31343.exe
C:\WINDOWS\System32\12858.exe
C:\WINDOWS\System32\25820.exe
C:\WINDOWS\System32\32468.exe
C:\WINDOWS\System32\9572.exe
C:\WINDOWS\System32\12387.exe
C:\WINDOWS\System32\32128.exe
C:\WINDOWS\System32\12903.exe
C:\WINDOWS\System32\21196.exe
C:\WINDOWS\System32\24042.exe
C:\WINDOWS\System32\18537.exe
C:\WINDOWS\System32\1548.exe
C:\WINDOWS\System32\8737.exe
C:\WINDOWS\System32\32294.exe
C:\WINDOWS\System32\28208.exe
C:\WINDOWS\System32\28423.exe
C:\WINDOWS\System32\177.exe
C:\WINDOWS\System32\6051.exe
C:\WINDOWS\System32\482.exe
C:\WINDOWS\System32\22737.exe
C:\WINDOWS\System32\25787.exe
C:\WINDOWS\System32\25841.exe
C:\WINDOWS\System32\7562.exe
C:\WINDOWS\System32\27530.exe
C:\WINDOWS\System32\28823.exe
C:\WINDOWS\System32\28226.exe
C:\WINDOWS\System32\16123.exe
C:\WINDOWS\System32\26557.exe
C:\WINDOWS\System32\25641.exe
C:\WINDOWS\System32\24134.exe
C:\WINDOWS\System32\4321.exe
C:\WINDOWS\System32\13141.exe
C:\WINDOWS\System32\10374.exe
C:\WINDOWS\System32\20037.exe
C:\WINDOWS\System32\3081.exe
C:\WINDOWS\System32\29662.exe
C:\WINDOWS\System32\487.exe
C:\WINDOWS\System32\1405.exe
C:\WINDOWS\System32\7407.exe
C:\WINDOWS\System32\20990.exe
C:\WINDOWS\System32\13261.exe
C:\WINDOWS\System32\26556.exe
C:\WINDOWS\System32\14727.exe
C:\WINDOWS\System32\16949.exe
C:\WINDOWS\System32\9076.exe
C:\WINDOWS\System32\3904.exe
C:\WINDOWS\System32\4943.exe
C:\WINDOWS\System32\28371.exe
C:\WINDOWS\System32\17531.exe
C:\WINDOWS\System32\19917.exe
C:\WINDOWS\System32\20884.exe
C:\WINDOWS\System32\7993.exe
C:\WINDOWS\System32\23507.exe
C:\WINDOWS\System32\4366.exe
C:\WINDOWS\System32\6591.exe
C:\WINDOWS\System32\30034.exe
C:\WINDOWS\System32\27166.exe
C:\WINDOWS\System32\9266.exe
C:\WINDOWS\System32\20979.exe
C:\WINDOWS\System32\6237.exe
C:\WINDOWS\System32\1354.exe
C:\WINDOWS\System32\17392.exe
C:\WINDOWS\System32\6562.exe
C:\WINDOWS\System32\9193.exe
C:\WINDOWS\System32\8971.exe
C:\WINDOWS\System32\19033.exe
C:\WINDOWS\System32\8341.exe
C:\WINDOWS\System32\1730.exe
C:\WINDOWS\System32\16483.exe
C:\WINDOWS\System32\3561.exe
C:\WINDOWS\System32\12512.exe
C:\WINDOWS\System32\21500.exe
C:\WINDOWS\System32\32530.exe
C:\WINDOWS\System32\21764.exe
C:\WINDOWS\System32\7973.exe
C:\WINDOWS\System32\28449.exe
C:\WINDOWS\System32\10638.exe
C:\WINDOWS\System32\22704.exe
C:\WINDOWS\System32\28449.exe
C:\WINDOWS\System32\warning.html
C:\WINDOWS\System32\10638.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

**the1dbg** · 2010-01-31, 02:04

Here is the OTL log and the reboot log just in case.

