XP virus

S

stang10189

New member
i tried to follow the directions on posting the dds file but the computer wont even allow me online. it will goto my home page for 5 sec then the site switches to xp anti-spyware firewall alert saying "INTERNET explorer is infected w/ Trojan-bnk.win32-keylogger and shuts down IE. i had this virus on a diff comp a few years ago but not like this. i could still get on the net. thanks so much for your help
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

This is what you will need to do, you need to download these programs from a known clean computer and transfer them by disk to the infected one.

I need you to run RKill first, it wont remove the malware but will prevent it from running so we can run Malwarebytes



  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.



  • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

    Run rkill repeatedly until it's able to do it's job. This may take a few tries.

    You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.







Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6619

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 6:06:23 PM
mbam-log-2011-05-19 (18-06-23).txt

Scan type: Quick scan
Objects scanned: 239082
Time elapsed: 23 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\helen gannon\local settings\Temp\att-sst_installer\Setup\motiveclient\AXB.exe (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\helen gannon\local settings\application data\mga.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\helen gannon\local settings\application data\wkf.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\program files\shoppingreport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
 
:bigthumb:

Are you able to access the internet now ?

Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
 
.yes i have internet back thanks
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by GeneralManager at 13:49:55 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1039 [GMT -4:00]
.
AV: Cbeyond Secure Desktop 8.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Cbeyond Secure Desktop 8.00 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\FSGK32.EXE
C:\Program Files\Cbeyond Secure Desktop\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxeccoms.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FCH32.EXE
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FAMEH32.EXE
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsqh.exe
C:\Program Files\Iomega\REV System Software\RevUDF.exe
C:\Program Files\Iomega\REV System Software\ImIconXp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsguidll.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files\Cbeyond Secure Desktop\FWES\Program\fsdfwd.exe
C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\DOCUME~1\HELENG~1\LOCALS~1\Temp\bwgo00034c3d.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsav32.exe
C:\Documents and Settings\Helen Gannon\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=4V4Gjls64fFV_yjQ_x2NGqoJZcg
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IMC] c:\program files\friendfinder\friendfinder messenger 40\imc.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [cdloader] "c:\documents and settings\helen gannon\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DymoQuickPrint] "c:\program files\dymo\dymo label software\DymoQuickPrint.exe" /startup
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [F-Secure Manager] "c:\program files\cbeyond secure desktop\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\cbeyond secure desktop\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [3170 Scan2PC] "c:\windows\twain_32\samsung\clx3170\Scan2pc.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [lxecmon.exe] "c:\program files\lexmark pro800-pro900 series\lxecmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro800-pro900 series\ezprint.exe"
mRun: [Lexmark Pro800-Pro900 Series Fax Server] "c:\program files\lexmark pro800-pro900 series\fm3032.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ATT_WCC] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hp\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\cbeyond secure desktop\fsps\program\FSLSP.DLL
LSP: bmnet.dll
Trusted Zone: $talisma_url$
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {15772FF0-B907-4D98-B770-0000B63DB314} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://server/connectcomputer/nshelp.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {69D1E588-02F8-4C00-B311-5C581402C247} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182878848875
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.cab
DPF: {79C259BD-8024-4992-B445-2C52D3449214} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CAB
DPF: {7F293A61-0246-451E-B9AA-8CCAC7D06B63} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridge.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth nwprovau
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-1-14 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-1-22 80032]
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [2007-4-17 25344]
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [2007-1-5 30968]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\cbeyond secure desktop\hips\drivers\fshs.sys [2010-1-14 67808]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\cbeyond secure desktop\anti-virus\fsgk32st.exe [2009-1-22 215648]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-4-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-5 47640]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-29 88176]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-6-12 80384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\cbeyond secure desktop\anti-virus\minifilter\fsgk.sys [2009-1-22 124072]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\cbeyond secure desktop\orsp client\fsorsp.exe [2010-1-14 55904]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2010-2-19 12032]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2010-2-19 39424]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 gupdate1ca1a1a448c55c0;Google Update Service (gupdate1ca1a1a448c55c0);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [2010-4-20 98984]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 CXFALCON;TD3101_3104 Video/Audio Card;c:\windows\system32\drivers\TD3101_3104AV.sys [2009-7-30 78592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-2 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-2 174592]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\cbeyond secure desktop\anti-virus\win2k\fsfilter.sys [2009-1-22 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\cbeyond secure desktop\anti-virus\win2k\fsrec.sys [2009-1-22 25184]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-05-19 21:34:52 -------- d-----w- c:\documents and settings\helen gannon\application data\Malwarebytes
2011-05-19 21:34:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 21:34:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-19 21:34:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 21:34:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\helen gannon\local settings\application data\hmv.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\helen gannon\local settings\application data\dvl.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\helen gannon\local settings\application data\bhk.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\helen gannon\local settings\application data\baf.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\all users\application data\vwv.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\all users\application data\qio.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\all users\application data\njo.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\all users\application data\jdd.exe
2011-05-15 18:11:11 0 --sha-w- c:\documents and settings\all users\application data\bhx.exe
.
==================== Find3M ====================
.
2011-05-20 17:47:23 256 ----a-w- c:\documents and settings\helen gannon\pool.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 11:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 13:52:46.90 ===============
 
Hi,

Is this a company computer ?

The malware removal forum is set up to help those in need of assistance with their personal computers. This service is free and provided by volunteer analysts.

When the infection is on a server/company/business machine or in the workplace.

The intention of this forum is not to replace a company's IT department or a private business specialist, helpers cannot anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

Other considerations:

  • Company information may show in the logs.
  • More than one machine could be at stake, possibly even the server.
  • If sensitive material has been compromised by an infection, the company could be held liable.
To prevent possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected. If you are a corporation, small business or institution and neither are available please consider calling in a local technician who can see the machine/network in person.

It's not that we don't want to help, but there are too many issues that could arise from a networked company machine that malware forum volunteers are not experienced in dealing with.

Thank you for your understanding.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Corporate, Government, Small Business or Institutional

Spybot S&D Corporate-Small Business Editions

Please contact our office support so they may provide direct assistance for your needs. :)

Thank you.

