Inactive My mother got happy clicking syndrome

beaslie0503 · 2011/10/26

ok cool I'll run that utility after she gets back from work... It was runnin nice I went surfin the web on it and it wasnt getting outgoing request blocks from Malwarebytes so no popups and stuff it was working quite good...

Appreciate all the help

broni · 2011/10/26

Good news

beaslie0503 · 2011/10/26

OTL Part 1

OTL logfile created on: 10/26/2011 6:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mcase\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 75.68% Memory free
5.29 Gb Paging File | 4.68 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 84.00 Gb Free Space | 75.17% Space Free | Partition Type: NTFS

Computer Name: MB-4026-03 | User Name: mcase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 18:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcase\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/08/23 08:32:49 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/08/23 08:32:42 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/08/23 08:32:42 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/01 14:24:36 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/01 14:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R205445\stacsv.exe
PRC - [2008/12/01 14:24:22 | 000,471,040 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/10/27 18:17:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/10/27 18:16:42 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/10/27 18:16:40 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/27 18:16:40 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/08/15 07:51:34 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/15 07:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 05:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/08/15 07:46:30 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/08/15 07:43:46 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/23 08:32:49 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/08/23 08:32:49 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/08/23 08:32:42 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/08/23 08:32:41 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/08/23 08:32:40 | 001,832,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/10 03:24:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/01 14:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R205445\stacsv.exe -- (STacSV)
SRV - [2008/06/27 12:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/15 05:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/10/17 10:37:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111021.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/17 10:37:27 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111021.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/01 11:47:25 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/01 11:47:25 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/24 04:52:40 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/23 08:32:50 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/08/23 08:32:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/08/23 08:32:49 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/08/23 08:32:37 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/08/23 08:32:35 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/10/22 21:06:50 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/22 21:06:50 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/12/01 14:24:32 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/01 14:24:20 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/28 14:37:26 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/27 18:16:38 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/16 21:03:02 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/09/10 15:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/18 09:01:20 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/08/18 09:01:18 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/08/18 09:01:14 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/18 08:37:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/07/01 15:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/07/23 14:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 14:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 14:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 14:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 14:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 14:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 14:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 14:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 13:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 13:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4090129
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4090129

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4090129
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4090129
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1004336348-725345543-839522115-9187\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-725345543-839522115-9187\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll File not found