OTL logfile created on: 1/30/2010 7:21:31 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Lori\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 596.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 35.89 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.72 Gb Total Space | 1.04 Gb Free Space | 27.83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISAIAH
Current User Name: Lori
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\PROGRA~1\PERMIS~1\bin\dm.exe (PermissionTV)
PRC - C:\Program Files\PermissionTV\bin\dmtray.exe (PermissionTV)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
PRC - C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
PRC - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Lori\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\NewTech Infosystems\Backup Now EZ\Pehook.dll (NewTech Infosystems, Inc.)
MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Symantec Shared\CCL40.DLL (Symantec Corporation)
MOD - C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll (Symantec Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (NTI BackupNowEZSvr) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (NewTech Infosystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (PermissionTVDownloadManager) -- C:\PROGRA~1\PERMIS~1\bin\dm.exe (PermissionTV)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (NSCService) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe ()
SRV - (NTService1) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe ( )
SRV - (comHost) -- C:\Program Files\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2005/04/10 03:02:35 | 00,000,000 | ---D | M]
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (hpqwmi) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt [2010/01/30 16:26:56 | 00,000,000 | ---D | M]
DRV - (USBAAPL) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Secdrv) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (NAVEX15) -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061224.008\NavEx15.Sys (Symantec Corporation)
DRV - (NAVENG) -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061224.008\NAVENG.Sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061215.005\symidsco.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\System32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (MXOPSWD) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys (Maxtor Corp.)
DRV - (tifm21) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (ialm) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (CAMCHALA) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CAMCAUD) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (BTKRNL) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (mdmxsdk) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (eabusb) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (SMNDIS5) -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS (Smith Micro Software, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/24 18:20:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/24 18:15:31 | 00,000,000 | ---D | M]