-------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------
If you are a computer business removing malware for paying customers, please don't post the logs here as our volunteers are not here to support such.
Clients with infected PCs may be directed to this forum, open their own account and receive advice in the first person. :euro:
 
this is not a company computer. its my laptop i had used it at my work in the past but i no longer work there. it is nolonger used on a network i kept cybeon on there for virus protection but i dont think that even works anymore. i think i use the att virus protection now
 
Good Morning,

Are you able to access the internet now or do you still have problems ?

If you dont use your old company antivirus than its doing you no good and sucking up system resources so uninstall it via add remove programs in the control panel


Lets look a bit deeper into your system

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
OTL txt 1 of 2

OTL logfile created on: 5/21/2011 1:10:01 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Helen Gannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 24.06 Gb Free Space | 32.32% Space Free | Partition Type: NTFS

Computer Name: GENERALMANAGE01 | User Name: GeneralManager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Helen Gannon\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
PRC - C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
PRC - C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\WINDOWS\system32\lxeccoms.exe ( )
PRC - C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
PRC - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
PRC - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
PRC - C:\Program Files\Napster\napster.exe (Napster)
PRC - C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsqh.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\Documents and Settings\Helen Gannon\Local Settings\Temp\bwgo00034c3d.exe (BackWeb Technologies Inc. )
PRC - c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Iomega\REV System Software\ImIconXp.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\REV System Software\RevUDF.exe (Iomega Corp)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Helen Gannon\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - C:\WINDOWS\system32\wxvault.dll ()
MOD - C:\WINDOWS\system32\detoured.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe (Intuit, Inc.)
SRV - (lxec_device) -- C:\WINDOWS\System32\lxeccoms.exe ( )
SRV - (lxecCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe ()
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (NvtlService) -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FSORSPClient) -- C:\Program Files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Program Files\Cbeyond Secure Desktop\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files\Cbeyond Secure Desktop\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSAUA) -- C:\Program Files\Cbeyond Secure Desktop\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (RevUDFService) -- C:\Program Files\Iomega\REV System Software\RevUDF.exe (Iomega Corp)
SRV - (DataSvr2) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe ()
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (Bluetooth Hid Switch Service) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\minifilter\fsgk.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)
DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (NWUSBCDFIL) -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (Nmea) -- C:\WINDOWS\system32\drivers\pctnullport.sys (PCTEL Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (CXFALCON) -- C:\WINDOWS\system32\drivers\TD3101_3104AV.sys (TVT, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files\Cbeyond Secure Desktop\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\WINDOWS\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsrec.sys ()
DRV - (NWUSBPort2) -- C:\WINDOWS\system32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro)
DRV - (NETGEARUHOST) -- C:\WINDOWS\system32\drivers\NETGEARUHOST.sys (SerComm)
DRV - (NETGEARUHUB) -- C:\WINDOWS\system32\drivers\NETGEARUHUB.sys (SerComm)
DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)
DRV - (imdrvfsf) -- C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys (Iomega Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\TosRfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\TosRfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\pbadrv.sys (Dell Inc)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BCMTPM) -- C:\WINDOWS\system32\drivers\btpmw32.sys (Broadcom Corp.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (IABFilt) -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys (Iomega)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070329
IE - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/19 17:04:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [3170 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT_WCC] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DLSService] C:\Program Files\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Cbeyond Secure Desktop\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Cbeyond Secure Desktop\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Lexmark Pro800-Pro900 Series Fax Server] C:\Program Files\Lexmark Pro800-Pro900 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147..\Run: [DymoQuickPrint] C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.)
O4 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147..\Run: [IMC] File not found
O4 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147..\Run: [RIMDeviceManager] C:\Program Files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3491935585-1426459990-4268131185-1021\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O15 - HKLM\..Trusted Domains: care360.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: questdiagnostics.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..Trusted Domains: care360.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-4060964453-4198831217-3626650206-1147\..Trusted Domains: questdiagnostics.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {15772FF0-B907-4D98-B770-0000B63DB314} https://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB (VBPrinter.VBPrinterCtrl)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {69D1E588-02F8-4C00-B311-5C581402C247} https://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cab (DGXDPCtr Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182878848875 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} https://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.cab (BarCodeLabelActiveX.SpecimenLabels)
O16 - DPF: {79C259BD-8024-4992-B445-2C52D3449214} https://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CAB (Upgrader.Utility)
O16 - DPF: {7F293A61-0246-451E-B9AA-8CCAC7D06B63} https://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridge.CAB (ComboBridge.ComboBridgeComm)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SouthernCoatings.local
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ad0e1668-879f-11de-9c2e-001641dd84e2}\Shell - "" = AutoRun
O33 - MountPoints2\{ad0e1668-879f-11de-9c2e-001641dd84e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad0e1668-879f-11de-9c2e-001641dd84e2}\Shell\AutoRun\command - "" = E:\WIN\setup.exe
O33 - MountPoints2\{e589ec7a-d2bd-11dd-9ba0-001641dd84e2}\Shell\AutoRun\command - "" = E:\.\Vado\Vado.exe
O33 - MountPoints2\{f001b004-9ec8-11dc-9a85-00188bc393c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f001b004-9ec8-11dc-9a85-00188bc393c9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f001b004-9ec8-11dc-9a85-00188bc393c9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Helen Gannon\Desktop\CAK79JQU.
[2011/05/21 13:03:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Helen Gannon\Desktop\OTL.exe
[2011/05/20 13:49:40 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Helen Gannon\Desktop\dds.scr
[2011/05/19 17:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Helen Gannon\Application Data\Malwarebytes
[2011/05/19 17:34:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 17:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/19 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/19 17:34:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/19 17:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/20 11:32:03 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll
[2010/04/20 11:22:19 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll
[2010/04/20 11:22:18 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll
[2010/04/20 11:22:18 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll
[2010/04/20 11:22:18 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll
[2010/04/20 11:22:17 | 001,044,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll
[2010/04/20 11:22:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll
[2010/04/20 11:22:16 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll
[2010/04/20 11:22:15 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll
[2010/04/20 11:22:15 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecih.exe
[2010/04/20 11:22:13 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll
[2010/04/20 11:22:13 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoms.exe
[2010/04/20 11:22:13 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2010/04/20 11:22:12 | 000,369,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccfg.exe
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Helen Gannon\Desktop\CAK79JQU.
[2011/05/21 13:05:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/21 13:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Helen Gannon\Desktop\OTL.exe
[2011/05/21 07:36:04 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\AVG Test Center.job
[2011/05/21 06:10:24 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/05/21 05:05:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/20 18:55:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1249512835.job
[2011/05/20 18:23:59 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A3EEFA6B-F3B8-4FE4-AE97-5E2F6709A67B}.job
[2011/05/20 17:58:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/20 14:08:35 | 000,064,281 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/05/20 13:55:30 | 000,007,406 | ---- | M] () -- C:\Documents and Settings\Helen Gannon\Desktop\attach.zip
[2011/05/20 13:49:43 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Helen Gannon\Desktop\dds.scr
[2011/05/20 13:47:23 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Helen Gannon\pool.bin
[2011/05/20 13:47:10 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2011/05/20 13:45:58 | 000,074,117 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2011/05/20 13:44:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/19 18:12:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 18:08:47 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/05/19 17:34:48 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 16:59:25 | 000,015,550 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/19 16:59:24 | 000,015,550 | -HS- | M] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vwv.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qio.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\njo.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jdd.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\hmv.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\dvl.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bhx.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\bhk.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\baf.exe
[2011/05/10 08:37:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========
 
