Pick up an unwanted hijacker[RESOLVED]

[roryawilson]

Here are the reports from the scans...

(MBAM, Rooter, LockSearch, CKScanner, RootRepeal, and OTL logs)

Thank you - Rory

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3 (Safe Mode)

11/29/2009 1:46:59 AM

mbam-log-2009-11-29 (01-46-52).txt

Scan type: Full Scan (C:\|)

Objects scanned: 197820

Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\Cache\D8AABD14d01 (Rogue.Installer) -> No action taken.

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP . (5.1.2600) Service Pack 3

[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel

.

[wscsvc] STOPPED (state:1) : Security Center -> Disabled !

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Enabled

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 3.5.5 (en-US)

.

C:\ [Fixed-NTFS] .. ( Total:225 Go - Free:199 Go )

D:\ [CD_Rom]

.

Scan : 10:59.31

Path : C:\Documents and Settings\Rory Wilson\My Documents\Downloads\Rooter.exe

User : Rory Wilson ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (744)

______ \??\C:\WINDOWS\system32\csrss.exe (800)

______ \??\C:\WINDOWS\system32\winlogon.exe (824)

______ C:\WINDOWS\system32\services.exe (868)

______ C:\WINDOWS\system32\lsass.exe (880)

______ C:\WINDOWS\system32\svchost.exe (1040)

______ C:\WINDOWS\system32\svchost.exe (1124)

______ C:\WINDOWS\system32\svchost.exe (1364)

______ C:\WINDOWS\system32\svchost.exe (1392)

______ C:\WINDOWS\Explorer.EXE (1180)

______ C:\Program Files\Mozilla Firefox\firefox.exe (1808)

______ C:\Documents and Settings\Rory Wilson\My Documents\Downloads\Rooter.exe (332)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:241987705344)

\Device\Harddisk0\Partition2 (Start_Offset:241987737600 | Length:8068999680)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\OGALogon.job

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 11:00.18

.

C:\Rooter$\Rooter_1.txt - (29/11/2009 | 11:00.18)

LockSearch by jpshortstuff (05.11.09.1)

Log created at 11:01 on 29/11/2009 (Rory Wilson)

Scanning C:\

C:\pagefile.sys

-------------------------

-=E.O.F=-

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr12\tiles\stone\cracks2m.cpt

c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\food\bread\cracker.cdr

c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\police\misc\crack.cdr

c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\spec_occ\misc\crack032.cdr

c:\documents and settings\rory wilson\my documents\graphics\clipart\cdr8\spec_occ\xmasmisc\nutcrack.cdr

c:\program files\corel\corel graphics 12\custom data\bumpmap\cracks.cpt

c:\program files\corel\corel graphics 12\custom data\canvas\cracks2c.pcx

c:\program files\corel\corel graphics 12\custom data\tiles\cracks2m.cpt

c:\program files\visual link spanish\level i complete cd\lib\imgs\crackers.swf

scanner sequence 3.ED.11

----- EOF -----

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/11/29 11:36

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_iaStor.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys

Address: 0xB9CAC000 Size: 843776 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xBA63B000 Size: 49152 File Visible: No Signed: -

Status: -

==EOF==

OTL logfile created on: 11/29/2009 11:48:52 AM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 79.46% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 225.37 Gb Total Space | 199.39 Gb Free Space | 88.47% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BEACONMKTG

Current User Name: Rory Wilson

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

MOD - [2009/05/24 21:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll

MOD - [2008/04/14 04:00:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (McSysmon)

SRV - File not found -- -- (McShield)

SRV - File not found -- -- (MBYPJH)

SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)

SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/05/22 15:53:58 | 00,154,624 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)

DRV - [2008/05/21 11:48:46 | 06,018,464 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2008/04/28 05:14:54 | 03,626,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2008/04/14 04:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2008/04/14 04:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\pciide.sys -- (PCIIde)

DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/04/09 17:01:16 | 04,703,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/03/20 11:32:24 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/03/06 11:51:14 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)

DRV - [2008/02/22 18:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2008/01/03 21:10:16 | 00,105,856 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/12/17 10:45:20 | 00,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/12/06 16:41:42 | 00,220,032 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/04/04 07:56:48 | 00,005,888 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2007/03/26 11:22:18 | 00,105,856 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)

DRV - [2007/02/22 14:10:30 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2007/02/19 11:15:32 | 00,134,016 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)

DRV - [2006/11/28 14:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/01/29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home"

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.123

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/20 14:56:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M]

[2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions

[2009/11/28 20:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions

[2009/11/11 22:55:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected]

[2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/19 14:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2009/11/19 14:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKCU..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a4fc31ea-cf1c-11de-9fde-001e653d3bb4}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O33 - MountPoints2\{a8732da1-d469-11de-9fe7-001e653d3bb4}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes

[2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/11/28 21:59:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\AVG8

[2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/11/28 21:20:39 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos

[2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/11/28 17:14:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj

[2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's

[2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado

[2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads

[2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs

[2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators

[2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys

[2009/11/20 14:56:29 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache

[2009/11/20 14:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons

[2009/11/20 10:13:12 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys

[2009/11/20 10:13:12 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files

[2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft

[2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Help

[2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Help

[2009/11/15 21:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Backups

[2009/11/13 15:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon

[2009/11/13 15:50:16 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch35.dll

[2009/11/13 15:50:15 | 00,415,504 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll

[2009/11/13 15:50:15 | 00,368,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL

[2009/11/13 15:50:15 | 00,294,912 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbse35.dll

[2009/11/13 15:50:15 | 00,044,304 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrpfs35.dll

[2009/11/13 15:50:15 | 00,039,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\JETCOMP.exe

[2009/11/13 15:50:14 | 01,238,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjt4jlt.dll

[2009/11/13 15:50:14 | 01,050,896 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll

[2009/11/13 15:50:14 | 00,262,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll

[2009/11/13 15:50:14 | 00,252,688 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl35.dll

[2009/11/13 15:50:14 | 00,250,128 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspdox35.dll

[2009/11/13 15:50:14 | 00,168,720 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus35.dll

[2009/11/13 15:50:14 | 00,166,672 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext35.dll

[2009/11/13 15:50:11 | 00,393,216 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRDO20.DLL

[2009/11/13 15:50:11 | 00,151,552 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdocurs.dll

[2009/11/13 15:50:11 | 00,123,664 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint35.dll

[2009/11/13 15:50:11 | 00,024,848 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter35.dll

[2009/11/13 15:49:51 | 00,000,000 | ---D | C] -- C:\Program Files\Nikon

[2009/11/13 15:49:21 | 00,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe

[2009/11/13 15:49:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2009/11/13 15:48:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime

[2009/11/13 15:48:46 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/11/13 15:48:09 | 00,163,840 | ---- | C] (ArcSoft Inc.) -- C:\WINDOWS\System32\PhotoImpression Screen Saver.scr

[2009/11/13 15:47:17 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\pcdlib32.dll

[2009/11/13 15:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft

[2009/11/13 15:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon

[2009/11/11 23:05:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AskToolbar

[2009/11/11 22:55:51 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2009/11/11 22:55:48 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2009/11/11 22:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc

[2009/11/11 22:03:36 | 00,040,448 | ---- | C] (Intuit) -- C:\WINDOWS\Icg32.dll

[2009/11/11 22:03:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Intuit

[2009/11/11 22:03:20 | 00,000,000 | ---D | C] -- C:\Program Files\Intuit

[2009/11/09 17:26:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2009/11/09 17:25:05 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009/11/08 13:48:11 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/11/08 13:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2009/11/08 13:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/11/08 13:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/11/06 18:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/11/06 15:37:25 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys

[2009/11/02 21:04:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Downloads

[2009/11/02 10:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Teaching Docs

[2009/11/01 19:15:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/10/30 21:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\skypePM

[2009/10/30 21:52:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Skype

[2009/10/30 21:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009/10/30 21:51:32 | 00,000,000 | R--D | C] -- C:\Program Files\Skype

[2009/10/30 21:51:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2009/10/30 15:21:51 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

[2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 30 Days ==========

[2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 11:34:04 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/29 11:30:40 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe

[2009/11/29 10:55:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/29 10:54:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/29 02:15:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini

[2009/11/29 02:15:32 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db

[2009/11/29 02:15:27 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst

[2009/11/29 01:22:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/29 01:21:04 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 21:38:03 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata

[2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/11/28 21:20:39 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/11/28 17:19:46 | 00,109,645 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx

[2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI

[2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver

[2009/11/25 08:31:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/11/20 20:29:14 | 00,622,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/20 20:29:14 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/20 20:29:14 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 14:56:29 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid

[2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/19 14:16:27 | 00,068,824 | ---- | M] () -- C:\WINDOWS\CouponPrinter.ocx

[2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb

[2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/13 15:50:21 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk

[2009/11/13 15:49:05 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\qttask.exe

[2009/11/13 15:49:02 | 00,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp

[2009/11/11 22:59:42 | 00,121,853 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\JRBC Funds Forms.pdf

[2009/11/11 22:43:24 | 00,025,053 | ---- | M] () -- C:\WINDOWS\unins000.dat

[2009/11/11 22:42:58 | 00,695,617 | ---- | M] () -- C:\WINDOWS\unins000.exe

[2009/11/11 22:13:35 | 00,000,028 | ---- | M] () -- C:\WINDOWS\ICOA.INI

[2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QFNONL.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QFN.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | M] () -- C:\WINDOWS\QDQICK.ini

[2009/11/11 22:03:37 | 00,000,064 | ---- | M] () -- C:\WINDOWS\QBWCD.INI

[2009/11/10 15:34:30 | 00,070,832 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Brink Blanket - Final Art.pdf

[2009/11/09 22:12:26 | 00,172,810 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Beacon - Forms.cdr