[2009/11/24 18:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Mozilla\Extensions
[2009/11/24 18:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\f6l8y3gn.default\extensions
[2009/11/24 18:15:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/12/25 01:56:49 | 00,000,713 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Lori\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Lori\Start Menu\Programs\Startup\Osceola Library System Tray App.lnk = C:\Program Files\PermissionTV\bin\dmtray.exe (PermissionTV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1148348000343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab (IWinAmpActiveX Class)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 () - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/05 12:47:28 | 00,000,301 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell - "" = AutoRun
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a53d34a-43a3-11de-924f-00163622f0ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cd6aae9-3305-11dd-91ae-00163622f0ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{cacbb651-06b9-11df-9a7a-00163622f0ad}\Shell\AutoRun\command - "" = restore\restorestarter.exe
O33 - MountPoints2\{d3b35806-979c-11db-9160-00163622f0ad}\Shell\AutoRun\command - "" = E:\Launch.exe -- File not found
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\AutoRun\command - "" = click/jack.exe
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\explore\command - "" = click/jack.exe
O33 - MountPoints2\{f1c5977b-0a02-11df-8e46-00163622f0ad}\Shell\open\command - "" = click/jack.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.e) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 20:01:45 | 00,000,000 | ---D | C] -- C:\Avenger
[2010/01/28 17:04:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Application Data\Malwarebytes
[2010/01/28 17:03:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/28 17:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/28 17:02:08 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/28 17:01:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 16:43:18 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/28 16:42:15 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2010/01/25 18:06:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/22 18:52:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NTIReg
[2010/01/22 14:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\Copy of EmergencyResponseTerrorismStAugustine_files
[2010/01/22 14:43:18 | 00,014,464 | ---- | C] (NewTech Infosystems, Inc.) -- C:\WINDOWS\System32\drivers\NTIDrvr.sys
[2010/01/22 14:43:16 | 00,013,440 | ---- | C] (NewTech Infosystems Corporation) -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Xp_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\w2k_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_x86
[2010/01/22 14:42:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_ia64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\Vista_amd64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_x86
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_ia64
[2010/01/22 14:42:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti\2003_amd64
[2010/01/22 14:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\nti
[2010/01/22 14:42:34 | 00,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems
[2010/01/17 15:56:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/01/17 10:16:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/17 10:16:26 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/01/12 19:37:11 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/10 04:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\rti
[2010/01/10 04:49:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\usbfiles
[2010/01/10 04:47:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Lori\Desktop\southafrica
[2009/03/16 22:42:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/27 21:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/08 10:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2005/04/10 04:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/04/10 03:02:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/04/10 03:02:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[28 C:\Documents and Settings\Lori\Desktop\*.tmp files -> C:\Documents and Settings\Lori\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/30 16:26:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 16:26:39 | 10,637,68064 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/30 16:18:44 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Lori\NTUSER.DAT
[2010/01/30 16:18:44 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Lori\ntuser.ini
[2010/01/29 17:47:46 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/01/28 17:04:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/28 16:47:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 16:47:26 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/28 16:28:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 16:16:46 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lori\Desktop\OTL.exe
[2010/01/25 18:06:59 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\HijackThis.lnk
[2010/01/24 17:00:00 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/24 10:22:40 | 00,213,504 | ---- | M] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 04:53:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/22 14:42:55 | 00,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/01/17 15:57:49 | 00,000,001 | ---- | M] () -- C:\s
[2010/01/17 11:01:52 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/17 10:16:29 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/14 21:35:50 | 01,580,390 | -H-- | M] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\IconCache.db
[2010/01/13 09:58:55 | 42,567,027 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Master_Reader_The_Work_s.wma
[2010/01/12 13:30:05 | 00,317,555 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\RTI Catalog Version 10-2 20108.pdf
[2010/01/10 04:33:49 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Lori\Desktop\Watchtower Library 2009 - English.lnk
[2010/01/09 20:21:54 | 00,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - BeBo.job
[2010/01/09 20:08:24 | 00,009,494 | ---- | M] () -- C:\Documents and Settings\Lori\My Documents\3 card Template PALS.tif
[2010/01/08 18:16:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[28 C:\Documents and Settings\Lori\Desktop\*.tmp files -> C:\Documents and Settings\Lori\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/28 17:04:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/25 18:06:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\HijackThis.lnk
[2010/01/22 14:42:55 | 00,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Backup Now EZ.lnk
[2010/01/17 15:57:49 | 00,000,001 | ---- | C] () -- C:\s
[2010/01/17 10:16:40 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/01/17 10:16:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/01/17 10:16:34 | 00,000,370 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/01/17 10:16:29 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/01/13 09:58:52 | 42,567,027 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Master_Reader_The_Work_s.wma
[2010/01/12 13:29:56 | 00,317,555 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\RTI Catalog Version 10-2 20108.pdf
[2010/01/10 04:33:49 | 00,000,951 | ---- | C] () -- C:\Documents and Settings\Lori\Desktop\Watchtower Library 2009 - English.lnk
[2010/01/09 20:08:23 | 00,009,494 | ---- | C] () -- C:\Documents and Settings\Lori\My Documents\3 card Template PALS.tif
[2009/08/04 12:10:43 | 00,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009/07/29 17:10:06 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/16 19:34:09 | 00,000,063 | ---- | C] () -- C:\WINDOWS\vpg_bcsb.ini
[2008/05/19 02:02:46 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/17 11:35:25 | 00,594,024 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2008/02/17 11:35:23 | 00,589,960 | ---- | C] () -- C:\WINDOWS\System32\brgrt.dll
[2007/11/21 19:37:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\$_hpcst$.hpc
[2007/04/05 06:56:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/21 20:32:18 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Lori\Application Data\wklnhst.dat
[2006/12/20 21:46:00 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/20 21:46:00 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/20 12:09:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2006/10/12 10:07:47 | 00,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/20 22:26:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/05/07 21:15:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/18 11:52:31 | 00,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/04/13 14:52:51 | 00,213,504 | ---- | C] () -- C:\Documents and Settings\Lori\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/13 09:22:09 | 00,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/13 09:22:09 | 00,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/04/10 04:58:17 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/10 04:58:17 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/10 04:58:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/10 04:58:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/10 04:58:16 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/10 04:58:16 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/10 04:42:35 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/29 18:44:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/07 08:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
< End of report >