OTL txt 2 of 2

[2011/05/20 13:55:30 | 000,007,406 | ---- | C] () -- C:\Documents and Settings\Helen Gannon\Desktop\attach.zip
[2011/05/19 17:34:48 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/15 14:11:12 | 000,015,550 | -HS- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 14:11:12 | 000,015,550 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vwv.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qio.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\njo.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jdd.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\hmv.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\dvl.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bhx.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\bhk.exe
[2011/05/15 14:11:11 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\baf.exe
[2011/03/05 11:53:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2011/03/04 23:18:33 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\GkSui20.EXE
[2010/09/27 15:14:32 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/09/27 15:14:30 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/09/27 15:14:22 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/09/27 15:14:22 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/07/03 08:38:50 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/07/03 08:38:50 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2010/04/20 11:32:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll
[2010/04/20 11:31:37 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll
[2010/04/20 11:31:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll
[2010/04/20 11:31:33 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll
[2010/04/20 11:29:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXECPMON.DLL
[2010/04/20 11:29:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXECFXPU.DLL
[2010/04/20 11:28:53 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXECoem.dll
[2010/04/20 11:22:43 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini
[2010/04/20 11:22:19 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2010/04/20 11:22:16 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll
[2010/04/20 11:22:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll
[2010/04/20 11:22:15 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll
[2010/04/20 11:22:15 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll
[2010/04/20 11:22:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll
[2010/04/20 11:22:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll
[2010/04/20 11:22:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll
[2010/04/20 11:22:13 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll
[2010/04/20 11:09:23 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2010/04/20 11:09:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2010/03/02 13:07:41 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/19 13:26:27 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/02/19 13:10:56 | 000,000,200 | ---- | C] () -- C:\WINDOWS\OPLW.INI
[2010/01/17 15:24:31 | 000,111,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/14 15:15:34 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/11/08 19:36:28 | 000,001,398 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2009/11/08 19:36:28 | 000,000,629 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2009/10/16 16:03:04 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/25 12:58:53 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/06 17:22:46 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2009/08/31 15:13:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 13:28:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL
[2009/07/30 13:28:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL
[2009/07/30 13:28:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2009/07/30 13:28:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2009/07/30 13:28:31 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2009/07/29 19:45:37 | 000,011,159 | ---- | C] () -- C:\Documents and Settings\Helen Gannon\Application Data\SmarThruOptions.xml
[2009/07/29 19:45:14 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/07/29 19:45:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009/07/29 19:44:39 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/07/29 19:44:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/07/29 19:14:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\Wiainst.exe
[2009/07/29 19:14:38 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2009/07/29 19:14:38 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2009/07/29 19:14:38 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2009/07/29 19:14:38 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2009/07/29 19:14:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2009/07/29 19:10:33 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/07/29 18:56:07 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\sst1cl3.dll
[2009/04/25 16:04:06 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2009/04/25 16:03:58 | 000,427,520 | ---- | C] () -- C:\WINDOWS\System32\XPBurnObj.dll
[2009/04/25 16:03:58 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\axToolTip.dll
[2009/03/29 00:19:29 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/26 02:23:53 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2009/03/26 02:20:00 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009/03/14 17:21:20 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/06 21:51:04 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/10/15 11:58:34 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/08/02 07:46:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/06/26 09:53:10 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2007/06/26 09:53:10 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2007/06/26 09:52:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/04/21 14:33:25 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/21 14:33:25 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\731F6B9B3B.sys
[2007/04/07 17:32:26 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/06 14:02:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2007/04/06 12:28:22 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Helen Gannon\Local Settings\Application Data\fusioncache.dat
[2007/03/30 00:15:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/30 00:02:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/29 23:53:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/03/29 23:53:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2007/03/29 23:48:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/03/29 23:48:03 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/03/29 23:48:03 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/03/29 23:29:49 | 000,064,281 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/03/29 23:24:13 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/03/29 23:24:13 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/03/29 23:24:13 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/03/29 23:24:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/03/29 23:24:11 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/03/29 23:24:10 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/03/29 23:24:08 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/03/29 23:24:08 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/03/29 23:24:07 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/03/29 23:24:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/03/29 23:23:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/03/29 23:22:53 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/02 13:28:20 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/12 13:07:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 13:01:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 13:01:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 13:01:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 13:01:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 13:01:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 13:01:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 13:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 13:00:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 13:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 13:00:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 09:32:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/09/08 09:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 11:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 10:26:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 10:25:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 10:25:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 10:25:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 10:25:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 10:25:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 10:24:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 10:24:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 10:24:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 10:24:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2006/06/12 11:01:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2006/06/12 11:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/12/21 10:24:08 | 000,393,728 | ---- | C] () -- C:\WINDOWS\System32\pdfspme.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/10 03:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/08 12:23:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Anx417.dll
[2005/08/08 12:23:06 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 000,529,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,555,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,113,850 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/03/18 19:01:20 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/20 19:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[1999/01/04 13:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 02:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2007/08/18 13:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACT
[2010/09/19 13:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pro800-Pro900 Series
[2010/09/19 13:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sprint
[2007/04/21 14:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2011/03/05 11:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/04/01 23:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/01/22 18:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/01 23:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009/03/06 21:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/03/14 17:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/02/19 13:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DYMO
[2010/01/14 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/14 14:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010/08/31 12:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2011/05/20 13:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/06/26 13:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/06/12 13:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/10/16 04:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/04/20 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro800-Pro900 Series
[2010/12/02 11:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/12/13 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/03/14 17:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/10/16 05:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/07/31 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/03/29 23:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/03/24 11:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/01/17 14:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/31 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/04/21 14:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\ACT
[2009/11/15 22:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2009/04/25 16:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\ezScriptWriter
[2009/03/29 00:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\F-Secure
[2007/10/07 12:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Image Zone Express
[2007/04/21 14:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\IsolatedStorage
[2007/09/13 13:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Leadertech
[2009/06/08 13:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\mjusbsp
[2010/04/20 12:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Pro800-Pro900 Series
[2009/10/16 16:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Research In Motion
[2009/08/12 20:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Sierra Wireless
[2009/07/29 19:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\SmarThru4
[2009/08/12 20:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Sprint
[2008/05/07 10:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\System Tweaker
[2009/10/16 16:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Toshiba
[2008/05/07 10:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Helen Gannon\Application Data\Uniblue
[2009/12/13 16:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/05/21 07:36:04 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\AVG Test Center.job
[2008/12/19 23:32:52 | 000,000,124 | ---- | M] () -- C:\WINDOWS\Tasks\Critical Battery Alarm Program.job
[2009/09/19 12:52:20 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1245272971.job
[2011/05/20 18:55:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1249512835.job
[2011/05/21 06:10:24 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job
[2011/05/20 18:23:59 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A3EEFA6B-F3B8-4FE4-AE97-5E2F6709A67B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\VMR_W9_VAA forms.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\OnlinePaymenproperty insurance 1-3-09.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\key.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\Current_Resume.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\Blank lead sheet.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Helen Gannon\My Documents\2w.pdf:Roxio EMC Stream
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
extras txt