[2009/11/09 17:31:02 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/09 17:31:02 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/11/08 13:48:02 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/11/08 13:48:02 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/11/08 13:46:26 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/11/04 09:41:08 | 00,086,773 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Window Stickers - Final.pdf

[2009/11/03 18:16:49 | 00,000,124 | ---- | M] () -- C:\WINDOWS\iPlayer.INI

[2009/10/30 21:55:24 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Files Created - No Company Name ==========

[2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 11:30:40 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe

[2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/28 21:38:03 | 00,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata

[2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/13 15:50:21 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk

[2009/11/13 15:50:15 | 00,170,865 | R--- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp

[2009/11/13 15:50:15 | 00,006,902 | R--- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt

[2009/11/13 15:50:12 | 00,037,062 | R--- | C] () -- C:\WINDOWS\System32\odbcinst.hlp

[2009/11/13 15:50:12 | 00,000,324 | R--- | C] () -- C:\WINDOWS\System32\odbcinst.cnt

[2009/11/13 15:49:05 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe

[2009/11/13 15:49:00 | 00,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp

[2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini

[2009/11/11 22:55:53 | 00,000,246 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/11/11 22:43:23 | 00,695,617 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2009/11/11 22:43:23 | 00,025,053 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2009/11/11 22:03:36 | 00,005,776 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat

[2009/11/10 15:34:29 | 00,070,832 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Brink Blanket - Final Art.pdf

[2009/11/09 20:21:03 | 00,068,824 | ---- | C] () -- C:\WINDOWS\CouponPrinter.ocx

[2009/11/09 15:16:36 | 00,172,810 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Beacon - Forms.cdr

[2009/11/08 13:46:26 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2009/11/06 15:37:25 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD

[2009/11/04 09:41:06 | 00,086,773 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Window Stickers - Final.pdf

[2009/11/04 07:58:49 | 00,271,360 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst

[2009/10/30 21:55:24 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI

[2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR

[2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log

[2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat

[2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys

[2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys

[2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll

[2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll

[2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/09/11 12:32:41 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >

[2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\atapi.sys

[2008/04/14 04:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 04:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2008/04/15 16:54:16 | 00,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008/04/15 01:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys

[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys

[2008/04/15 16:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys

[2008/04/15 01:53:44 | 00,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/14 04:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-11-25 16:31:26

< End of report >

OTL Extras logfile created on: 11/29/2009 11:48:52 AM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 79.46% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 225.37 Gb Total Space | 199.39 Gb Free Space | 88.47% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BEACONMKTG

Current User Name: Rory Wilson

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)

"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer

"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10.0.3

"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility

"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader

"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration

"{FB3171AA-E420-45ED-BE0B-A6763B9DE305}" = Visual Link Spanish Level 1 v.4

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"ArcSoft Software Suite" = ArcSoft Software Suite

"Belarc Advisor" = Belarc Advisor 8.1

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ERUNT_is1" = ERUNT 1.1j

"Foxit PDF Editor" = Foxit PDF Editor

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool

"InterActual Player" = InterActual Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Picasa2" = Picasa 2

"PROHYBRIDR" = 2007 Microsoft Office system

"ProInst" = Intel PROSet Wireless

"PROR" = Microsoft Office Professional 2007

"QuickBooks" = QuickBooks

"QuickTime" = QuickTime

"SpywareBlaster_is1" = SpywareBlaster 4.2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/28/2009 7:39:36 PM | Computer Name = BEACONMKTG | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x80040206.

Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 7040

Description = The search service has detected corrupted data files in the index.

The service will attempt to automatically correct this problem by rebuilding the

index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)

Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3029

Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:

Windows Application, SystemIndex Catalog Details: The content index cannot be read.

(0xc0041800)

Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3028

Description = The gatherer object cannot be initialized. Context: Windows Application,

SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 11/28/2009 9:51:51 PM | Computer Name = BEACONMKTG | Source = Windows Search Service | ID = 3058

Description = The application cannot be initialized. Context: Windows Application

Details:

The

content index cannot be read. (0xc0041800)

Error - 11/29/2009 12:18:04 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Rory Wilson\Local Settings\Temporary

Internet Files\Content.IE5\3SRVWYET\mvt_en-us[1].msi is not permitted due to an

error in software restriction policy processing. The object cannot be trusted.

Error - 11/29/2009 12:18:29 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My

Downloads\mvt_en-us.msi is not permitted due to an error in software restriction

policy processing. The object cannot be trusted.

Error - 11/29/2009 12:18:55 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My

Downloads\mvt_en-us.msi is not permitted due to an error in software restriction

policy processing. The object cannot be trusted.

Error - 11/29/2009 12:18:59 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My

Downloads\mvt_en-us.msi is not permitted due to an error in software restriction

policy processing. The object cannot be trusted.

Error - 11/29/2009 12:30:58 AM | Computer Name = BEACONMKTG | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Documents and Settings\Rory Wilson\My Documents\My

Downloads\mvt_en-us.msi is not permitted due to an error in software restriction

policy processing. The object cannot be trusted.