All processes killed
========== OTL ==========
Process Explorer.EXE killed successfully!
========== FILES ==========
C:\WINDOWS\System32\10638.exe moved successfully.
C:\WINDOWS\System32\22704.exe moved successfully.
C:\WINDOWS\System32\12513.exe moved successfully.
C:\WINDOWS\System32\952.exe moved successfully.
C:\WINDOWS\System32\23910.exe moved successfully.
C:\WINDOWS\System32\1159.exe moved successfully.
C:\WINDOWS\System32\11224.exe moved successfully.
C:\WINDOWS\System32\18208.exe moved successfully.
C:\WINDOWS\System32\15387.exe moved successfully.
C:\WINDOWS\System32\18541.exe moved successfully.
C:\WINDOWS\System32\31239.exe moved successfully.
C:\WINDOWS\System32\14560.exe moved successfully.
C:\WINDOWS\System32\29924.exe moved successfully.
C:\WINDOWS\System32\20256.exe moved successfully.
C:\WINDOWS\System32\15104.exe moved successfully.
C:\WINDOWS\System32\4098.exe moved successfully.
C:\WINDOWS\System32\8077.exe moved successfully.
C:\WINDOWS\System32\2496.exe moved successfully.
C:\WINDOWS\System32\13834.exe moved successfully.
C:\WINDOWS\System32\24234.exe moved successfully.
C:\WINDOWS\System32\23004.exe moved successfully.
C:\WINDOWS\System32\30663.exe moved successfully.
C:\WINDOWS\System32\6645.exe moved successfully.
C:\WINDOWS\System32\25122.exe moved successfully.
C:\WINDOWS\System32\10120.exe moved successfully.
C:\WINDOWS\System32\16818.exe moved successfully.
C:\WINDOWS\System32\17470.exe moved successfully.
C:\WINDOWS\System32\31525.exe moved successfully.
C:\WINDOWS\System32\28534.exe moved successfully.
C:\WINDOWS\System32\18928.exe moved successfully.
C:\WINDOWS\System32\2918.exe moved successfully.
C:\WINDOWS\System32\31343.exe moved successfully.
C:\WINDOWS\System32\12858.exe moved successfully.
C:\WINDOWS\System32\25820.exe moved successfully.
C:\WINDOWS\System32\32468.exe moved successfully.
C:\WINDOWS\System32\9572.exe moved successfully.
C:\WINDOWS\System32\12387.exe moved successfully.
C:\WINDOWS\System32\32128.exe moved successfully.
C:\WINDOWS\System32\12903.exe moved successfully.
C:\WINDOWS\System32\21196.exe moved successfully.
C:\WINDOWS\System32\24042.exe moved successfully.
C:\WINDOWS\System32\18537.exe moved successfully.
C:\WINDOWS\System32\1548.exe moved successfully.
C:\WINDOWS\System32\8737.exe moved successfully.
C:\WINDOWS\System32\32294.exe moved successfully.
C:\WINDOWS\System32\28208.exe moved successfully.
C:\WINDOWS\System32\28423.exe moved successfully.
C:\WINDOWS\System32\177.exe moved successfully.
C:\WINDOWS\System32\6051.exe moved successfully.
C:\WINDOWS\System32\482.exe moved successfully.
C:\WINDOWS\System32\22737.exe moved successfully.
C:\WINDOWS\System32\25787.exe moved successfully.
C:\WINDOWS\System32\25841.exe moved successfully.
C:\WINDOWS\System32\7562.exe moved successfully.
C:\WINDOWS\System32\27530.exe moved successfully.