O1 HOSTS File: ([2011/10/25 21:53:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-725345543-839522115-9187\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1234975290828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = neighbor.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2EA4E7A-659B-47FD-8CA7-58C3E1D45A2F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mcase\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mcase\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\Eserver\users$\mcase\My Pictures
[2099/01/01 12:00:00 | 000,000,000 | R--D | C] -- \\Eserver\users$\mcase\My Music
[2099/01/01 12:00:00 | 000,000,000 | -HSD | C] -- \\Eserver\users$\mcase\RECYCLER
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Wounded Warrior Project
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Website
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\VTI Mentoring
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\VTI
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Volunteer challenge_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Villa Mandel
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Updater5
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\UCSD
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Training & Presentations
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Toussaint
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Tours
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Time & Activity Sheets
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Tenant Exit Interviews
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\TAAS
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\SVDPV Progarm Analysis unit costs 3.17.11
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Strategic Planning
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Statistics
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Stakeholder feedback
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Staff Appreciation
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Sony VAIO Transfer
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\smartdraw
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Six Sigma
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Ruth
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\RTFH
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\research studies on homelessness
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Research
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Remedy
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Recovery Services
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\PTECH
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\P's & P's
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Projects
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Project 25
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Programs - SVdPV
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Poverty Trainers
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Pocket_PC My Documents
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\pictures
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\PATH Mall
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Org Charts
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\New Pictures - 07
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\National University
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MVK RE Units of Service_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MV&K
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Multi Service Center
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MSC proposal
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MOUSE
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MHSA rfp
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Me
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Matt Packard
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Matt Case
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\MASH
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Marijuana employee law_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Management Training
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Leadership
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Kathi Bradshaw
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Indio
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\I.T
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Human Resources
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Fr. Joe
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\EOC (Executive Outcomes Commiittee)
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Donations
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\doctor appointment
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Diane Plaster
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Curriculum Development
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Current Projects
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\contracts with Sarah Mac_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Consultants
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\conference call codes_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Computers
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\COC Re-tooling
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\City Council
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\chris case temp
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\children's legal issues
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\CCAC
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Capital Campaign
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\CAP students resumes
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Candy Recipes_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Building Projects
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\BUDGETS
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Brochures
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Board-SVDPV
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Bluetooth Exchange Folder
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Autosave
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Annual Report
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\alma. client gievance.council email_files
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\Adminsitrative P's & P's
[2099/01/01 12:00:00 | 000,000,000 | ---D | C] -- \\Eserver\users$\mcase\0MAIL
[2011/10/26 18:45:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mcase\Desktop\OTL.exe
[2011/10/25 21:59:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/10/25 21:30:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/25 21:29:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/25 21:29:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/25 21:29:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/25 21:29:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/25 21:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/25 21:28:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/25 21:23:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/25 19:43:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mcase\Start Menu\Programs\Administrative Tools
[2011/10/25 16:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mcase\Application Data\Malwarebytes
[2011/10/25 16:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 16:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/25 16:40:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/25 16:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/06 04:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CSTAR
[2011/10/06 04:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\CSTAR v10
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 \\Eserver\users$\mcase\*.tmp files -> \\Eserver\users$\mcase\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/26 18:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcase\Desktop\OTL.exe
[2011/10/26 18:41:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/26 18:41:56 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SD).job
[2011/10/26 18:41:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 18:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 18:27:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 21:53:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/25 21:31:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/25 20:49:06 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\mcase\Desktop\Microsoft Office Outlook 2007.lnk