OTL Extras logfile created on: 5/21/2011 1:10:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Helen Gannon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 24.06 Gb Free Space | 32.32% Space Free | Partition Type: NTFS

Computer Name: GENERALMANAGE01 | User Name: GeneralManager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! 9.x/2007
"C:\WINDOWS\LMI1A.tmp\rescue.exe" = C:\WINDOWS\LMI1A.tmp\rescue.exe:*:Enabled:LogMeIn Rescue
"C:\WINDOWS\LMI1D.tmp\rescue.exe" = C:\WINDOWS\LMI1D.tmp\rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Program Files\Napster\napster.exe" = C:\Program Files\Napster\napster.exe:*:Enabled:Napster -- (Napster)
"C:\Program Files\Intuit\QuickBooks 2005\QBW32PremierContractor.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBW32PremierContractor.exe:*:Enabled:QuickBooks Premier - Contractor Edition 2005
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Documents and Settings\Helen Gannon\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe" = C:\Documents and Settings\Helen Gannon\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe:*:Enabled:PluginAntivirus DLL
"C:\Documents and Settings\administrator.SOUTHERNCOATING\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe" = C:\Documents and Settings\administrator.SOUTHERNCOATING\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe:*:Enabled:PluginAntivirus DLL
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" = C:\Program Files\Logitech\QuickCam\Quickcam.exe:*:Enabled:Quickcam -- ()
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Documents and Settings\Helen Gannon\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Helen Gannon\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe" = C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger -- (Samsung Electronics)
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC -- ()
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe" = C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO -- ()
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe" = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\WirelessFTP1.exe:LocalSubNet:Enabled:Wireless File Transfer -- (TOSHIBA CORPORATION.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe" = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe:*:Enabled:Bluetooth Information Exchanger -- (TOSHIBA CORPORATION.)
"C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsavgui.exe" = C:\Program Files\Cbeyond Secure Desktop\FSGUI\fsavgui.exe:*:Enabled:Open Cbeyond Secure Desktop -- (F-Secure Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ACT\Act for Windows\ActSage.exe" = C:\Program Files\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! 9.x/2007
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Documents and Settings\Helen Gannon\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Helen Gannon\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe" = C:\Program Files\Sprint\Sprint SmartView\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Documents and Settings\Helen Gannon\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe" = C:\Documents and Settings\Helen Gannon\Application Data\U3\0BC077600120A901\BBD53C04-8853-4202-B4B5-5194B0BC1696\Exec\AV\AntiVirusApplication.exe:*:Enabled:PluginAntivirus DLL
"C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe" = C:\Program Files\Wave Systems Corp\Security Wizards\bin\Secure 8021x.exe:*:Enabled:802.1x Authentication Setup Wizard -- (Wave Systems Corp)
"C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AT&T\AT&T My World\MyWorld.exe" = C:\Program Files\AT&T\AT&T My World\MyWorld.exe:*:Enabled:AT&T My World
"C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe" = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc1.exe:*:Enabled:Bluetooth Information Exchanger -- (TOSHIBA CORPORATION.)
"C:\Program Files\DirecTV\DIRECTV2PC Playback Advisor\CLDetect.exe" = C:\Program Files\DirecTV\DIRECTV2PC Playback Advisor\CLDetect.exe:*:Enabled:DIRECTV2PC Playback Advisor
"C:\Program Files\SmarThru 4\ImageEditor.exe" = C:\Program Files\SmarThru 4\ImageEditor.exe:*:Enabled:SmarThru 4 Image Editor -- ()
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe" = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe:*:Enabled:Adobe Acrobat 8.1 -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A423-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Accountant Edition 2010
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07BB4D84-BE7E-45ED-B145-9A474700F590}" = Mobile Broadband Generic Drivers
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}" = NTRU Hybrid TSS v2.0.25
"{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{212ADFE3-0EA7-4670-B629-058A6CF3C58E}" = Power Commander 3 USB
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}" = hp officejet g series
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FEC3A5B-60FF-4626-B425-08E09B121A15}" = LogMeIn
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F5AF4AA-7F77-47FC-9E22-519822FC6365}" = Sprint SmartView
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923B9E23-7F7D-4358-83DD-B189E1A558A2}" = ebgcRes
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B351E5AF-E6E2-46E4-8155-DAB130731F70}" = Iomega REV System Software
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCCBE608-5C44-4507-AE11-55B36AE0E41B}" = The Print Shop Business Card Creator