C:\WINDOWS\System32\28823.exe moved successfully.
C:\WINDOWS\System32\28226.exe moved successfully.
C:\WINDOWS\System32\16123.exe moved successfully.
C:\WINDOWS\System32\26557.exe moved successfully.
C:\WINDOWS\System32\25641.exe moved successfully.
C:\WINDOWS\System32\24134.exe moved successfully.
C:\WINDOWS\System32\4321.exe moved successfully.
C:\WINDOWS\System32\13141.exe moved successfully.
C:\WINDOWS\System32\10374.exe moved successfully.
C:\WINDOWS\System32\20037.exe moved successfully.
C:\WINDOWS\System32\3081.exe moved successfully.
C:\WINDOWS\System32\29662.exe moved successfully.
C:\WINDOWS\System32\487.exe moved successfully.
C:\WINDOWS\System32\1405.exe moved successfully.
C:\WINDOWS\System32\7407.exe moved successfully.
C:\WINDOWS\System32\20990.exe moved successfully.
C:\WINDOWS\System32\13261.exe moved successfully.
C:\WINDOWS\System32\26556.exe moved successfully.
C:\WINDOWS\System32\14727.exe moved successfully.
C:\WINDOWS\System32\16949.exe moved successfully.
C:\WINDOWS\System32\9076.exe moved successfully.
C:\WINDOWS\System32\3904.exe moved successfully.
C:\WINDOWS\System32\4943.exe moved successfully.
C:\WINDOWS\System32\28371.exe moved successfully.
C:\WINDOWS\System32\17531.exe moved successfully.
C:\WINDOWS\System32\19917.exe moved successfully.
C:\WINDOWS\System32\20884.exe moved successfully.
C:\WINDOWS\System32\7993.exe moved successfully.
C:\WINDOWS\System32\23507.exe moved successfully.
C:\WINDOWS\System32\4366.exe moved successfully.
C:\WINDOWS\System32\6591.exe moved successfully.
C:\WINDOWS\System32\30034.exe moved successfully.
C:\WINDOWS\System32\27166.exe moved successfully.
C:\WINDOWS\System32\9266.exe moved successfully.
C:\WINDOWS\System32\20979.exe moved successfully.
C:\WINDOWS\System32\6237.exe moved successfully.
C:\WINDOWS\System32\1354.exe moved successfully.
C:\WINDOWS\System32\17392.exe moved successfully.
C:\WINDOWS\System32\6562.exe moved successfully.
C:\WINDOWS\System32\9193.exe moved successfully.
C:\WINDOWS\System32\8971.exe moved successfully.
C:\WINDOWS\System32\19033.exe moved successfully.
C:\WINDOWS\System32\8341.exe moved successfully.
C:\WINDOWS\System32\1730.exe moved successfully.
C:\WINDOWS\System32\16483.exe moved successfully.
C:\WINDOWS\System32\3561.exe moved successfully.
C:\WINDOWS\System32\12512.exe moved successfully.
C:\WINDOWS\System32\21500.exe moved successfully.
C:\WINDOWS\System32\32530.exe moved successfully.
C:\WINDOWS\System32\21764.exe moved successfully.
C:\WINDOWS\System32\7973.exe moved successfully.
C:\WINDOWS\System32\28449.exe moved successfully.
File\Folder C:\WINDOWS\System32\10638.exe not found.
File\Folder C:\WINDOWS\System32\22704.exe not found.
File\Folder C:\WINDOWS\System32\28449.exe not found.
C:\WINDOWS\System32\warning.html moved successfully.
File\Folder C:\WINDOWS\System32\10638.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BeBo

