Free Malware Removal Forum

[hamiltonjoe1950]

I am reposting this as I didn't realize my entire hijackthis log wasn't there. I am also reposting my uninstall list.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:21 PM, on 8/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1168475224\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WORDsearch 7\ZipScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Tom\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168475224\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [ZipScript] C:\Program Files\WORDsearch 7\ZipScript.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Tom\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tom\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related ... oader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/defaul ... uncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
--
End of file - 13877 bytes

Uninstall list:

Ad-aware 5.83
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.3
Adobe SVG Viewer 3.0
Compatibility Pack for the 2007 Office system
Dell Digital Jukebox Driver
Dell DJ Explorer
Garmin City Navigator North America NT 2010.20
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin USB Drivers
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java(TM) 6 Update 7
LESSONmaker 8 Basic Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MLB.TV NexDef Plug-in
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
OGA Notifier 2.0.0048.0
Personal Ancestral File 5
QuickCam Drivers
Rand McNally TripMaker Deluxe 2000
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sony Image Data Suite
Sony Picture Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)

[deltalima]

Hi hamiltonjoe1950,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:

• I will be working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

I notice that you are using Lotus Notes, is this computer used for business?

I don't see symantic antivirus in the list of installed programs. Does symantic antivirus appear to be installed on the computer, does an icon appear in the tooltray or has it been on the computer and been partially uninstalled?

Please let me know at what stage the error message appears.

[hamiltonjoe1950]

Lotus Notes had been on this computer but it was deleted. However, I don't believe it was "uninstalled" but reather the program files deleted. The computer is used strickly for personal purposes.

While the Symantec Antivirus icon does not appear in my system tray it is installed on the computer.

If I do a right click on a file to open or delete the error message appears and I must cancel it from 1 to 3 times before it will disappear. As well, it will typically appear if I attempt a cut and paste operation.

[deltalima]

Hi hamiltonjoe1950,

Lotus Notes had been on this computer but it was deleted. However, I don't believe it was "uninstalled" but reather the program files deleted.

There are still parts of Lotus Notes installed and running on the computer, we can remove these later if you wish, please let me know.

If I do a right click on a file to open or delete the error message appears and I must cancel it from 1 to 3 times before it will disappear.

Do you have disks and license key to reinstall symantic antivirus ?

What version of symantic antivirus is installed?

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

reboot the computer.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

[hamiltonjoe1950]

Thank you for getting back to me. The following is the information that I can share:

1. At some point I would like to remove any Lotus Notes files that may exist that are not needed since I do not use Lotus Notes on this computer.

2. I do not have the disks or license key for Symantec. This was a company computer and they left it on here but I wanted to remove it as I did not want to have to renew the license.

3. It says that it is version 4. When I check on the version throught the "about" in the program it states 2005, 10.0.0.359

The following are the OTL.txt and Extras.tst files:

OTL logfile created on: 9/1/2010 6:05:26 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.06 Gb Total Space | 20.49 Gb Free Space | 40.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C0B1CD7D
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Tom\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
PRC - C:\Program Files\Common Files\aol\1168475224\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WORDsearch 7\ZipScript.exe (WORDsearch Corp.)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe ()
PRC - C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe ()
PRC - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
PRC - C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
PRC - C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe ()
PRC - C:\WINDOWS\system32\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\PROCHLP.DLL (Lenovo Group Limited)


========== Win32 Services (SafeList) ==========

SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TVT Scheduler) -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
SRV - (TSSCoreService) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe ()
SRV - (UCLauncherService) -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe ()
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20070417.001\symidsco.sys File not found
DRV - (96d997c2) -- C:\WINDOWS\System32\drivers\96d997c2.sys File not found
DRV - (EGATHDRV) -- C:\WINDOWS\system32\EGATHDRV.SYS (IBM Corporation)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100402.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100402.004\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo)
DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (smi2) -- C:\Program Files\SMI2\smi2.sys (IBM Corp.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\hsx_dpv.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\hsxhwazl.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys (Conexant Systems, Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Shockprf) -- C:\WINDOWS\System32\drivers\shockprf.sys (Lenovo)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (PrivateDisk) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited)
DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (ShockMgr) -- C:\WINDOWS\System32\drivers\ShockMgr.sys (Lenovo.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (CA561) -- C:\WINDOWS\system32\drivers\SPCA561.SYS (SP)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Jukebox) -- C:\WINDOWS\system32\drivers\ctpdusb2.sys (Creative Technology Ltd.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (nuvaud2) -- C:\WINDOWS\system32\drivers\nuvaud2.sys (Nogatech Ltd.)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