[2011/10/25 16:40:30 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 19:31:19 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\mcase\Desktop\Microsoft Office Word 2007.lnk
[2011/10/19 19:02:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/18 10:30:58 | 000,004,432 | RHS- | M] () -- C:\Documents and Settings\mcase\ntuser.pol
[2011/10/13 03:25:49 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 03:09:15 | 000,508,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 03:09:15 | 000,091,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 03:06:32 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 11:44:34 | 000,024,905 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/10/06 04:24:05 | 000,000,121 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/06 04:24:03 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CSTAR v10.lnk
[2011/10/03 11:26:08 | 000,028,424 | ---- | M] () -- \\Eserver\users$\mcase\P-25 Vision and Mission Statement.htm
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 \\Eserver\users$\mcase\*.tmp files -> \\Eserver\users$\mcase\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 024,294,585 | ---- | C] () -- \\Eserver\users$\mcase\RHP_2010-09-24-10_Part1_A[1].pdf
[2099/01/01 12:00:00 | 002,623,450 | ---- | C] () -- \\Eserver\users$\mcase\topping off photo IMG_5455.jpg
[2099/01/01 12:00:00 | 002,397,877 | ---- | C] () -- \\Eserver\users$\mcase\Flex Care claim form BAS HealthCare FSA Form_1.JPG
[2099/01/01 12:00:00 | 001,488,384 | ---- | C] () -- \\Eserver\users$\mcase\Boys and Girls Club General Brochure 08 (2).pub
[2099/01/01 12:00:00 | 001,115,672 | ---- | C] () -- \\Eserver\users$\mcase\ireland fishing village.mht
[2099/01/01 12:00:00 | 001,017,298 | ---- | C] () -- \\Eserver\users$\mcase\Property Management best practic.pdf
[2099/01/01 12:00:00 | 000,882,176 | ---- | C] () -- \\Eserver\users$\mcase\PMC RESIDENTIAL HANDBOOK 4 3 09 track changes.pub
[2099/01/01 12:00:00 | 000,786,177 | ---- | C] () -- \\Eserver\users$\mcase\sustainabillity in nonprofits.pdf
[2099/01/01 12:00:00 | 000,779,814 | ---- | C] () -- \\Eserver\users$\mcase\rt.pdf
[2099/01/01 12:00:00 | 000,739,292 | ---- | C] () -- \\Eserver\users$\mcase\Nick's graduation videos - YouTube.mht
[2099/01/01 12:00:00 | 000,536,616 | ---- | C] () -- \\Eserver\users$\mcase\'Redemption' in an Era of Widespread Criminal Background Checks National Institute of Justice.mht
[2099/01/01 12:00:00 | 000,373,996 | ---- | C] () -- \\Eserver\users$\mcase\Non profit branding report.pdf
[2099/01/01 12:00:00 | 000,206,942 | ---- | C] () -- \\Eserver\users$\mcase\Housing People with Mental Illness 7.28.07.pdf
[2099/01/01 12:00:00 | 000,131,693 | ---- | C] () -- \\Eserver\users$\mcase\St Vincent's Feedback on HPRP Cissy (05 06 09).pdf
[2099/01/01 12:00:00 | 000,128,992 | ---- | C] () -- \\Eserver\users$\mcase\Candy Recipes.htm
[2099/01/01 12:00:00 | 000,105,758 | ---- | C] () -- \\Eserver\users$\mcase\jackso.jpg
[2099/01/01 12:00:00 | 000,101,376 | ---- | C] () -- \\Eserver\users$\mcase\Career Track Flowchart 081128.pub
[2099/01/01 12:00:00 | 000,078,620 | ---- | C] () -- \\Eserver\users$\mcase\SVDPV org chart 11.09 just village FTE's.sdr
[2099/01/01 12:00:00 | 000,078,384 | ---- | C] () -- \\Eserver\users$\mcase\SVDPV org chart 11 11 09 just village no FTE's(3).SDR
[2099/01/01 12:00:00 | 000,073,312 | ---- | C] () -- \\Eserver\users$\mcase\SVDPV org chart 11.09 just village FTE's board retreat.sdr
[2099/01/01 12:00:00 | 000,070,884 | ---- | C] () -- \\Eserver\users$\mcase\contracts with Sarah Mac.htm
[2099/01/01 12:00:00 | 000,051,712 | ---- | C] () -- \\Eserver\users$\mcase\Programs Reporting Structure 02 28 06 (2).pub
[2099/01/01 12:00:00 | 000,042,699 | ---- | C] () -- \\Eserver\users$\mcase\MVK RE Units of Service.htm
[2099/01/01 12:00:00 | 000,039,080 | ---- | C] () -- \\Eserver\users$\mcase\Volunteer challenge.htm
[2099/01/01 12:00:00 | 000,032,964 | ---- | C] () -- \\Eserver\users$\mcase\Marijuana employee law.htm
[2099/01/01 12:00:00 | 000,031,072 | ---- | C] () -- \\Eserver\users$\mcase\conference call codes.htm
[2099/01/01 12:00:00 | 000,028,956 | ---- | C] () -- \\Eserver\users$\mcase\alma. client gievance.council email.htm
[2099/01/01 12:00:00 | 000,028,424 | ---- | C] () -- \\Eserver\users$\mcase\P-25 Vision and Mission Statement.htm
[2099/01/01 12:00:00 | 000,026,961 | ---- | C] () -- \\Eserver\users$\mcase\COC Flow Chart 9.15.10.pdf
[2099/01/01 12:00:00 | 000,011,335 | ---- | C] () -- \\Eserver\users$\mcase\Hospital discharge SB 275 Senate Bill - AMENDED.mht
[2099/01/01 12:00:00 | 000,010,724 | ---- | C] () -- \\Eserver\users$\mcase\xmas 2009.dotx
[2099/01/01 12:00:00 | 000,008,780 | ---- | C] () -- \\Eserver\users$\mcase\WPKSETUP.STF
[2099/01/01 12:00:00 | 000,006,656 | ---- | C] () -- \\Eserver\users$\mcase\SVDP security code
[2099/01/01 12:00:00 | 000,001,812 | -H-- | C] () -- \\Eserver\users$\mcase\Default.rdp
[2099/01/01 12:00:00 | 000,000,572 | ---- | C] () -- \\Eserver\users$\mcase\spider.sav
[2011/10/25 21:31:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/25 21:31:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/25 21:29:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/25 21:29:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/25 21:29:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/25 21:29:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/25 21:29:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/25 16:40:30 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/06 04:24:03 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CSTAR v10.lnk
[2011/09/20 16:27:20 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\cstarlib.dll
[2011/09/20 12:03:42 | 001,454,080 | ---- | C] () -- C:\WINDOWS\System32\svdp.dll
[2010/10/11 07:43:24 | 000,002,173 | R--- | C] () -- C:\WINDOWS\cstar.ini
[2010/08/06 11:54:15 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PA6psvc.exe
[2009/02/27 09:00:05 | 000,000,183 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/02/26 13:53:41 | 000,000,121 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/26 13:48:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\mcase\Application Data\$_hpcst$.hpc
[2009/02/26 13:26:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mcase\Application Data\dm.ini
[2009/01/28 20:30:48 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/01/28 20:30:48 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/01/28 20:30:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2009/01/28 20:29:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/01/28 20:29:02 | 000,001,027 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/28 18:58:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/28 18:56:06 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/28 18:45:11 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/08/15 07:46:30 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/15 11:32:40 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\wirelessdb.dll
[2008/04/25 14:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 14:27:18 | 000,023,444 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 09:16:22 | 000,508,986 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 09:16:22 | 000,091,020 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 09:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 02:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 02:21:52 | 000,278,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/02/19 14:16:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\svdpImage.dll
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/04/13 07:20:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\svdprpt.dll
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/12/21 18:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 18:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 18:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/02/19 15:11:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Lvgl14N.dll
[2004/02/19 12:16:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\lfdrw14N.dll
[2004/02/02 11:44:20 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\LtDlgRes14n.dll
[2003/12/13 21:40:42 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