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 14467212 bytes
->Temporary Internet Files folder emptied: 165784271 bytes
->FireFox cache emptied: 68371925 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Lori
->Temp folder emptied: 24956220971 bytes
->Temporary Internet Files folder emptied: 10981385 bytes
->Java cache emptied: 1919997 bytes
->FireFox cache emptied: 5511376 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2504398 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11501931 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 346700 bytes

Total Files Cleaned = 24,069.00 mb

OTL by OldTimer - Version 3.1.27.0 log created on 01302010_154308

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\WY26PQN9\dref=http%253A%252F%252Fbl107w.blu107[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000003%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1479599177 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\WY26PQN9\dref=http%253A%252F%252Fsn106w.snt106[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1760773342 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\WY26PQN9\dref=http%253A%252F%252Fsn106w.snt106[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D991287468 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\click,AAAAAD0wBACBZwkA2BMDAAIAAkwAAP8AAAACFAIABgKMrgEAErgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE29gkcAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D12gkkp85p%2FM%3D619213[1].htm not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\dref=http%253A%252F%252Fbl107w.blu107[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D1687292520 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\dref=http%253A%252F%252Fby117w.bay117.mail.live[1].480Z%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526Page%253D3%2526pks%253D2%2526n%253D1524128451 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\dref=http%253A%252F%252Fsn106w.snt106[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D991287468 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\dref=http%253A%252F%252Fwww[1].com%252Flog_feature%252Flisting_category%252Fsearch%252FReplay%252F%253Fsearch_id%253D20091350570503544700%2526view%253D%2526listing_category%253DB not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNGD89CT\search;_ylc=X3oDMTRhcXRtdTN1BEFjdGlvbgNCYXNpYyBzZWFyY2gESW50bAN1cwRMbmtUeXADUmVndWxhcgRQYXJ0VHlwZQNZYWhvbyEEU3JjaEN1cnIDbWVzc2FnZQRTcmNoRGVzdANtZXNzYWdlBF9RdWVyeUlkAzE4MTUzM[1].htm not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\OAZZ21H1\%3A!fcHandoff%2CSW2%3A!fcHandoff%2CSW3%3A!fcHandoff%26f%3D150550574%26p%3Dmail_candygram%26id%3D4%26cbk%3DfcLoaded%26bg%3Dtransparent%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%2&r=0 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\OAZZ21H1\ID%253D00000000-0000-0000-0000-000000000003%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526ReadMessageId%253Df7d765ae-bebb-4934-9176-267ace5bd77d%2526n%253D2145369974 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RMPQ721\40115787,80103792,00105064,60073164,10104323,30074551,40103435,80077566,00090369,97322800,00086923,30125697,20011413,70103491,30103737,00115789,20073298,10103719,30105294,10[1].xml not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RMPQ721\dref=http%253A%252F%252Fby117w.bay117[1].aspx%253FFolderID%253D00000000-0000-0000-0000-000000000001%2526InboxSortAscending%253DFalse%2526InboxSortBy%253DDate%2526n%253D967946005 not found!
File\Folder C:\Documents and Settings\Lori\Local Settings\Temp\Temporary Internet Files\Content.IE5\0RMPQ721\ShowLetter;_ylc=X3oDMTUyNjcydGFmBEFjdGlvbgNWaWV3IG1lc3NhZ2UESW50bAN1cwRMbmtUeXADUmVndWxhcgRQYXJ0VHlwZQNZYWhvbyEEUmVzUG9zQQMwBFJlc1Bvc1IDMARTcmNoQ3VycgNtZXNzYWdlBFNyY2hEZXN0A[1].htm not found!

Registry entries deleted on Reboot...

**ken545** · 2010-01-31, 02:59

Great,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**the1dbg** · 2010-01-31, 17:17

I tried to connect to the internet via hard line and wirless but for some reason it would not work. When combofix started it said this - "Error- Win32 only" then Incompatible OS. Combofix only works for workstations with Windows 2000 and XP.
It continued and I had to disable Norton a second time. I see in the log that I do not have Windows Recovery. How do I get it? Here are the combofix log and HJT log.

Thank you

ComboFix 10-01-30.05 - Lori 01/31/2010 9:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.724 [GMT -5:00]
Running from: c:\documents and settings\Lori\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Companion Wizard
c:\program files\Common Files\companion wizard\log.txt
c:\program files\videocompressioncodec
c:\program files\videocompressioncodec\ot.ico
c:\program files\videocompressioncodec\ts.ico
c:\program files\videocompressioncodec\uninst.exe
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3288127050-197847358-126776011-1003
C:\s
c:\windows\EventSystem.log
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\SmartShopper
c:\windows\system32\SmartShopper\js.dll
c:\windows\system32\SmartShopper\msvcr71d.dll
c:\windows\system32\SmartShopper\SmARtshopper.dll
c:\windows\system32\SmartShopper\uninstallSE.exe
c:\windows\system32\twain_32.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-31 )))))))))))))))))))))))))))))))
.