[2009/01/10 00:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions
[2009/01/10 00:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2008/02/17 15:57:04 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
O3 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe File not found
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1168475224\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe ()
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe File not found
O4 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found
O4 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005..\Run: [ZipScript] C:\Program Files\WORDsearch 7\ZipScript.exe (WORDsearch Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Tom\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tom\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related ... oader5.cab (Image Uploader Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/defaul ... uncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 42-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/08 17:44:19 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cb3e92e2-b4a6-11dc-9987-00038a000015}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{f9deb221-9f6b-11db-9752-001302ad7b90}\Shell\AutoRun\command - "" = D:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/01 18:03:52 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/08/28 23:28:41 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/27 20:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/21 16:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\_Constitution Island - 8-21-10
[2010/08/20 21:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\____to be added to portable drive
[2010/08/15 20:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\____________11-08 to 1-28-09
[2010/08/15 17:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom\My Documents\Civil War Photos
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/01 18:03:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom\Desktop\OTL.exe
[2010/09/01 17:40:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/01 17:39:37 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/09/01 17:39:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 17:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 17:39:21 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 17:37:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tom\ntuser.ini
[2010/09/01 17:37:09 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Tom\NTUSER.DAT
[2010/08/31 22:15:21 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E6B2417-1B4F-458B-87BF-42A7F315149A}.job
[2010/08/31 20:14:42 | 000,001,285 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Facebook.url
[2010/08/31 20:02:10 | 000,000,409 | ---- | M] () -- C:\WINDOWS\Trpmaker.INI
[2010/08/31 19:21:44 | 000,068,106 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\New York Civil War Reenactors Forum Index.url
[2010/08/31 19:21:26 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\6th ohio.url
[2010/08/30 23:01:47 | 000,032,928 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\The Common Ground.url
[2010/08/29 12:53:09 | 000,052,148 | ---- | M] () -- C:\VETlog.dmp
[2010/08/29 12:52:31 | 000,000,593 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/29 12:45:01 | 000,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010/08/28 23:27:30 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\RSIT.exe
[2010/08/28 23:23:00 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/08/27 20:46:43 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HiJackThis.lnk
[2010/08/27 18:31:33 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\The Civil War Reenactors Home Page.url
[2010/08/26 18:47:27 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/19 19:29:57 | 000,000,504 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2010/08/17 20:17:05 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\Doug riley - family info.doc
[2010/08/16 19:49:33 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/12 21:27:13 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\FamilySearch Record Search.url
[2010/08/11 23:03:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 22:57:29 | 000,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 22:57:29 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 22:57:29 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 20:29:51 | 000,000,486 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\http--fsbeta.familysearch.org-s-search-index-tree-search.url
[2010/08/09 18:43:38 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\_Bank Reconcilliation 08-4-10 reconciled 8-9-10.xls
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/28 23:27:26 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\RSIT.exe
[2010/08/27 20:46:43 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\HiJackThis.lnk
[2010/08/25 19:03:43 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/17 20:17:05 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\Doug riley - family info.doc
[2010/08/11 20:29:51 | 000,000,486 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\http--fsbeta.familysearch.org-s-search-index-tree-search.url
[2010/08/09 18:22:11 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\_Bank Reconcilliation 08-4-10 reconciled 8-9-10.xls
[2010/07/18 15:10:54 | 000,000,409 | ---- | C] () -- C:\WINDOWS\Trpmaker.INI
[2010/07/18 15:06:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/07/18 15:06:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PlugFile.dll
[2010/07/18 15:06:50 | 000,011,136 | ---- | C] () -- C:\WINDOWS\System32\Fprun300.dll
[2010/07/18 15:06:49 | 000,038,688 | ---- | C] () -- C:\WINDOWS\System32\Leaddib.drv
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/10 13:09:37 | 000,000,504 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/07/17 18:28:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2008/05/22 22:33:39 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/02/16 23:48:55 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/02/15 22:29:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/01/26 22:59:17 | 000,000,011 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2006.ini
[2007/10/28 17:45:46 | 000,000,146 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2007/10/28 17:45:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2007/10/28 17:45:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/10/28 17:45:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2007/10/28 17:45:37 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2007/10/28 17:45:37 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2007/10/28 17:45:35 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2007/10/28 17:45:17 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/10/15 21:37:27 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/04 16:37:25 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/05/14 20:02:48 | 000,000,683 | ---- | C] () -- C:\WINDOWS\TeVeoLive.ini
[2007/05/14 20:02:48 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ClipstoreOEM.ini
[2007/05/14 20:00:11 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
[2007/05/14 19:59:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2007/05/14 19:59:26 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
[2007/05/14 19:59:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2007/05/14 19:59:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2007/05/14 19:59:26 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
[2007/05/14 19:59:26 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2007/05/14 19:59:25 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2007/05/14 19:57:30 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\LSXConfig.dll
[2007/05/14 19:56:45 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/04/29 23:26:26 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/08 16:23:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007/04/05 07:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/02/08 18:05:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/02/03 20:22:40 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/03 20:22:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/17 19:46:30 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Tom\Application Data\$_hpcst$.hpc
[2007/01/15 12:56:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/01/10 20:20:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/10 17:48:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/08 22:34:07 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/08 19:53:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/08 19:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/01/08 19:34:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2007/01/08 19:32:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/01/08 19:32:05 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2007/01/08 19:29:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/01/08 19:29:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/01/08 19:28:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\EP4180.ini
[2007/01/08 19:22:22 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/01/08 19:21:46 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2007/01/08 19:21:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/01/08 17:49:40 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/08 17:44:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2007/01/08 17:44:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2007/01/08 17:44:12 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\fusioncache.dat
[2007/01/08 17:42:30 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2007/01/08 17:22:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/08 17:21:45 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/01/08 17:21:27 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/01/08 17:13:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/08 17:13:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/08 17:13:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/08 17:13:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/08 17:13:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/08 17:13:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/08 17:11:59 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2007/01/08 17:03:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/01/08 17:03:03 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/01/08 17:01:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/01/08 16:51:35 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2005/10/17 19:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/01/07 14:15:56 | 000,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
< End of report >