"{BE40EC9E-9466-4288-916D-C1D6C13F4A40}" = upekmsi
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = MobiLink3
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDD4761A-3D3F-4487-9AAF-7855A36E0D31}" = Wave Infrastructure Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DA427272-904E-4EC2-BCC8-07B39B8EFA78}" = SuperDVR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE2EE62C-E27D-486A-AF6D-FA4A06E67476}" = Preboot Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EFA1C88E-0F13-4F74-9A37-07C177CDE36B}" = WebEx Support Manager for Internet Explorer
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6C05B70-3972-11DE-AA67-005056806466}" = Google Earth Pro
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.6 Standard
"Adobe Acrobat 8 Standard_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATT-PRT22" = ATT-PRT22
"ATT-SST" = AT&T Service & Support Tool
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DYMO Label v.8" = DYMO Label v.8
"ezHealthWare Software Suite_is1" = ezScriptWriter v3.0
"F-Secure Product 277" = Cbeyond Secure Desktop
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"hp psc 2100 series_Driver" = hp psc 2100 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{72FECEA1-E87F-4192-89FA-D0FBF92885BB}" = ETS Upgrade
"InstallShield_{C336A3DB-FA32-42BE-97D0-FFD42D807FD6}" = Oz776 SCR Driver V1.1.4.2
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MobiLink3" = MobiLink3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PEM Software Systems, Inc" = PEM Software Systems, Inc
"PROHYBRIDR" = 2007 Microsoft Office system
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SearchAssist" = SearchAssist
"SmarThru PC Fax" = SmarThru PC Fax
"ST6UNST #1" = BarCodeLabel ActiveX
"ST6UNST #2" = BarCodeLabel ActiveX (C:\Program Files\BarCodeLabel ActiveX\)
"ST6UNST #3" = BarCodeLabel ActiveX (C:\Program Files\BarCodeLabel ActiveX\) #3
"Super Collapse! II" = Super Collapse! II
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4060964453-4198831217-3626650206-1147\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"WeatherTAP.com - RadarLab HD" = WeatherTAP.com - RadarLab HD
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2011 1:47:18 PM | Computer Name = GENERALMANAGE01 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 5/20/2011 1:51:40 PM | Computer Name = GENERALMANAGE01 | Source = Ci | ID = 4127
Description = Content index on c:\system volume information\catalog.wci could not
be initialized. Error 3221225477.

Error - 5/20/2011 1:51:40 PM | Computer Name = GENERALMANAGE01 | Source = Ci | ID = 4127
Description = Content index on c:\system volume information\catalog.wci could not
be initialized. Error 3221225477.

Error - 5/20/2011 9:44:29 PM | Computer Name = GENERALMANAGE01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/21/2011 12:05:30 AM | Computer Name = GENERALMANAGE01 | Source = F-Secure Anti-Virus | ID = 103
Description = 1 2011-05-21 00:05:29-04:00 generalmanage01 SOUTHERNCOATING\GeneralManager
F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\WINDOWS\TASKS\GOOGLEUPDATETASKMACHINEUA.JOB
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 5/21/2011 5:44:41 AM | Computer Name = GENERALMANAGE01 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/21/2011 6:02:16 AM | Computer Name = GENERALMANAGE01 | Source = F-Secure Anti-Virus | ID = 103
Description = 2 2011-05-21 06:02:15-04:00 generalmanage01 SOUTHERNCOATING\GeneralManager
F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\DYMO\DYMO
LABEL SOFTWARE\DYMOBARCODE.DLL was aborted due to exceeded scanning time limit.
The file may be in use or reading it was too slow (e.g. network connection was
under stress).

Error - 5/21/2011 6:02:16 AM | Computer Name = GENERALMANAGE01 | Source = F-Secure Anti-Virus | ID = 103
Description = 3 2011-05-21 06:02:15-04:00 generalmanage01 SOUTHERNCOATING\GeneralManager
F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\CBEYOND
SECURE DESKTOP\FSAUA\SUBSCRIPTIONS\AVH_GEMDB was aborted due to exceeded scanning
time limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 5/21/2011 6:02:16 AM | Computer Name = GENERALMANAGE01 | Source = F-Secure Anti-Virus | ID = 103
Description = 4 2011-05-21 06:02:15-04:00 generalmanage01 SOUTHERNCOATING\GeneralManager
F-Secure Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\CBEYOND
SECURE DESKTOP\FSAUA\SUBSCRIPTIONS\AVH_BLENG was aborted due to exceeded scanning
time limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 5/21/2011 6:10:24 AM | Computer Name = GENERALMANAGE01 | Source = F-Secure Anti-Virus | ID = 103
Description = 5 2011-05-21 06:10:24-04:00 generalmanage01 SOUTHERNCOATING\GeneralManager
F-Secure Anti-Virus Manual scanning was finished - workstation was found infected!


[ OSession Events ]
Error - 10/1/2010 4:11:59 PM | Computer Name = GENERALMANAGE01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 627
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/2/2010 3:32:33 PM | Computer Name = GENERALMANAGE01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 320
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/20/2011 2:30:12 PM | Computer Name = GENERALMANAGE01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 60 minutes. NtpClient has no source of accurate
time.

