XP anti-spyware - Possible remnants on my computer

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

XP anti-spyware - Possible remnants on my computer Got rid of XP anti-spyware w/ MBAM, comp is slow, auto update disabled

#1 rickway

New Member

Group: Members
Posts: 14
Joined: 09-May 11

Posted 10 May 2011 - 05:58 PM

Hello,
*This is a problem on a different computer than the thread I had open yesterday*

I had XP anti-spyware on my computer and followed the instructions to remove it with MBAM. However, I feel like there are still some lingering issues here. One example is that I can't enable automatic updates for Windows. The computer is also still running slower than normal.

I'm including the DDS. The ark.txt file is 813kb, which exceeds the quota - if you need this file, maybe I can split it in half or something. Thanks so much for any help you can provide.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by rwayman at 11:15:52.56 on Tue 05/10/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1738 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.wagingpeace.org/adminpage/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [KnexStarter] c:\program files\common files\hewlett-packard\hp device communication services\appinterfaces\HPDeviceService.exe
mRun: [RunTasktray] "c:\program files\hewlett-packard\hp easy printer care\hpprun.exe" --regkeypath=software\hewlett-packard\hp easy printer care\HPPRun --valuename=InstallTTM
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\rwayma~1.nap\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\rwayma~1.nap\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rwayman.napf\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: hp.com
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238005006684
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238004997304
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\rwayma~1.nap\applic~1\mozilla\firefox\profiles\do6v4udr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wagingpeace.org/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCltInstall.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-11 14336]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-18 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-18 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-5-18 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110510.003\NAVENG.SYS [2011-5-10 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110510.003\NAVEX15.SYS [2011-5-10 1393144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-24 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
.
=============== Created Last 30 ================
.
2011-05-09 19:17:53 388096 ----a-r- c:\docume~1\rwayma~1.nap\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-09 19:17:51 -------- d-----w- c:\program files\Trend Micro
2011-05-09 18:22:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-09 18:22:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 17:53:12 -------- d-----w- c:\program files\iPod
2011-05-03 17:53:04 -------- d-----w- c:\program files\iTunes
2011-05-03 17:48:44 -------- d-----w- c:\program files\Bonjour
2011-04-29 20:01:18 -------- d-----w- c:\windows\system32\20-20 Technologies
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
==================== Find3M ====================
.
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 11:16:22.45 ===============

Attached File(s)

Attach.txt (16.74K)
Number of downloads: 0

#2 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,314
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 10 May 2011 - 06:09 PM

Hello again rickway,

Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

download

OTL

This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
volsnap.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
5. Push the Quick Scan button.
6. Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

Things to include in your next reply::
TDSSKILLEr log
Otl.txt
Extra.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-

Posted Image

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#3 rickway

New Member

Group: Members
Posts: 14
Joined: 09-May 11

Posted 10 May 2011 - 06:22 PM

Thanks fireman. Here are the results:

2011/05/10 16:14:09.0755 2720 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 16:14:10.0724 2720 ================================================================================
2011/05/10 16:14:10.0724 2720 SystemInfo:
2011/05/10 16:14:10.0724 2720
2011/05/10 16:14:10.0724 2720 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/10 16:14:10.0724 2720 Product type: Workstation
2011/05/10 16:14:10.0724 2720 ComputerName: NAPF11
2011/05/10 16:14:10.0724 2720 UserName: rwayman
2011/05/10 16:14:10.0724 2720 Windows directory: C:\WINDOWS
2011/05/10 16:14:10.0724 2720 System windows directory: C:\WINDOWS
2011/05/10 16:14:10.0724 2720 Processor architecture: Intel x86
2011/05/10 16:14:10.0724 2720 Number of processors: 2
2011/05/10 16:14:10.0724 2720 Page size: 0x1000
2011/05/10 16:14:10.0724 2720 Boot type: Normal boot
2011/05/10 16:14:10.0724 2720 ================================================================================
2011/05/10 16:14:10.0849 2720 Initialize success
2011/05/10 16:14:12.0162 4568 ================================================================================
2011/05/10 16:14:12.0162 4568 Scan started
2011/05/10 16:14:12.0162 4568 Mode: Manual;
2011/05/10 16:14:12.0162 4568 ================================================================================
2011/05/10 16:14:12.0833 4568 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/10 16:14:12.0896 4568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 16:14:12.0927 4568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 16:14:12.0974 4568 ADIHdAudAddService (62afc64108bbdb8d3ca32aad559e5af1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/10 16:14:13.0021 4568 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/10 16:14:13.0083 4568 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 16:14:13.0146 4568 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 16:14:13.0177 4568 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/10 16:14:13.0193 4568 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/10 16:14:13.0240 4568 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/10 16:14:13.0287 4568 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/10 16:14:13.0333 4568 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/10 16:14:13.0396 4568 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/10 16:14:13.0412 4568 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/10 16:14:13.0458 4568 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/10 16:14:13.0490 4568 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/10 16:14:13.0537 4568 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/10 16:14:13.0615 4568 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/10 16:14:13.0630 4568 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/10 16:14:13.0708 4568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 16:14:13.0755 4568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 16:14:13.0912 4568 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/10 16:14:13.0990 4568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 16:14:14.0037 4568 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 16:14:14.0068 4568 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/10 16:14:14.0146 4568 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
2011/05/10 16:14:14.0193 4568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 16:14:14.0271 4568 Camav (a839289518d08655e2162f3ecf3ee485) C:\WINDOWS\system32\Drivers\Camav.sys
2011/05/10 16:14:14.0333 4568 camflt (5320b8515bff632b85a97bd12da08825) C:\WINDOWS\system32\DRIVERS\camflt.sys
2011/05/10 16:14:14.0365 4568 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/10 16:14:14.0412 4568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 16:14:14.0458 4568 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 16:14:14.0505 4568 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/10 16:14:14.0552 4568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 16:14:14.0599 4568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 16:14:14.0630 4568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 16:14:14.0724 4568 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/10 16:14:14.0740 4568 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/10 16:14:14.0771 4568 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/10 16:14:14.0818 4568 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/10 16:14:14.0896 4568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 16:14:15.0005 4568 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/05/10 16:14:15.0052 4568 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/10 16:14:15.0052 4568 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/10 16:14:15.0068 4568 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/05/10 16:14:15.0083 4568 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/10 16:14:15.0115 4568 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/10 16:14:15.0146 4568 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/10 16:14:15.0162 4568 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/05/10 16:14:15.0177 4568 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/10 16:14:15.0177 4568 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/10 16:14:15.0255 4568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 16:14:15.0271 4568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 16:14:15.0287 4568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 16:14:15.0318 4568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 16:14:15.0349 4568 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/10 16:14:15.0365 4568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 16:14:15.0427 4568 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/10 16:14:15.0443 4568 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/10 16:14:15.0552 4568 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
2011/05/10 16:14:15.0646 4568 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/10 16:14:15.0724 4568 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/10 16:14:15.0755 4568 EraserUtilDrv11110 (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11110.sys
2011/05/10 16:14:15.0818 4568 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/10 16:14:15.0865 4568 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 16:14:15.0912 4568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/10 16:14:15.0943 4568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 16:14:15.0974 4568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/10 16:14:16.0021 4568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/10 16:14:16.0052 4568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 16:14:16.0099 4568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 16:14:16.0146 4568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/10 16:14:16.0162 4568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 16:14:16.0208 4568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 16:14:16.0240 4568 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/10 16:14:16.0271 4568 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/10 16:14:16.0349 4568 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/10 16:14:16.0380 4568 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/10 16:14:16.0474 4568 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/10 16:14:16.0521 4568 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 16:14:16.0521 4568 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/10 16:14:16.0537 4568 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/10 16:14:16.0583 4568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 16:14:16.0599 4568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 16:14:16.0662 4568 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/10 16:14:16.0677 4568 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/10 16:14:16.0740 4568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/10 16:14:16.0740 4568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/10 16:14:16.0787 4568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/10 16:14:16.0802 4568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 16:14:16.0818 4568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 16:14:16.0833 4568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 16:14:16.0865 4568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 16:14:16.0896 4568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 16:14:16.0927 4568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 16:14:16.0990 4568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 16:14:17.0005 4568 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 16:14:17.0037 4568 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 16:14:17.0146 4568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 16:14:17.0193 4568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 16:14:17.0224 4568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 16:14:17.0302 4568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 16:14:17.0349 4568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 16:14:17.0380 4568 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/10 16:14:17.0412 4568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 16:14:17.0474 4568 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/10 16:14:17.0490 4568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 16:14:17.0521 4568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 16:14:17.0568 4568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 16:14:17.0599 4568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 16:14:17.0646 4568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 16:14:17.0677 4568 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 16:14:17.0693 4568 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 16:14:17.0724 4568 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 16:14:17.0865 4568 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110510.003\NAVENG.SYS
2011/05/10 16:14:17.0912 4568 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110510.003\NAVEX15.SYS
2011/05/10 16:14:17.0974 4568 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 16:14:17.0990 4568 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 16:14:18.0021 4568 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 16:14:18.0083 4568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 16:14:18.0099 4568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 16:14:18.0130 4568 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 16:14:18.0146 4568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/10 16:14:18.0193 4568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 16:14:18.0240 4568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 16:14:18.0271 4568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 16:14:18.0318 4568 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/10 16:14:18.0365 4568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 16:14:18.0458 4568 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 16:14:18.0505 4568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 16:14:18.0552 4568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 16:14:18.0599 4568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/10 16:14:18.0630 4568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 16:14:18.0662 4568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 16:14:18.0677 4568 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 16:14:18.0693 4568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 16:14:18.0724 4568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 16:14:18.0802 4568 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/10 16:14:18.0833 4568 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/10 16:14:18.0927 4568 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/05/10 16:14:18.0974 4568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 16:14:18.0990 4568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 16:14:19.0005 4568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 16:14:19.0052 4568 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 16:14:19.0099 4568 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/10 16:14:19.0146 4568 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/10 16:14:19.0177 4568 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/10 16:14:19.0208 4568 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/10 16:14:19.0255 4568 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/10 16:14:19.0287 4568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 16:14:19.0365 4568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 16:14:19.0380 4568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 16:14:19.0412 4568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 16:14:19.0443 4568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/10 16:14:19.0474 4568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 16:14:19.0537 4568 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 16:14:19.0599 4568 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 16:14:19.0630 4568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 16:14:19.0724 4568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 16:14:19.0802 4568 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/05/10 16:14:19.0865 4568 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/10 16:14:19.0912 4568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/10 16:14:19.0974 4568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 16:14:20.0037 4568 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/10 16:14:20.0083 4568 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 16:14:20.0162 4568 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/10 16:14:20.0255 4568 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/10 16:14:20.0302 4568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 16:14:20.0349 4568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 16:14:20.0365 4568 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2011/05/10 16:14:20.0412 4568 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2011/05/10 16:14:20.0443 4568 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2011/05/10 16:14:20.0490 4568 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/10 16:14:20.0568 4568 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 16:14:20.0599 4568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 16:14:20.0630 4568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 16:14:20.0677 4568 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/10 16:14:20.0708 4568 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/10 16:14:20.0787 4568 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/10 16:14:20.0833 4568 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/10 16:14:20.0865 4568 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/10 16:14:20.0927 4568 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/10 16:14:20.0958 4568 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/10 16:14:21.0005 4568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 16:14:21.0068 4568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 16:14:21.0099 4568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 16:14:21.0130 4568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 16:14:21.0162 4568 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 16:14:21.0224 4568 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/10 16:14:21.0255 4568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 16:14:21.0318 4568 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
2011/05/10 16:14:21.0380 4568 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/10 16:14:21.0443 4568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 16:14:21.0490 4568 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/10 16:14:21.0552 4568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 16:14:21.0615 4568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 16:14:21.0662 4568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 16:14:21.0708 4568 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/10 16:14:21.0755 4568 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 16:14:21.0771 4568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 16:14:21.0771 4568 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 16:14:21.0818 4568 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/10 16:14:21.0849 4568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 16:14:21.0896 4568 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/10 16:14:21.0958 4568 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/10 16:14:21.0990 4568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 16:14:22.0068 4568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 16:14:22.0130 4568 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/10 16:14:22.0177 4568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 16:14:22.0271 4568 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/10 16:14:22.0302 4568 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 16:14:22.0349 4568 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 16:14:22.0396 4568 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 16:14:22.0537 4568 ================================================================================
2011/05/10 16:14:22.0537 4568 Scan finished
2011/05/10 16:14:22.0537 4568 ================================================================================

OTL logfile created on: 5/10/2011 4:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 92.97 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive P: | 248.10 Gb Total Space | 147.15 Gb Free Space | 59.31% Space Free | Partition Type: NTFS
Drive U: | 248.10 Gb Total Space | 147.15 Gb Free Space | 59.31% Space Free | Partition Type: NTFS

Computer Name: NAPF11 | User Name: rwayman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 16:14:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads\OTL.exe
PRC - [2011/05/10 16:12:50 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads\tdsskiller.exe
PRC - [2011/05/02 09:06:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/30 19:42:50 | 023,360,040 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/05/18 12:28:06 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/05/18 12:28:04 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/18 12:28:02 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/05/18 12:28:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/05/18 12:28:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/05/17 17:03:14 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2010/05/17 17:02:52 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2009/09/23 16:03:51 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/23 15:53:58 | 000,101,376 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe
PRC - [2009/03/23 15:02:50 | 000,159,744 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe
PRC - [2009/03/23 15:01:22 | 000,199,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/10/20 15:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/25 07:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006/08/17 07:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/03/17 15:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

========== Modules (SafeList) ==========

MOD - [2011/05/10 16:14:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HidServ)
SRV - [2011/05/03 14:50:42 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2010/05/18 12:28:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/18 12:28:06 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/05/18 12:28:02 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/05/18 12:28:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/05/18 12:28:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/05/17 17:02:52 | 000,053,408 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/03/17 15:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2011/05/09 20:23:59 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/09 12:18:54 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110510.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/09 12:18:54 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110510.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/26 21:48:08 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/18 13:45:26 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/18 12:28:06 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/05/18 12:28:06 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/05/18 12:28:06 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/05/18 12:27:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/18 12:27:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/05/18 12:27:56 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/04 07:27:22 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/01/26 13:49:24 | 000,012,160 | ---- | M] (Devguru Corporation, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camflt.sys -- (camflt)
DRV - [2007/01/26 13:49:22 | 000,054,656 | ---- | M] (Samsung electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camav.sys -- (Camav)
DRV - [2006/08/28 00:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/18 11:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 11:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 11:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 11:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 11:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 11:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 11:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 11:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 08:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 08:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/03/17 15:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 09:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/23 04:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)
DRV - [2003/04/24 14:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070915
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070915

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wagingpeace.org/adminpage/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wagingpeace.org/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/08 10:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/11/08 10:52:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/08 10:52:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 09:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 13:39:31 | 000,000,000 | ---D | M]

[2009/03/24 17:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwayman.NAPF\Application Data\Mozilla\Extensions
[2011/03/23 10:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\rwayman.NAPF\Application Data\Mozilla\Firefox\Profiles\do6v4udr.default\extensions
[2010/05/28 09:06:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\rwayman.NAPF\Application Data\Mozilla\Firefox\Profiles\do6v4udr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/23 13:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/03/24 12:46:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 09:06:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/05/29 16:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RunTasktray] File not found
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\rwayman.NAPF\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\rwayman.NAPF\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238005006684 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238004997304 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.13 68.105.28.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = napf.local
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper: C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{00b6db76-3e66-11de-a14d-001aa0c7cf8a}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{78b075bd-964c-11de-a154-001aa0c7cf8a}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell - "" = AutoRun
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/09 12:17:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rwayman.NAPF\Start Menu\Programs\HiJackThis
[2011/05/09 11:22:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/09 11:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/09 11:22:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/03 10:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/03 10:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/03 10:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/03 10:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/29 13:01:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\20-20 Technologies
[2011/04/22 15:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 15:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 13:20:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 11:15:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\defogger_reenable
[2011/05/10 09:20:57 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/05/09 22:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/09 12:44:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 12:44:23 | 3218,718,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/09 12:18:05 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\HiJackThis.lnk
[2011/05/09 12:17:19 | 000,015,206 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/09 12:17:18 | 000,015,206 | -HS- | M] () -- C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/05 10:59:31 | 005,107,907 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\3952.jpg
[2011/05/03 10:37:29 | 000,030,620 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\Timeline_Foothill-1.pdf
[2011/04/29 13:53:44 | 000,013,297 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\elegant_newsletter.htm
[2011/04/29 10:02:49 | 000,006,279 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\template_TEST.html
[2011/04/29 09:46:13 | 000,007,554 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\TEST.htm
[2011/04/20 12:42:49 | 000,066,446 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sample_aup_discussion_guide.pdf
[2011/04/20 12:41:04 | 000,033,451 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\logo.png
[2011/04/19 17:03:55 | 005,355,577 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\Three_Cups_of_Deceit_Jon_Krakauer_Byliner_Originals.pdf
[2011/04/19 13:33:05 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\deceit.pdf
[2011/04/15 15:53:07 | 000,241,738 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\BillPdf.pdf
[2011/04/15 14:41:14 | 005,614,901 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sb_mag.jpg
[2011/04/15 14:30:21 | 007,009,011 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sb_mag.pdf
[2011/04/13 12:19:10 | 000,676,175 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\wayman.jpg
[2011/04/13 09:39:58 | 000,081,177 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\photo.JPG
[2011/04/11 15:31:10 | 030,452,692 | ---- | M] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\high risk report.pdf
[2011/04/11 11:44:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 11:15:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\defogger_reenable
[2011/05/09 12:17:52 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\HiJackThis.lnk
[2011/05/09 12:13:43 | 3218,718,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/09 09:48:30 | 000,015,206 | -HS- | C] () -- C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/09 09:48:30 | 000,015,206 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/05 10:59:28 | 005,107,907 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\3952.jpg
[2011/05/03 10:37:29 | 000,030,620 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\Timeline_Foothill-1.pdf
[2011/04/29 10:20:07 | 000,013,297 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\elegant_newsletter.htm
[2011/04/29 10:02:49 | 000,006,279 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\template_TEST.html
[2011/04/28 16:54:08 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\TEST.htm
[2011/04/20 12:42:49 | 000,066,446 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sample_aup_discussion_guide.pdf
[2011/04/20 12:41:04 | 000,033,451 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\logo.png
[2011/04/19 17:03:55 | 005,355,577 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\Three_Cups_of_Deceit_Jon_Krakauer_Byliner_Originals.pdf
[2011/04/19 13:33:05 | 000,000,492 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\deceit.pdf
[2011/04/15 15:53:07 | 000,241,738 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\BillPdf.pdf
[2011/04/15 14:41:09 | 005,614,901 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sb_mag.jpg
[2011/04/15 14:30:09 | 007,009,011 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\sb_mag.pdf
[2011/04/13 12:19:09 | 000,676,175 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\wayman.jpg
[2011/04/13 09:39:58 | 000,081,177 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\photo.JPG
[2011/04/11 15:30:16 | 030,452,692 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Desktop\high risk report.pdf
[2010/12/03 18:09:02 | 000,482,408 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2010/12/03 18:07:08 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/11/05 17:02:34 | 000,131,354 | ---- | C] () -- C:\WINDOWS\hpwins22.dat.temp
[2010/11/05 16:25:21 | 000,001,075 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/11/05 14:32:53 | 000,233,100 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/11/05 14:32:53 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/09/01 14:21:03 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/01 14:21:03 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/01 14:21:03 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/01 14:21:03 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/01 14:21:03 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/01 14:21:03 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/08/27 16:42:30 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/08/27 16:42:30 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7610584904.sys
[2010/08/27 11:45:38 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\sysdws.dat
[2010/05/18 13:38:02 | 000,002,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/04/02 15:00:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/24 18:02:58 | 001,381,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/29 13:26:49 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgppt2.dll
[2010/01/29 13:25:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/01/29 13:25:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009/10/28 16:05:21 | 000,027,344 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/16 10:55:14 | 000,006,922 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Application Data\PrimoPDFSet.xml
[2009/03/27 09:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/03/24 12:04:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/02/10 14:33:16 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPEPCEnm.dll
[2009/02/10 14:33:02 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2008/10/21 17:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/21 17:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/08/19 11:09:27 | 000,450,560 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2008/08/19 11:09:27 | 000,172,032 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/01/25 13:10:36 | 000,026,427 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/10/12 12:05:52 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/10/05 13:41:42 | 000,001,165 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/03 13:31:04 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/03 13:14:24 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\fusioncache.dat
[2007/09/20 15:42:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 15:13:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/15 05:19:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/15 05:17:08 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/15 05:17:08 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/15 04:56:15 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/15 04:56:15 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007/09/15 04:56:15 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007/09/15 04:56:14 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/15 04:56:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/09/15 04:55:30 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/11/07 02:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 21:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 21:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000104.DLL

========== LOP Check ==========

[2007/10/01 13:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/08/27 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/03/25 17:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/03/25 17:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2010/10/06 11:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2010/08/27 13:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/11/03 15:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/27 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/11/01 11:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/13 09:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 09:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/10 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\AnvSoft
[2010/10/28 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Canon
[2011/02/24 13:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Cocoon Software
[2011/02/24 12:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Digiarty
[2011/05/10 09:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox
[2010/09/09 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\FileZilla
[2010/04/15 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\GetRightToGo
[2010/11/03 11:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Leawo
[2010/11/03 11:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Moyea
[2010/09/02 14:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\MPEG Streamclip
[2010/02/23 17:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Quark
[2010/09/01 16:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Ulead Systems
[2009/11/25 11:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\YouSendIt

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/25 11:31:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/25 11:31:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/25 11:31:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/25 11:31:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 00:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 19:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 19:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2006/08/27 19:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 03:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

OTL Extras logfile created on: 5/10/2011 4:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\rwayman.NAPF\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 92.97 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
Drive P: | 248.10 Gb Total Space | 147.15 Gb Free Space | 59.31% Space Free | Partition Type: NTFS
Drive U: | 248.10 Gb Total Space | 147.15 Gb Free Space | 59.31% Space Free | Partition Type: NTFS

Computer Name: NAPF11 | User Name: rwayman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\Temp\~os6.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os6.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\Temp\~os8.tmp\rlvknlg.exe" = C:\WINDOWS\Temp\~os8.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\rwayman.NAPF\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Events Communication Components
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{14021E77-2FC1-4972-8C51-08808CD62838}_is1" = Leawo MP4 Converter version 3.1.0.0
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2360C3D1-0811-491D-924D-DE7DC5B79048}_is1" = MOV to WMV 1.1
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A0DBDF40-559F-11E0-82E2-001D0926B1BF}" = Google Earth Plug-in
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Core Communication Components
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Device Data Communication Components
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Operating System Communication Components
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.2.0
"ATI Display Driver" = ATI Display Driver
"Chopper_is1" = Chopper XP 2.3
"FeedForAll v2.0" = FeedForAll v2.0
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"HP Document Manager" = HP Document Manager 2.0
"HP Easy Printer Care" = HP Easy Printer Care
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}" = Corel DVD MovieFactory 7 TBYB
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Lookout" = Lookout
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"Picasa 3" = Picasa 3
"PPT to Image Converter_is1" = PPT to Image Converter 2.00
"PrimoPDF4.1.0.9" = PrimoPDF
"RealPlayer 12.0" = RealPlayer
"Samsung_SEDG" = Samsung Video Codec 1.2.5006 Uninstall
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"uninstall.exe" = iLinc Client
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"QUICKMEDIACONVERTER" = Quick Media Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2011 3:15:26 PM | Computer Name = NAPF11 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/9/2011 3:15:57 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/9/2011 3:46:54 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 5/9/2011 3:47:09 PM | Computer Name = NAPF11 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/9/2011 3:48:48 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 5/9/2011 7:01:04 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 5/9/2011 8:55:39 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1097
Description = Windows cannot find the machine account, No authority could be contacted
for authentication. .

Error - 5/9/2011 8:55:39 PM | Computer Name = NAPF11 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. A message
that describes the reason for this was previously logged by the policy engine.

Error - 5/10/2011 12:12:55 AM | Computer Name = NAPF11 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.MalPE in File: c:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP638\A0093516.exe
by: Scheduled scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 5/10/2011 3:47:09 PM | Computer Name = NAPF11 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 5/10/2011 6:19:49 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10006
Description = DCOM got error "%2147746132" from the computer NAPF13 when attempting
to activate the server: {611D62BD-99D0-41C4-8D37-A6BF554AC3F6}

Error - 5/10/2011 6:19:52 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer NAPF15 using any
of the configured protocols.

Error - 5/10/2011 6:19:56 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10006
Description = DCOM got error "%2147746132" from the computer NAPF13 when attempting
to activate the server: {611D62BD-99D0-41C4-8D37-A6BF554AC3F6}

Error - 5/10/2011 6:19:58 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer NAPF15 using any
of the configured protocols.

Error - 5/10/2011 6:34:39 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10006
Description = DCOM got error "%2147746132" from the computer NAPF13 when attempting
to activate the server: {611D62BD-99D0-41C4-8D37-A6BF554AC3F6}

Error - 5/10/2011 6:34:42 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer NAPF15 using any
of the configured protocols.

Error - 5/10/2011 6:35:35 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10006
Description = DCOM got error "%2147746132" from the computer NAPF13 when attempting
to activate the server: {611D62BD-99D0-41C4-8D37-A6BF554AC3F6}

Error - 5/10/2011 6:35:38 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer NAPF15 using any
of the configured protocols.

Error - 5/10/2011 6:35:42 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10006
Description = DCOM got error "%2147746132" from the computer NAPF13 when attempting
to activate the server: {611D62BD-99D0-41C4-8D37-A6BF554AC3F6}

Error - 5/10/2011 6:35:44 PM | Computer Name = NAPF11 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer NAPF15 using any
of the configured protocols.

< End of report >

#4 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,314
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 10 May 2011 - 06:50 PM

Hello,

I don't see any malware on your machine. Lets run a couple other scanners.

1.
We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Otl
[2011/03/23 13:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = napf.local
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O33 - MountPoints2\{00b6db76-3e66-11de-a14d-001aa0c7cf8a}\Shell\AutoRun\command - "" = CA_EdgeLitemobile.exe
O33 - MountPoints2\{78b075bd-964c-11de-a154-001aa0c7cf8a}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell - "" = AutoRun
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9001951-c4e2-11df-a1a1-0019b9443391}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011/05/09 12:17:19 | 000,015,206 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2011/05/09 12:17:18 | 000,015,206 | -HS- | M] () -- C:\Documents and Settings\rwayman.NAPF\Local Settings\Application Data\ar7b6o4h07iv2eb771xo532d6qmd
[2010/11/03 11:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Leawo
[2010/11/03 11:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rwayman.NAPF\Application Data\Moyea
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

2.
Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

3.
Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

4.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform (32-bit or 64-bit).
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt. It is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Things to include in your next reply::
OTL fix log
Gmer log
aswMbr log
OTL log
How is your machine running now?

If I have helped you, consider making a donation to help me continue the fight against Malware!
Just click

#5 rickway

New Member

Group: Members
Posts: 14
Joined: 09-May 11

Posted 11 May 2011 - 12:55 PM

Hi fireman,
I think I'm going to call it quits on this one. The GMER scan takes about 6 hours and I have a really busy week. I'll revisit this if I continue to have problems, but with your initial diagnosis of not seeing any malware, I am more confident. Thank you!

#6 fireman4it

Bleepin' Fireman

Group: Malware Response Team
Posts: 8,314
Joined: 24-May 08
Gender:Male
Location:Bement, ILL

Posted 11 May 2011 - 05:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.