2010-01-31 14:50 . 2010-01-31 14:50 -------- d-----w- c:\windows\LastGood.Tmp
2010-01-28 22:04 . 2010-01-28 22:04 -------- d-----w- c:\documents and settings\Lori\Application Data\Malwarebytes
2010-01-28 22:03 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 22:02 . 2010-01-28 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 22:02 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 22:01 . 2010-01-28 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 21:43 . 2010-01-28 21:43 -------- d-----w- C:\_OTL
2010-01-25 23:06 . 2010-01-25 23:06 -------- d-----w- c:\program files\Trend Micro
2010-01-22 23:52 . 2010-01-22 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NTIReg
2010-01-22 19:43 . 2009-05-05 21:46 14464 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-01-22 19:43 . 2009-05-05 21:46 13440 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2010-01-22 19:42 . 2010-01-22 19:42 -------- d-----w- c:\windows\system32\drivers\nti
2010-01-22 19:42 . 2010-01-22 19:42 -------- d-----w- c:\program files\NewTech Infosystems
2010-01-17 15:16 . 2010-01-17 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-17 15:16 . 2010-01-17 15:38 -------- d-----w- c:\program files\RegCure
2010-01-13 00:37 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 15:02 . 2005-04-10 10:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-30 21:36 . 2009-01-10 00:24 -------- d-----w- c:\documents and settings\Lori\Application Data\LimeWire
2010-01-30 20:25 . 2007-06-22 20:07 -------- d-----w- c:\documents and settings\Lori\Application Data\U3
2010-01-29 22:47 . 2008-05-18 12:48 256 ----a-w- c:\windows\system32\pool.bin
2010-01-22 19:43 . 2005-04-10 09:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 13:07 . 2009-07-29 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-10 09:57 . 2006-04-18 16:49 -------- d-----w- c:\program files\Watchtower
2009-12-22 05:21 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 08:05 . 2006-05-08 02:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-06 15:16 . 2009-12-06 15:16 -------- d-----w- c:\documents and settings\Lori\Application Data\EuroTalk
2009-12-06 15:16 . 2009-12-06 15:16 -------- d-----w- c:\program files\EuroTalk
2009-11-24 23:20 . 2009-11-24 23:20 0 ----a-w- c:\windows\nsreg.dat
2009-11-21 15:51 . 2004-08-04 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-07-30 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 53408]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-01 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]

c:\documents and settings\Lori\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Osceola Library System Tray App.lnk - c:\program files\PermissionTV\bin\dmtray.exe [2009-11-9 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 569405]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-3-28 1283608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\PERMIS~1\bin\dm.exe [11/9/2009 10:38 AM 213053]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [12/11/2006 1:51 PM 102712]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 7:04 AM 45312]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-10 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - BeBo.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-09-24 05:03]

2010-01-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-28 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-01-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Lori\Application Data\Mozilla\Firefox\Profiles\f6l8y3gn.default\
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
SafeBoot-svcWRSSSDK
AddRemove-CompanionWizard - c:\program files\Common Files\Companion Wizard\compwiz.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?0?0?8??????? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3904)
c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\wdfmgr.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
.
**************************************************************************
.
Completion time: 2010-01-31 10:16:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-31 15:15

Pre-Run: 38,342,770,688 bytes free
Post-Run: 38,349,803,520 bytes free

- - End Of File - - 9C4345481655FDBACF06FED57C1572F5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:06 AM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PermissionTV\bin\dmtray.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BackupNowEZtray] "C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Osceola Library System Tray App.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 17 missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148348000343
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 14270 bytes

Thread: Please Help with Virus

Thread Tools

Display

Please Help with Virus

Here are the logs

OTL Log files

Extras log

New OTL log

Combo Fix results

Posting Permissions