Error - 5/20/2011 3:30:12 PM | Computer Name = GENERALMANAGE01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 120 minutes. NtpClient has no source of accurate
time.

Error - 5/20/2011 5:30:13 PM | Computer Name = GENERALMANAGE01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 240 minutes. NtpClient has no source of accurate
time.

Error - 5/20/2011 5:44:32 PM | Computer Name = GENERALMANAGE01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SOUTHERNCOATING due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 5/20/2011 9:30:13 PM | Computer Name = GENERALMANAGE01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 480 minutes. NtpClient has no source of accurate
time.

Error - 5/20/2011 9:59:32 PM | Computer Name = GENERALMANAGE01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SOUTHERNCOATING due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 5/21/2011 1:59:32 AM | Computer Name = GENERALMANAGE01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SOUTHERNCOATING due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 5/21/2011 5:30:16 AM | Computer Name = GENERALMANAGE01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 959 minutes. NtpClient has no source of accurate
time.

Error - 5/21/2011 5:59:32 AM | Computer Name = GENERALMANAGE01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SOUTHERNCOATING due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.

Error - 5/21/2011 10:14:32 AM | Computer Name = GENERALMANAGE01 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain SOUTHERNCOATING due to
the following: %%1311. Make sure that the computer is connected to the network and
try again. If the problem persists, please contact your domain administrator.


< End of report >
 
Looking at some bad files on your system, lets do this

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
combofix

ComboFix 11-05-21.03 - GeneralManager 05/22/2011 10:32:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1267 [GMT -4:00]
Running from: c:\documents and settings\Helen Gannon\Desktop\ComboFix.exe
AV: Cbeyond Secure Desktop 8.00 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Cbeyond Secure Desktop 8.00 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Helen Gannon\Local Settings\Temporary Internet Files\viewChanges.html
c:\windows\system32\bszip.dll
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-19 21:34 . 2011-05-19 21:34 -------- d-----w- c:\documents and settings\Helen Gannon\Application Data\Malwarebytes
2011-05-19 21:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 21:34 . 2011-05-19 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-19 21:34 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 21:34 . 2011-05-19 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\Helen Gannon\Local Settings\Application Data\hmv.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\Helen Gannon\Local Settings\Application Data\dvl.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\Helen Gannon\Local Settings\Application Data\bhk.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\Helen Gannon\Local Settings\Application Data\baf.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\All Users\Application Data\vwv.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\All Users\Application Data\qio.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\All Users\Application Data\njo.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\All Users\Application Data\jdd.exe
2011-05-15 18:11 . 2011-05-15 18:11 0 --sha-w- c:\documents and settings\All Users\Application Data\bhx.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 14:47 . 2009-10-19 23:45 256 ----a-w- c:\documents and settings\Helen Gannon\pool.bin
2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 11:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-11-08 66864]
"cdloader"="c:\documents and settings\Helen Gannon\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-06-24 1882360]
"RIMDeviceManager"="c:\program files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-06-01 1602904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\Cbeyond Secure Desktop\Common\FSM32.EXE" [2008-12-10 182936]
"F-Secure TNB"="c:\program files\Cbeyond Secure Desktop\FSGUI\TNBUtil.exe" [2008-12-10 1317472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-28 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-31 503808]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-03-10 323216]
"NVHotkey"="nvHotkey.dll" [2007-02-13 73728]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-30 2396160]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-12-02 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-12-02 316736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-24 55808]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2009-08-20 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2009-08-20 139944]
"Lexmark Pro800-Pro900 Series Fax Server"="c:\program files\Lexmark Pro800-Pro900 Series\fm3032.exe" [2009-08-20 316072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-02-13 1622016]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-7-6 1078]
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-7 66864]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 17:35 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 18:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-07-20 20:55 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-09-08 13:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 15:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega ImIconXP]
2006-12-13 16:28 86016 ----a-w- c:\program files\Iomega\REV System Software\ImIconXp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2009-03-10 20:07 323216 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-02-13 23:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-02-13 23:26 73728 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-02-13 23:26 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2004-06-03 05:51 172032 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\Helen Gannon\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\WINDOWS\\system32\\lxeccoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"=
"c:\\Program Files\\SmarThru 4\\ImageEditor.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/14/2010 3:15 PM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/22/2009 7:08 PM 80032]
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [4/17/2007 1:58 PM 25344]
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [1/5/2007 1:39 PM 30968]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Cbeyond Secure Desktop\HIPS\drivers\fshs.sys [1/14/2010 2:47 PM 67808]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/11/2004 7:00 PM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/7/2010 10:26 AM 374152]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/29/2010 10:22 AM 88176]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [6/12/2009 3:00 PM 80384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Cbeyond Secure Desktop\Anti-Virus\minifilter\fsgk.sys [1/22/2009 7:07 PM 124072]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2/19/2010 1:07 PM 12032]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2/19/2010 1:07 PM 39424]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 gupdate1ca1a1a448c55c0;Google Update Service (gupdate1ca1a1a448c55c0);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 8:25 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [4/20/2010 11:31 AM 98984]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CXFALCON;TD3101_3104 Video/Audio Card;c:\windows\system32\drivers\TD3101_3104AV.sys [7/30/2009 12:41 PM 78592]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe [1/14/2010 2:47 PM 55904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 8:25 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/2/2009 1:12 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174592]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsfilter.sys [1/22/2009 7:07 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsrec.sys [1/22/2009 7:07 PM 25184]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - revfs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2009-09-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4245272971.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
.
2011-05-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4249512835.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
.
2011-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-07 15:49]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 00:25]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 00:25]
.
2011-05-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CBEYON~1\ANTI-V~1\fsav.exe [2009-01-22 12:32]
.
2011-05-21 c:\windows\Tasks\User_Feed_Synchronization-{A3EEFA6B-F3B8-4FE4-AE97-5E2F6709A67B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=4V4Gjls64fFV_yjQ_x2NGqoJZcg
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
LSP: c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
LSP: bmnet.dll
Trusted Zone: $talisma_url$
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
DPF: {15772FF0-B907-4D98-B770-0000B63DB314} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB
DPF: {69D1E588-02F8-4C00-B311-5C581402C247} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cab
DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.cab
DPF: {79C259BD-8024-4992-B445-2C52D3449214} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CAB
DPF: {7F293A61-0246-451E-B9AA-8CCAC7D06B63} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridge.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 40\imc.exe
HKLM-Run-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
HKLM-Run-Acrobat Assistant 8.0 - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
MSConfigStartUp-Act! Preloader - c:\program files\ACT\ACT for Windows\ActSage.exe
MSConfigStartUp-Act.Outlook - c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,17,eb,27,6c,15,63,43,a5,8e,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,17,eb,27,6c,15,63,43,a5,8e,fe,\
.
[HKEY_USERS\S-1-5-21-4060964453-4198831217-3626650206-1147\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\LMIinit.dll
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(1240)
c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
c:\windows\system32\bmnet.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(11876)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
c:\program files\cbeyond secure desktop\scanner-interface\fsgkiapi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'csrss.exe'(1160)
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
c:\program files\Cbeyond Secure Desktop\Common\FSMA32.EXE
c:\program files\Cbeyond Secure Desktop\Anti-Virus\FSGK32.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxeccoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Iomega\REV System Software\RevUDF.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Cbeyond Secure Desktop\Common\FSLAUNCHER0.EXE
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\docume~1\HELENG~1\LOCALS~1\Temp\bwgo0005de22.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-05-22 10:54:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-22 14:54
.
Pre-Run: 25,617,084,416 bytes free
Post-Run: 28,829,257,728 bytes free
.
- - End Of File - - 921F7F6BF425115E87C99F143DADAD8A
 