[ System Events ]

Error - 11/29/2009 12:31:34 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNASvc with

arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 11/29/2009 12:32:22 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McShield with

arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 11/29/2009 12:32:22 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service McNASvc with

arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 11/29/2009 12:34:49 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/29/2009 12:59:47 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/29/2009 1:19:19 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1058" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/29/2009 1:27:44 AM | Computer Name = BEACONMKTG | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

atapi PCIIde

Error - 11/29/2009 1:35:25 AM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/29/2009 2:55:33 PM | Computer Name = BEACONMKTG | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/29/2009 2:56:03 PM | Computer Name = BEACONMKTG | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

atapi BANTExt Fips intelppm mfehidk PCIIde

< End of report >

[Rorschach112]

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - File not found -- -- (McSysmon)
  SRV - File not found -- -- (McShield)
  SRV - File not found -- -- (MBYPJH)
  [2009/11/19 14:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
  [2009/11/19 14:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
  O4 - HKLM..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()
  O4 - HKCU..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()
  O33 - MountPoints2\{a4fc31ea-cf1c-11de-9fde-001e653d3bb4}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
  O33 - MountPoints2\{a8732da1-d469-11de-9fe7-001e653d3bb4}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)
  [2009/11/20 14:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
  [2009/11/28 21:38:03 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
  [2009/11/20 14:56:29 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
  [2009/11/19 14:16:27 | 00,068,824 | ---- | M] () -- C:\WINDOWS\CouponPrinter.ocx
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[roryawilson]

Here is the info from the new OTL scan...(BTW - Thank you very much for helping me!)

OTL logfile created on: 11/29/2009 4:36:37 PM - Run 2

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 57.73% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 225.37 Gb Total Space | 197.46 Gb Free Space | 87.62% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BEACONMKTG

Current User Name: Rory Wilson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/29 16:22:39 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe

PRC - [2009/11/29 16:22:34 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/11/29 16:22:29 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2009/11/29 16:22:29 | 00,744,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe

PRC - [2009/11/29 16:22:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/11/29 16:22:29 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2009/11/29 16:22:28 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/07/29 14:52:10 | 01,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe

PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/08/30 10:12:40 | 00,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

PRC - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

PRC - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/04/30 18:27:12 | 01,347,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2008/04/30 18:11:20 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

PRC - [2008/04/07 15:40:04 | 16,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE

PRC - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/12/06 16:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe

PRC - [2007/10/08 12:02:46 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe

PRC - [2007/10/08 12:02:46 | 00,032,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2007/04/13 17:16:16 | 00,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

PRC - [2007/04/09 17:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe

PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2006/03/16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2002/12/04 10:52:48 | 00,237,568 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe

========== Modules (SafeList) ==========

MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (McShield)

SRV - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)

SRV - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)

SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701

FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/29 16:22:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/29 16:22:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 16:12:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M]

[2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions

[2009/11/29 16:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions

[2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/29 16:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AVG Security Toolbar

[2009/11/29 16:23:09 | 00,000,000 | -H-D | C] -- C:\$AVG

[2009/11/29 16:22:58 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/29 16:22:58 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/29 16:22:53 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/29 16:22:52 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/29 16:22:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/11/29 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/29 16:22:32 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2009/11/29 16:22:29 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/11/29 16:22:23 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2009/11/29 16:22:23 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2009/11/29 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/11/29 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/11/29 16:12:19 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes

[2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos

[2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's

[2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado

[2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads

[2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs

[2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators

[2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys

[2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache

[2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files

[2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft

[2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\Help

[2009/11/15 22:14:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Help

[2009/11/15 21:41:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\My Backups

[2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

========== Files - Modified Within 14 Days ==========

[2009/11/29 16:27:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/29 16:26:17 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/29 16:26:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/29 16:26:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/29 16:25:58 | 20,090,63424 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/29 16:25:00 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/29 16:25:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini

[2009/11/29 16:24:41 | 04,314,152 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db

[2009/11/29 16:22:58 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/29 16:22:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/29 16:22:58 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/11/29 16:22:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/29 16:22:52 | 45,908,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/29 16:22:52 | 00,544,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2009/11/29 16:22:52 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/29 16:22:52 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/29 16:22:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/29 16:22:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/29 16:22:48 | 00,106,123 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/29 16:22:32 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2009/11/29 16:22:29 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/11/29 16:22:23 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2009/11/29 16:22:23 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 11:30:40 | 00,441,856 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe

[2009/11/29 02:15:27 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst

[2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/11/28 17:19:46 | 00,109,645 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx

[2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI

[2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver

[2009/11/25 08:31:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/11/20 20:29:14 | 00,622,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/20 20:29:14 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/20 20:29:14 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb

[2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files Created - No Company Name ==========

[2009/11/29 16:22:58 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/11/29 16:22:52 | 00,544,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2009/11/29 16:22:52 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/29 16:22:48 | 45,908,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/29 16:22:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/29 16:22:48 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/29 16:22:48 | 00,106,123 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/29 16:13:08 | 20,090,63424 | -HS- | C] () -- C:\hiberfil.sys