beaslie0503 · 2011/10/26

otl Part 2

[2008/03/08 08:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\aberry\Application Data\InterTrust
[2009/01/28 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/01/28 18:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/04/27 12:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2010/08/09 08:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Print Audit Inc
[2009/02/18 11:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2011/03/21 14:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/28 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2009/01/28 18:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/01/28 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DFRGMGR\Application Data\Broadcom
[2009/01/28 18:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DFRGMGR\Application Data\Wave Systems Corp
[2009/01/28 18:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jday\Application Data\Broadcom
[2009/01/28 18:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jday\Application Data\Wave Systems Corp
[2010/10/13 13:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2008/03/08 08:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcase\Application Data\InterTrust
[2010/08/25 13:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcase\Application Data\SmartDraw
[2011/03/21 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcase\Application Data\Smith Micro
[2010/12/01 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mcase\Application Data\Xerox
[2008/03/08 08:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rchristian\Application Data\InterTrust
[2008/03/08 08:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sgarcia\Application Data\InterTrust
[2009/07/23 14:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sgarcia\Application Data\Smith Micro
[2011/10/26 18:41:56 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SD).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/03/18 12:55:15 | 000,027,400 | ---- | M] () -- C:\ASLog.txt
[2008/04/25 14:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/18 09:31:25 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/25 21:31:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/10/25 21:59:07 | 000,016,017 | ---- | M] () -- C:\ComboFix.txt
[2008/04/25 14:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/01/28 20:31:36 | 000,003,851 | RH-- | M] () -- C:\dell.sdr
[2008/04/25 14:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/04/25 14:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/11/18 13:48:58 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\msicuu2.exe
[2008/04/13 23:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 01:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/26 18:27:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/03/29 15:04:53 | 007,886,336 | ---- | M] () -- C:\setup.msi
[2006/11/13 11:21:34 | 013,312,638 | ---- | M] () -- C:\swipeall.avi
[2011/10/25 20:37:14 | 000,069,320 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_25.10.2011_20.35.04_log.txt
[2011/10/25 20:48:26 | 000,066,780 | ---- | M] () -- C:\TDSSKiller.2.6.13.0_25.10.2011_20.45.39_log.txt
[2006/11/13 11:23:48 | 002,081,296 | ---- | M] (UPEK Inc.) -- C:\vtapi.dll