combofix

had to run combofix twice for it to create the log. I don't know if this makes any difference or not but thought I should let you know and also thank you for all the time you are putting into this It is soooo appreciated as this laptop means a lot to me and has a lot of non backed up memories as my desktop that I was backing up to crashed. This has taught me a lesson and i will be buying an external drive to backup to.
 
Your very welcome, not a problem helping you. You may want to check Costco if you have one in your area as they have some great external drives I believe on is a Seagate and the other I cant remember but both where around $50, if you dont want to spend that much a SanDisk USB Flash drive is another option


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::


Code: 
File::
c:\documents and settings\Helen Gannon\Local Settings\Application Data\hmv.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\dvl.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\bhk.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\baf.exe
c:\documents and settings\All Users\Application Data\vwv.exe
c:\documents and settings\All Users\Application Data\qio.exe
c:\documents and settings\All Users\Application Data\njo.exe
c:\documents and settings\All Users\Application Data\jdd.exe
c:\documents and settings\All Users\Application Data\bhx.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
 
cfscript log

Thanks for the advice and it did reboot again
I stopped programs from running if they started

ComboFix 11-05-21.03 - GeneralManager 05/22/2011 15:12:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1313 [GMT -4:00]
Running from: c:\documents and settings\Helen Gannon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Helen Gannon\Desktop\cfscript.txt
AV: Cbeyond Secure Desktop 8.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Cbeyond Secure Desktop 8.00 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"c:\documents and settings\All Users\Application Data\bhx.exe"
"c:\documents and settings\All Users\Application Data\jdd.exe"
"c:\documents and settings\All Users\Application Data\njo.exe"
"c:\documents and settings\All Users\Application Data\qio.exe"
"c:\documents and settings\All Users\Application Data\vwv.exe"
"c:\documents and settings\Helen Gannon\Local Settings\Application Data\baf.exe"
"c:\documents and settings\Helen Gannon\Local Settings\Application Data\bhk.exe"
"c:\documents and settings\Helen Gannon\Local Settings\Application Data\dvl.exe"
"c:\documents and settings\Helen Gannon\Local Settings\Application Data\hmv.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\bhx.exe
c:\documents and settings\All Users\Application Data\jdd.exe
c:\documents and settings\All Users\Application Data\njo.exe
c:\documents and settings\All Users\Application Data\qio.exe
c:\documents and settings\All Users\Application Data\vwv.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\baf.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\bhk.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\dvl.exe
c:\documents and settings\Helen Gannon\Local Settings\Application Data\hmv.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
.
.
2011-05-19 21:34 . 2011-05-19 21:34 -------- d-----w- c:\documents and settings\Helen Gannon\Application Data\Malwarebytes
2011-05-19 21:34 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 21:34 . 2011-05-19 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-19 21:34 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 21:34 . 2011-05-19 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-22 19:29 . 2009-10-19 23:45 256 ----a-w- c:\documents and settings\Helen Gannon\pool.bin
2011-03-07 05:33 . 2004-08-11 23:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-11 23:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-11 23:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-11 23:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec
2004-08-04 11:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-11-08 66864]
"cdloader"="c:\documents and settings\Helen Gannon\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-06-24 1882360]
"RIMDeviceManager"="c:\program files\Common Files\Research in Motion\RIMDeviceManager\RIMDeviceManager.exe" [2010-06-01 1602904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"F-Secure Manager"="c:\program files\Cbeyond Secure Desktop\Common\FSM32.EXE" [2008-12-10 182936]
"F-Secure TNB"="c:\program files\Cbeyond Secure Desktop\FSGUI\TNBUtil.exe" [2008-12-10 1317472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-28 552960]
"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-31 503808]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-03-10 323216]
"NVHotkey"="nvHotkey.dll" [2007-02-13 73728]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-04-30 2396160]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-12-02 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-12-02 316736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-06-24 55808]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2009-08-20 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2009-08-20 139944]
"Lexmark Pro800-Pro900 Series Fax Server"="c:\program files\Lexmark Pro800-Pro900 Series\fm3032.exe" [2009-08-20 316072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"nwiz"="nwiz.exe" [2007-02-13 1622016]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
hp psc 2000 Series.lnk - c:\program files\HP\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-7-6 1078]
Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-7 66864]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-3 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-16 17:35 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 12:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-04-30 18:51 2396160 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-07-20 20:55 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-09-08 13:32 102400 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2006-04-06 15:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 03:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega ImIconXP]
2006-12-13 16:28 86016 ----a-w- c:\program files\Iomega\REV System Software\ImIconXp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-09-11 08:40 218032 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-11 08:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2009-03-10 20:07 323216 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-02-13 23:26 7700480 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-02-13 23:26 73728 ----a-w- c:\windows\system32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-02-13 23:26 1622016 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-05-10 14:22 405504 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 18:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 17:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2004-06-03 05:51 172032 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Documents and Settings\\Helen Gannon\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\WINDOWS\\system32\\lxeccoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtProc1.exe"=