[2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 11:30:40 | 00,441,856 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\CKScanner.exe

[2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini

[2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI

[2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR

[2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log

[2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat

[2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys

[2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys

[2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll

[2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll

[2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008/09/11 12:32:41 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/11/29 16:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/29 16:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/11/28 21:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/22 19:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado

[2009/10/21 17:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\InterVideo

[2009/11/13 15:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon

[2009/10/21 15:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\pdfforge

[2009/10/21 14:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Search Settings

[2009/10/24 21:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\toshiba

[2008/09/11 13:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\WinBatch

[2009/10/21 12:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Desktop Search

[2009/10/25 14:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Search

[2009/11/29 16:26:17 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2009/11/28 18:01:00 | 00,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - File not found -- -- (McSysmon)
  SRV - File not found -- -- (McShield)
  SRV - File not found -- -- (MBYPJH)
  [2009/11/19 14:16:28 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
  [2009/11/19 14:16:29 | 00,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
  O4 - HKLM..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()
  O4 - HKCU..\Run: [smjxdgpv] C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj\lhojsysguard.exe ()
  O33 - MountPoints2\{a4fc31ea-cf1c-11de-9fde-001e653d3bb4}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
  O33 - MountPoints2\{a8732da1-d469-11de-9fe7-001e653d3bb4}\Shell\play\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)
  [2009/11/20 14:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
  [2009/11/28 21:38:03 | 00,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
  [2009/11/20 14:56:29 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
  [2009/11/19 14:16:27 | 00,068,824 | ---- | M] () -- C:\WINDOWS\CouponPrinter.ocx
  
  :Services
  
  :Reg
  
  :Files
  C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\jsfofj
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[roryawilson]

Hello...I've noticed that IE will not open http:// websites, but https:// will open. Mozilla is not causing a challenge. IE has all my links and I would like to get it back working also. Any suggestions?

[Rorschach112]

we will fix that later, follow my steps in the meantime

[roryawilson]

I ran the second OTL and posted it (see #3 above) yesterday...is there something else you need me to run?

[Rorschach112]

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[roryawilson]

OTL logfile created on: 11/30/2009 4:02:52 PM - Run 3

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Rory Wilson\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 45.99% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free

Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 225.37 Gb Total Space | 196.31 Gb Free Space | 87.11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BEACONMKTG

Current User Name: Rory Wilson

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/29 16:22:39 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/29 16:22:37 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe

PRC - [2009/11/29 16:22:34 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2009/11/29 16:22:29 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2009/11/29 16:22:29 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2009/11/29 16:22:29 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2009/11/29 16:22:28 | 00,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

PRC - [2009/11/11 22:13:49 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/10/02 22:34:42 | 00,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

PRC - [2009/08/17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

PRC - [2009/07/29 14:52:10 | 01,024,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe

PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/08/30 10:12:40 | 00,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe

PRC - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

PRC - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/04/30 18:27:12 | 01,347,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2008/04/30 18:11:20 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

PRC - [2008/04/07 15:40:04 | 16,860,672 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE

PRC - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/12/06 16:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe

PRC - [2007/10/08 12:02:46 | 00,262,144 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe

PRC - [2007/10/08 12:02:46 | 00,032,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe

PRC - [2007/04/13 17:16:16 | 00,311,296 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

PRC - [2007/04/09 17:07:02 | 00,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe

PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2002/12/04 10:52:48 | 00,237,568 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe

========== Modules (SafeList) ==========

MOD - [2009/11/29 11:37:33 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (McShield)

SRV - [2009/11/29 16:22:34 | 02,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)

SRV - [2009/11/29 16:22:29 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/11/29 16:22:28 | 05,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2009/10/21 09:43:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/05/21 13:07:00 | 00,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)

SRV - [2008/04/30 18:41:12 | 00,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/04/30 18:20:38 | 00,901,120 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2008/04/30 18:10:10 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/04/14 15:43:38 | 00,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)

SRV - [2008/03/03 17:30:34 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)

SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)

SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seattle.craigslist.org/search/cto?query=&catAbbreviation=cta&minAsk=1500&maxAsk=3200

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=home"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701

FF - prefs.js..extensions.enabledItems: avg@igeared:2.710.016.005

FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0

FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/29 16:22:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/11/29 16:22:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 14:56:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/29 16:12:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Omnis Firefox\extensions\\Plugins: C:\webclient [2009/10/25 20:47:35 | 00,000,000 | ---D | M]

[2009/10/21 15:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Extensions

[2009/11/29 22:36:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions

[2009/11/29 22:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected]

[2009/11/29 22:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Mozilla\Firefox\Profiles\idih7k4l.default\extensions\[email protected]

[2009/10/21 15:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QBCD Autorun] D:\autorun.exe File not found

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256151440640 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/11 12:34:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/30 11:49:23 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe

[2009/11/30 05:54:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009/11/29 21:15:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/11/29 16:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\AVG Security Toolbar

[2009/11/29 16:23:09 | 00,000,000 | -H-D | C] -- C:\$AVG

[2009/11/29 16:22:58 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/29 16:22:58 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/29 16:22:53 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/29 16:22:52 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/29 16:22:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/11/29 16:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/29 16:22:32 | 00,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2009/11/29 16:22:29 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/11/29 16:22:23 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2009/11/29 16:22:23 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2009/11/29 16:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\AVG

[2009/11/29 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/11/29 16:12:19 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/11/29 11:00:18 | 00,000,000 | ---D | C] -- C:\Rooter$

[2009/11/29 01:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\Malwarebytes

[2009/11/29 01:11:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/29 01:11:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/29 01:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/11/29 01:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/11/29 00:44:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/11/29 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/11/28 21:50:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/11/28 21:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009/11/28 21:17:24 | 00,000,000 | ---D | C] -- C:\SDFix

[2009/11/28 21:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/28 21:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster

[2009/11/28 20:49:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos

[2009/11/28 18:45:03 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/11/23 20:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Mello Aire's

[2009/11/22 19:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado

[2009/11/22 19:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\Downloads

[2009/11/22 09:47:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\My Documents\LWSD Pay Stubs

[2009/11/20 20:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\Glenwood Gators

[2009/11/20 18:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Desktop\JHS Swim - Boys

[2009/11/20 14:56:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache

[2009/11/17 23:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\WMTools Downloaded Files

[2009/11/17 23:07:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector

[2009/11/17 23:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/11/17 23:06:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/11/17 23:06:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/11/17 22:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/11/17 22:59:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/11/17 22:38:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rory Wilson\Application Data\ArcSoft

[2008/09/11 13:10:15 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll

[1 C:\Documents and Settings\Rory Wilson\My Documents\*.tmp files -> C:\Documents and Settings\Rory Wilson\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/30 16:02:24 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Auto Archive - Outlook.pst

[2009/11/30 16:01:30 | 45,961,902 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/30 16:01:16 | 00,106,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/30 15:57:21 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/30 15:56:23 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/30 15:56:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/30 15:56:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/30 15:55:58 | 20,090,63424 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/30 13:25:00 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/30 13:25:00 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Rory Wilson\ntuser.ini

[2009/11/30 13:24:32 | 00,109,477 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\My Documents\Beacon Promo's Work Orders.xlsx

[2009/11/30 11:49:37 | 00,622,730 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/11/30 11:49:37 | 00,513,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/11/30 11:49:37 | 00,097,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/11/30 11:36:24 | 00,005,382 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos PO#KFD.pdf

[2009/11/30 11:34:12 | 00,789,279 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos ART Layout for PO#KFD.pdf

[2009/11/30 11:29:02 | 01,003,779 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\Kirkland Fire.JPG

[2009/11/29 22:44:18 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/11/29 21:44:15 | 04,845,040 | -H-- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\IconCache.db

[2009/11/29 20:41:21 | 00,000,467 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2009/11/29 16:22:58 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/29 16:22:58 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/29 16:22:58 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/11/29 16:22:53 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/29 16:22:52 | 00,544,112 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2009/11/29 16:22:52 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/29 16:22:52 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/29 16:22:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/29 16:22:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/29 16:22:32 | 00,025,608 | ---- | M] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys

[2009/11/29 16:22:29 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/11/29 16:22:23 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll

[2009/11/29 16:22:23 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys

[2009/11/29 11:35:25 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 01:10:08 | 00,006,294 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/29 00:44:45 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 21:22:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009/11/28 16:42:29 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/27 20:00:12 | 00,000,067 | ---- | M] () -- C:\WINDOWS\swupdate.INI

[2009/11/27 11:58:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver

[2009/11/20 16:53:16 | 00,205,427 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 13:04:14 | 00,059,517 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/18 15:21:54 | 00,112,515 | ---- | M] () -- C:\WINDOWS\FontData.fdb

[2009/11/17 22:38:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:07:53 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/17 10:55:30 | 00,216,416 | ---- | M] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/11/17 10:53:16 | 00,661,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/17 10:52:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[1 C:\Documents and Settings\Rory Wilson\My Documents\*.tmp files -> C:\Documents and Settings\Rory Wilson\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/30 11:49:25 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce

[2009/11/30 11:49:25 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2009/11/30 11:49:25 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2009/11/30 11:49:25 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2009/11/30 11:49:25 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2009/11/30 11:49:25 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2009/11/30 11:49:25 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2009/11/30 11:49:25 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2009/11/30 11:49:25 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2009/11/30 11:49:25 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce

[2009/11/30 11:49:25 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2009/11/30 11:49:25 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2009/11/30 11:49:25 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2009/11/30 11:49:24 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce

[2009/11/30 11:49:24 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce

[2009/11/30 11:49:24 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce

[2009/11/30 11:49:24 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce

[2009/11/30 11:49:24 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce

[2009/11/30 11:49:24 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce

[2009/11/30 11:36:24 | 00,005,382 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos PO#KFD.pdf

[2009/11/30 11:34:10 | 00,789,279 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos ART Layout for PO#KFD.pdf

[2009/11/30 11:31:06 | 01,003,779 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\Kirkland Fire.JPG

[2009/11/29 16:22:58 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk

[2009/11/29 16:22:52 | 00,544,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm

[2009/11/29 16:22:52 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/29 16:22:48 | 45,961,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/29 16:22:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/29 16:22:48 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/29 16:22:48 | 00,106,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/29 16:13:08 | 20,090,63424 | -HS- | C] () -- C:\hiberfil.sys

[2009/11/29 11:34:08 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\settings.dat

[2009/11/29 00:44:45 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/11/28 23:01:28 | 00,006,294 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/11/28 17:23:19 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\ntuser.dat

[2009/11/20 16:53:15 | 00,205,427 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - Drumline Options.pdf

[2009/11/20 13:04:00 | 00,059,517 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\RMA - New Conversation.pdf

[2009/11/17 22:44:28 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/17 22:38:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2009/11/17 22:38:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2009/11/17 17:03:04 | 00,005,471 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Desktop\BeaconPromos - RA#27967207.pdf

[2009/11/13 15:47:17 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini

[2009/11/11 22:32:28 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys

[2009/11/11 22:13:35 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFNONL.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini

[2009/11/11 22:13:27 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini

[2009/11/11 22:03:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI

[2009/11/06 15:37:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2009/10/28 11:12:20 | 00,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI

[2009/10/26 08:04:11 | 00,038,443 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Application Data\Comma Separated Values (Windows).ADR

[2009/10/25 16:00:31 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\FASTWiz.log

[2009/10/23 20:36:54 | 00,000,124 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/10/21 12:45:51 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/21 12:34:24 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009/10/21 10:26:41 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Rory Wilson\Local Settings\Application Data\fusioncache.dat

[2009/10/21 09:32:21 | 00,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys

[2009/10/21 09:32:20 | 00,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys

[2009/06/23 08:24:06 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/06/23 07:41:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2009/06/23 07:41:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2009/06/23 07:41:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2009/06/23 07:41:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2009/06/23 07:41:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2009/06/23 07:28:36 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2009/06/23 07:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2009/06/23 07:28:36 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2009/06/23 07:28:36 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2009/06/23 07:27:34 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll

[2008/09/11 13:44:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2008/09/11 13:10:15 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll

[2008/09/11 13:06:42 | 06,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll

[2008/09/11 12:45:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/11/29 16:27:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2009/11/29 16:22:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/11/28 21:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/22 19:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\.BitTornado

[2009/10/21 17:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\InterVideo

[2009/11/13 15:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Nikon

[2009/10/21 15:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\pdfforge

[2009/10/21 14:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Search Settings

[2009/10/24 21:35:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\toshiba

[2008/09/11 13:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\WinBatch

[2009/10/21 12:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Desktop Search

[2009/10/25 14:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rory Wilson\Application Data\Windows Search

[2009/11/30 15:56:23 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

[Rorschach112]

hi

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[roryawilson]

Sorry for the delay...I never got an email notification and I thought you were taking longer in getting back to me. I ran the tests and nothing was found. Here are the results

My Outlook and IE are having challenges.

Thanks,

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, December 3, 2009

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, December 03, 2009 06:21:37

Records in database: 3325388

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

C:\

D:\

Scan statistics

Objects scanned 103211

Threats found 0

Infected objects found 0

Suspicious objects found 0

Scan duration 01:19:29

No threats found. Scanned area is clean.

Selected area has been scanned.

[Rorschach112]

Your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :

http://www.adobe.com/products/acrobat/readstep2.html

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
• Make Internet Explorer more secure
  
  • Click Start > Run
    
  • Type Inetcpl.cpl & click OK
    
  • Click on the Security tab
    
  • Click Reset all zones to default level
    
  • Make sure the Internet Zone is selected & Click Custom level
    
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
    

  [*]TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

  Here

  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

  • NoScript - for blocking ads and other potential website attacks
    
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    

  [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  [*]FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  [*] Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  [*]Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

[roryawilson]

I believe that I have run every program with the exception of the Recovery Console. I do not have a XP set-up disk. I purchased my Toshiba L300 laptop from Newegg.com and the disks that I have say "Recovery Media - Windows Vista business 32-bit SP 1." This is different than the Recovery Console says to insert in my computer. I wasn't sure if I should attempt to do something beyond my comfort level.

As a side note...None of my Microsoft products are working properly. IE will not navigate to http web sites, but will navigate to https (secure) websites. Outlook will not allow me to view graphic attachments. Windows Media Player does not function.

I have been using Firefox as my primary web browser, but I have two websites that do not work well in Firefox. So I really need IE.

I've looked at Thunderbird for emails, but Outlook suits my purposes much better. Maybe with some added time I can investigate the add-ons for TB and make it work, but for now I am dependent on Outlook.

I installed Real player, but it seems to work through IE, which isn't working at the moment.

I've tried to install updates, but this doesn't work. Can you give me some suggestions on how to get IE, Outlook, and WinMedia Player back up and working?

Thank you for all you help. I think I've gotten most of my sanity back

Rory

[Rorschach112]

try this

Please download OTM

• Save it to your desktop.
  
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  
  :Processes
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  [resethosts]
  

  
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM and reboot your PC.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[roryawilson]

All processes killed

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Rory Wilson

->Temp folder emptied: 941705 bytes

->Temporary Internet Files folder emptied: 846465 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 65287979 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 253584 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.27 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTM by OldTimer - Version 3.1.2.1 log created on 12042009_221904

Files moved on Reboot...

File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_bf4.dat not found!

Registry entries deleted on Reboot...

[Rorschach112]

that fix your internet explorer ?

if not do this

1. Download IEFix, unzip it to your Desktop, and run it.

2. Click the Apply button.

3. You'll be prompted for the Operating System CD or the Service Pack Files location:

• If you're using Windows XP, insert the Operating System CD. For OEM systems, point to the Operating System source path when prompted. If you've applied a Service Pack separately, you need to insert the Slipstreamed Operating System CD (if you have one) or point the installer to the ServicePack source path when prompted (see the image below). Mention the path as "C:\Windows\ServicePackFiles\i386" or "C:\Windows\ServicePackFiles"
  
• If you don't have the Windows installation CD, and if the installation source files are not present in the hard disk, you may click Cancel when you see a dialog similar to the image below. IEFix will continue with DLL registration part.
  
  
• Restart Windows.

[roryawilson]

Tried it and IE still not working. I am in the process of deleting IE from my computer. I'll update you later.

[roryawilson]

Here's a diagnostic from Microsoft on my challenge...

----------------------

Last diagnostic run time: 12/06/09 11:21:30 HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

info HTTPS: Successfully connected to www.microsoft.com.

info FTP (Passive): Successfully connected to ftp.microsoft.com.

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established

error Could not make an HTTP connection.

info Redirecting user to support call

DNS Client Diagnostic

DNS - Not a home user scenario

info Using Web Proxy: yes

No DNS servers

DNS failure

Gateway Diagnostic

Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server:http=127.0.0.1:5555 Proxy Bypass list:<local>

info This computer has the following default gateway entry(ies): 192.168.1.1

info This computer has the following IP address(es): 192.168.1.103

info The default gateway is in the same subnet as this computer

info The default gateway entry is a valid unicast address

info The default gateway address was resolved via ARP in 1 try(ies)

info The default gateway was reached via ICMP Ping in 1 try(ies)

info Skipped gateway connectivity check because of IE proxy configuration

IP Layer Diagnostic

Corrupted IP routing table

info The default route is valid

info The loopback route is valid

info The local host route is valid

info The local subnet route is valid

Invalid ARP cache entries

action The ARP cache has been flushed

IP Configuration Diagnostic

Invalid IP address

info Valid IP address detected: 192.168.1.103

Wireless Diagnostic

Wireless - Service disabled

Wireless - User SSID

action User input required: Specify network name or SSID

Wireless - First time setup

info The Wireless Network name (SSID) to which the user would like to connect = Wilson5.

Wireless - Radio off

info Valid IP address detected: 192.168.1.103

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR

WinSock Diagnostic

WinSock status

info All base service provider entries are present in the Winsock catalog.

info The Winsock Service provider chains are valid.

info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.

info Provider entry MSAFD Tcpip [uDP/IP] passed the loopback communication test.

info Provider entry RSVP UDP Service Provider passed the loopback communication test.

info Provider entry RSVP TCP Service Provider passed the loopback communication test.

info Provider entry MSAFD Tcpip [TCP/IPv6] passed the loopback communication test.

info Provider entry MSAFD Tcpip [uDP/IPv6] passed the loopback communication test.

info Connectivity is valid for all Winsock service providers.

Network Adapter Diagnostic

Network location detection

info Using home Internet connection

Network adapter identification

info Network connection: Name=Local Area Connection, Device=Realtek RTL8102E Family PCI-E Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN

info Network connection: Name=Wireless Network Connection, Device=Intel® Wireless WiFi Link 5100, MediaType=LAN, SubMediaType=WIRELESS

info Both Ethernet and Wireless connections available, prompting user for selection

action User input required: Select network connection

info Wireless connection selected

Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity

info FTP (Passive): Successfully connected to ftp.microsoft.com.

info HTTPS: Successfully connected to www.microsoft.com.

warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established

warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established

error Could not make an HTTP connection.

----------------------

Here is the "FIX" - I tried to locate these settings, but was unable to.

Windows cannot connect to the Internet using HTTP, HTTPS, or FTP. This is probably caused by firewall settings on this computer.

Check the firewall settings for the HTTP port (80), HTTPS port (443) and FTP port (21).

You might need to contact your Internet service provider (ISP) or the manufacturer of your firewall software.

----------------------

Can you help?

Edited December 6, 2009 by roryawilson

[Rorschach112]

I am not sure how to fix this

You would be better off posting in the Windows XP forum about this

[roryawilson]

OK...so I guess that ends our session.

Thank you for all your help.

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.