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/02/18 09:33:08 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/02/18 01:25:26 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/02/18 09:18:39 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2009/02/18 01:25:26 | 018,087,936 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/02/18 01:25:27 | 004,980,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/02/18 09:33:37 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/26 13:27:57 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\mcase\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/05/07 13:32:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\mcase\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/12/12 10:15:30 | 007,674,984 | ---- | M] (Hewlett Packard) -- C:\Documents and Settings\mcase\Desktop\6127_enu_win2k_xpinfu.exe
[2008/01/10 16:57:04 | 020,812,848 | ---- | M] () -- C:\Documents and Settings\mcase\Desktop\AT-B430D0802GG04US.EXE
[2006/03/20 16:37:00 | 005,689,344 | ---- | M] (Gabest) -- C:\Documents and Settings\mcase\Desktop\mplayerc.exe
[2011/10/26 18:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mcase\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/12 14:01:20 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\mcase\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/10/10 11:44:34 | 000,024,905 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/26 18:45:19 | 000,393,216 | ---- | M] () -- C:\Documents and Settings\mcase\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/03 04:37:24 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 04:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 04:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 10:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/03 04:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/03 04:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/03 04:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 04:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 04:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 3
"UseWUServer" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

beaslie0503 · 2011/10/26

EXTRAS

OTL Extras logfile created on: 10/26/2011 6:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mcase\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 75.68% Memory free
5.29 Gb Paging File | 4.68 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 84.00 Gb Free Space | 75.17% Space Free | Partition Type: NTFS

Computer Name: MB-4026-03 | User Name: mcase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"80:TCP" = 80:TCP:*isabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{448D250B-70AC-4110-8A0E-1AE273352EB6}" = CSTAR v10
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70ED15F0-74A8-4D02-88C7-4BC31D74585F}" = Policy Manager Office Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7641FD7D-E94E-424E-A95C-0593C84DC0C0}" = VZAccess Manager
"{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8696ED8F-F797-40F0-A52A-CF6552E338E1}" = Mobile Broadband Drivers
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9B7467E1-87CF-4A82-B8C0-D87CC161AADB}" = SmartDraw VP
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6AEAA78-8579-4EFB-A5D6-0BFAE042810D}" = PrintReportDotNet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA272494-8DEA-43CF-9BFF-652553C04265}" = Symantec Endpoint Protection
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp deskjet 6127 series_Driver" = hp deskjet 6127 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2011 12:39:40 AM | Computer Name = MB-4026-03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/26/2011 12:39:41 AM | Computer Name = MB-4026-03 | Source = UserInit | ID = 1000
Description = Could not execute the following script WKIX32.EXE. The system cannot
find the file specified. .

Error - 10/26/2011 12:52:11 AM | Computer Name = MB-4026-03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/26/2011 12:52:12 AM | Computer Name = MB-4026-03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/26/2011 12:52:13 AM | Computer Name = MB-4026-03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/26/2011 12:52:36 AM | Computer Name = MB-4026-03 | Source = UserInit | ID = 1000
Description = Could not execute the following script WKIX32.EXE. The system cannot
find the file specified. .