"c:\\Program Files\\SmarThru 4\\ImageEditor.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [1/14/2010 3:15 PM 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [1/22/2009 7:08 PM 80032]
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [4/17/2007 1:58 PM 25344]
R0 imdrvfsf;Iomega File System Filter Driver;c:\windows\system32\drivers\imdrvfsf.sys [1/5/2007 1:39 PM 30968]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Cbeyond Secure Desktop\HIPS\drivers\fshs.sys [1/14/2010 2:47 PM 67808]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/11/2004 7:00 PM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/7/2010 10:26 AM 374152]
R2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe -service --> c:\windows\system32\lxeccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [12/29/2010 10:22 AM 88176]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [6/12/2009 3:00 PM 80384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Cbeyond Secure Desktop\Anti-Virus\minifilter\fsgk.sys [1/22/2009 7:07 PM 124072]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2/19/2010 1:07 PM 12032]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2/19/2010 1:07 PM 39424]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 gupdate1ca1a1a448c55c0;Google Update Service (gupdate1ca1a1a448c55c0);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 8:25 PM 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/17/2007 2:00 PM 12856]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxecserv.exe [4/20/2010 11:31 AM 98984]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CXFALCON;TD3101_3104 Video/Audio Card;c:\windows\system32\drivers\TD3101_3104AV.sys [7/30/2009 12:41 PM 78592]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Cbeyond Secure Desktop\ORSP Client\fsorsp.exe [1/14/2010 2:47 PM 55904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 8:25 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [5/27/2009 3:27 AM 29262680]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [12/2/2009 1:12 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/2/2009 1:12 PM 174592]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsfilter.sys [1/22/2009 7:07 PM 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Cbeyond Secure Desktop\Anti-Virus\win2k\fsrec.sys [1/22/2009 7:07 PM 25184]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
*Deregistered* - revfs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2009-09-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4245272971.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
.
2011-05-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4249512835.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]
.
2011-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-07 15:49]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 00:25]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 00:25]
.
2011-05-22 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\CBEYON~1\ANTI-V~1\fsav.exe [2009-01-22 12:32]
.
2011-05-21 c:\windows\Tasks\User_Feed_Synchronization-{A3EEFA6B-F3B8-4FE4-AE97-5E2F6709A67B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/&s=4V4Gjls64fFV_yjQ_x2NGqoJZcg
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
LSP: c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
LSP: bmnet.dll
Trusted Zone: $talisma_url$
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Trusted Zone: care360.com
Trusted Zone: questdiagnostics.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll
DPF: {15772FF0-B907-4D98-B770-0000B63DB314} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/VBPrinter.CAB
DPF: {69D1E588-02F8-4C00-B311-5C581402C247} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/DGXDPCtr.cab
DPF: {756BEC7B-ADF4-4931-A519-B513B32CFC1B} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/LabelControl.cab
DPF: {79C259BD-8024-4992-B445-2C52D3449214} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/C360Upgrader.CAB
DPF: {7F293A61-0246-451E-B9AA-8CCAC7D06B63} - hxxps://cas2.questdiagnostics.com/EREQ_SSLcabs/ComboBridge.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-22 15:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,17,eb,27,6c,15,63,43,a5,8e,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,17,eb,27,6c,15,63,43,a5,8e,fe,\
.
[HKEY_USERS\S-1-5-21-4060964453-4198831217-3626650206-1147\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(1240)
c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
c:\windows\system32\bmnet.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(8848)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Cbeyond Secure Desktop\FSPS\program\FSLSP.DLL
c:\program files\cbeyond secure desktop\scanner-interface\fsgkiapi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\bmnet.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'csrss.exe'(1160)
c:\program files\Cbeyond Secure Desktop\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\Common\DataServer.exe
c:\program files\Cbeyond Secure Desktop\Anti-Virus\fsgk32st.exe
c:\program files\Cbeyond Secure Desktop\Common\FSMA32.EXE
c:\program files\Cbeyond Secure Desktop\Anti-Virus\FSGK32.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxeccoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Iomega\REV System Software\RevUDF.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Cbeyond Secure Desktop\Anti-Virus\fssm32.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\docume~1\HELENG~1\LOCALS~1\Temp\bwgo0004cf14.exe
c:\program files\Common Files\InstallShield\UpdateService\agent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Cbeyond Secure Desktop\Common\FSLAUNCHER0.EXE
.
**************************************************************************
.
Completion time: 2011-05-22 15:35:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-22 19:35
ComboFix2.txt 2011-05-22 14:54
.
Pre-Run: 28,843,520,000 bytes free
Post-Run: 28,826,058,752 bytes free
.
- - End Of File - - C5CAC74C6670749FFDAE58423154CB8C
 
ik really haven't tried to run anything I do know there are updated that my antivirus says needs to be installed but I haven't done them due to this virus. I haven"t had any popups or problems in all of the things we have done. I will go through and see if my major programs are working. again thank you for your help!!!!!!!!!!!!!
 
Everything seems to be running. I do have a question is there a way to remove the network from where i used to work without losing my desktop?
 
Glad things are ok, why dont you post here in there network forum, all us forums work together so feel free to link them to this thread so they can see what we have done.

Like Safer this site is free but you will need to register
http://forums.whatthetech.com/index.php?showforum=128



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups




Safe Surfn
Ken
 
You must log in or register to reply here.
Back
Top