OTL Extras logfile created on: 9/1/2010 6:05:26 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Tom\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 54.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.06 Gb Total Space | 20.49 Gb Free Space | 40.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C0B1CD7D
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Common Files\aol\1168475224\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1168475224\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- File not found
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"C:\Program Files\TeVeo\TeVeo VIDiO Suite\Live\TeVeoLive.exe" = C:\Program Files\TeVeo\TeVeo VIDiO Suite\Live\TeVeoLive.exe:*:Enabled:TeVeoLive -- (TeVeo)
"C:\Program Files\AOL 9.1\aol.exe" = C:\Program Files\AOL 9.1\aol.exe:*:Enabled:AOL 9.1 -- (AOL, LLC.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Disabled:MySpaceIM -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Tom\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Tom\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- File not found
"C:\Documents and Settings\Tom\Local Settings\Temp\7zS72.tmp\SymNRT.exe" = C:\Documents and Settings\Tom\Local Settings\Temp\7zS72.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{6185306D-29BF-4120-A1ED-96F045208333}" = WORDsearch 7 SA Discipleship Lib.
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{74B2DD5D-FFFC-458A-B30C-F0BB48B0C4C9}" = LESSONmaker 8 Basic Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Ad-aware 5.83" = Ad-aware 5.83
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autobahn" = MLB.TV NexDef Plug-in
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell DJ Explorer
"LESSONmaker 8 Basic Edition" = LESSONmaker 8 Basic Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"QCDrivers" = QuickCam Drivers
"TripMaker" = Rand McNally TripMaker Deluxe 2000
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WORDsearch 7 SA Discipleship Lib." = WORDsearch 7 SA Discipleship Lib.

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2010 7:20:56 PM | Computer Name = LENOVO-C0B1CD7D | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 8/25/2010 5:49:44 PM | Computer Name = LENOVO-C0B1CD7D | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2010 5:49:44 PM | Computer Name = LENOVO-C0B1CD7D | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2010 5:49:46 PM | Computer Name = LENOVO-C0B1CD7D | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2010 9:03:32 PM | Computer Name = LENOVO-C0B1CD7D | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 8/31/2010 5:59:05 PM | Computer Name = LENOVO-C0B1CD7D | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 8/31/2010 6:01:28 PM | Computer Name = LENOVO-C0B1CD7D | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 9/1/2010 4:24:17 PM | Computer Name = LENOVO-C0B1CD7D | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

[ System Events ]
Error - 8/26/2010 6:49:00 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 8/27/2010 5:42:36 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 8/27/2010 8:32:21 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 8/28/2010 4:01:49 PM | Computer Name = LENOVO-C0B1CD7D | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 8/29/2010 12:46:04 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 8/29/2010 9:50:23 PM | Computer Name = LENOVO-C0B1CD7D | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
YOUR-F78BF48CE2 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{2C7247ED-905. The master browser is stopping or an election is being
forced.

Error - 8/30/2010 6:56:27 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 8/31/2010 5:35:27 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 9/1/2010 5:10:39 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.

Error - 9/1/2010 5:39:56 PM | Computer Name = LENOVO-C0B1CD7D | Source = Print | ID = 23
Description = Printer AcroPDF failed to initialize because a suitable AcroPDF driver
could not be found.


< End of report >

[deltalima]

Hi hamiltonjoe1950,

I do not have the disks or license key for Symantec. This was a company computer and they left it on here but I wanted to remove it as I did not want to have to renew the license.

If the software was installed as part of the network then it is probable that it cannot be removed without the security credentials (passwords) of the network administrator.

If the license has not been renewed then the definitions will not be updated and so the antivirus software will be of no use in protecting against current threats.

The options available are to contact the company that installed the Symantec software to have it removed, contact Symantec for help removing or to reformat the computer and reinstall Windows.

Please let me know how you wish to proceed.

[hamiltonjoe1950]

I will contact where I got the computer to see if they can help me. Symantec still is function, runs scans, live updates, etc. I have not clue as to how though.

Then suddenly I began to get this error message which made reminded me that I wanted to remove it from my computer but I do not have the uninstall option in control panel and I was told that the problem was not a Symantec problem but rather a virus or malware issue.

[deltalima]

Hi hamiltonjoe1950,

I will contact where I got the computer to see if they can help me.

That is a good plan, once you have removed the program then you can replace it with one of the free ones such as Avast or AVG.

I was told that the problem was not a Symantec problem but rather a virus or malware issue.

The error can be seen in the event log

Error - 8/31/2010 6:01:28 PM | Computer Name = LENOVO-C0B1CD7D | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

The Symatech software is attempting to contact the master server from where it was installed to update files and is failing to do so.

The symptom is not one that I would associate with malware, however we can give the computer a thorough check with the proviso that once clean if the error persists it can be eliminated by replacing the Symantech software.

Lets remove the remnants of Lotus Notes.

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  Code: Select all

  :processes
  ntmulti.exe
  :otl
  O3 - HKU\S-1-5-21-2244424893-2629147862-639317376-1005\..\Toolbar\WebBrowser: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No CLSID value found.
  :services
  Multi-user Cleanup Service
  :files
  C:\Program Files\lotus\notes
  :commands
  [EMPTYTEMP]
  [REBOOT]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of the report and paste it in a reply here.

Please run a quick scan with Malwarebytes and post the log in your next reply.

[hamiltonjoe1950]

Thank you. I will do this when I get home from work.

[deltalima]

OK, please post when ready.

[hamiltonjoe1950]

OK, please post when ready.

Hmmm...this is interesting. I posted the log files after doing everything last night and for some reason they apparently disappeared. I am on the road today and will attempt to repost everything latter today or tonight.

[hamiltonjoe1950]

I have copied and pasted the log files three times tonight and even though it appears to have worked they are not showing up as having been posted.

[deltalima]

Hi hamiltonjoe1950,

I have copied and pasted the log files three times tonight and even though it appears to have worked they are not showing up as having been posted.

Most strange, as a test please post a new HijackThis log as you did in the initial post.

Make sure you click the Submit button and not the Preview one.

[hamiltonjoe1950]

I just attempted to post again and the problem is the number of characters exceed the number allowed. I will re-attempt to post the 3 logs in two separate posts.

I would be interested in a complete review even though it does not garauntee that the errort will not reoccur
Here are the two smaller files:
All processes killed
========== PROCESSES ==========
No active process named ntmulti.exe was found!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2244424893-2629147862-639317376-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE2611-C31B-401F-89BC-4CBB25E853D7}\ not found.
========== SERVICES/DRIVERS ==========
Service Multi-user Cleanup Service stopped successfully!
Service Multi-user Cleanup Service deleted successfully!
========== FILES ==========
C:\Program Files\lotus\notes folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes

User: All Users
->Flash cache emptied: 106 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom
->Temp folder emptied: 40457969 bytes
->Temporary Internet Files folder emptied: 312879173 bytes
->Java cache emptied: 156614119 bytes
->Flash cache emptied: 2394662 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 936465 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60817109 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64517358 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3366782 bytes

Total Files Cleaned = 613.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09022010_174201

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Malwarebytes' Anti-Malware 1.30
Database version: 1421
Windows 5.1.2600 Service Pack 3

9/3/2010 9:36:36 PM
mbam-log-2010-09-03 (21-36-35).txt

Scan type: Quick Scan
Objects scanned: 57098
Time elapsed: 18 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[hamiltonjoe1950]

I cannot copy and paste the RK Unhooker report as it says that it is 150,000 characters and the limit is 100,000.