Error - 10/26/2011 9:29:17 PM | Computer Name = MB-4026-03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/26/2011 9:29:17 PM | Computer Name = MB-4026-03 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/26/2011 9:41:53 PM | Computer Name = MB-4026-03 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/26/2011 9:42:16 PM | Computer Name = MB-4026-03 | Source = UserInit | ID = 1000
Description = Could not execute the following script WKIX32.EXE. The system cannot
find the file specified. .

[ OSession Events ]
Error - 2/27/2009 4:04:53 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 5296
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 6/9/2010 6:27:03 AM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 488021
seconds with 10200 seconds of active time. This session ended with a crash.

Error - 7/12/2010 1:04:18 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4208
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 7/12/2010 1:12:52 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 468
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/19/2010 12:37:47 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/12/2010 12:47:46 AM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 97
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/16/2010 3:08:39 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 394
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/4/2010 2:25:08 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1090
seconds with 840 seconds of active time. This session ended with a crash.

Error - 10/4/2010 2:25:44 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/21/2010 4:53:53 PM | Computer Name = MB-4026-03 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 77
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/26/2011 9:29:16 PM | Computer Name = MB-4026-03 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NEIGHBOR due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 10/26/2011 9:29:21 PM | Computer Name = MB-4026-03 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 10/26/2011 9:29:23 PM | Computer Name = MB-4026-03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2011 9:29:23 PM | Computer Name = MB-4026-03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2011 9:29:30 PM | Computer Name = MB-4026-03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2011 9:29:38 PM | Computer Name = MB-4026-03 | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 10/26/2011 9:29:38 PM | Computer Name = MB-4026-03 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 10/26/2011 9:30:33 PM | Computer Name = MB-4026-03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/26/2011 9:41:57 PM | Computer Name = MB-4026-03 | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service Symantec AntiVirus
with arguments " " in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}

Error - 10/26/2011 9:45:41 PM | Computer Name = MB-4026-03 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

< End of report >

broni · 2011/10/26

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===========================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 \\Eserver\users$\mcase\*.tmp files -> \\Eserver\users$\mcase\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

beaslie0503 · 2011/10/26

OTL
All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selected links to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert selection to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert to existing PDF\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\SET4E.tmp deleted successfully.
C:\WINDOWS\SET51.tmp deleted successfully.
C:\WINDOWS\SET5D.tmp deleted successfully.
C:\WINDOWS\SET98.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL0001.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL0540.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL1495.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL1686.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL1763.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL1816.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL2171.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL2901.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL2958.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL3280.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL3855 (mcase v1).tmp deleted successfully.
\\Eserver\users$\mcase\~WRL3855.tmp deleted successfully.
\\Eserver\users$\mcase\~WRL3896.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: aberry
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: DFRGMGR
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: jday
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: mcase
->Temp folder emptied: 15937287 bytes
->Temporary Internet Files folder emptied: 141601431 bytes
->Java cache emptied: 5882621 bytes
->Flash cache emptied: 27488 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: rchristian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 456 bytes

User: sgarcia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 630502 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 157.00 mb

[EMPTYFLASH]

User: aberry

User: Administrator

User: All Users

User: Default User

User: DFRGMGR

User: jday

User: LocalService

User: mcase
->Flash cache emptied: 0 bytes

User: NetworkService

User: rchristian
->Flash cache emptied: 0 bytes

User: sgarcia
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10262011_191639

Files\Folders moved on Reboot...
C:\Documents and Settings\mcase\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

beaslie0503 · 2011/10/26

security check log

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Java(TM) 6 Update 7
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

broni · 2011/10/26

Uninstall Java(TM) 6 Update 7

broni · 2011/10/29

Still with me?

Log in or Sign up

Inactive My mother got happy clicking syndrome

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive My mother got happy clicking syndrome

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

beaslie0503 Inactive Thread Starter

beaslie0503 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches