Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Warning: Application cannot be executed, Do you want to activate your antivirus software now?


  • This topic is locked This topic is locked
13 replies to this topic

#1 snj2000

snj2000

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 April 2010 - 07:15 PM

Created new link to post my logs as instructed by boopme.

Link to previous post

attach.txt and the ark.txt logs attached.


Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 08 April 2010 - 11:43 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 08 April 2010 - 10:05 PM

Thanks Syler, here they are:

OTL.TXT:
OTL logfile created on: 4/8/2010 10:57:57 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.83 Gb Total Space | 103.34 Gb Free Space | 73.90% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 6.76 Gb Free Space | 88.21% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHH-6710B
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/26 18:07:00 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/01/27 04:57:51 | 000,226,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe -- (STCAgent)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/08/26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/09/18 11:11:34 | 000,368,640 | ---- | M] (AVAYA Communication) [Auto | Stopped] -- C:\WINDOWS\system32\qosservm.exe -- (iClarityQoSService)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/05/08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/15 08:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/04 17:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Stopped] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2005/09/19 10:02:26 | 001,968,446 | ---- | M] () [Auto | Stopped] -- C:/Novadigm/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/08/26 18:01:46 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WSUSBDMAN.sys -- (WSUSBDMAN)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/03 18:26:28 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2009/04/03 18:25:18 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2009/04/03 18:25:14 | 000,093,584 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2009/04/03 18:25:10 | 000,098,480 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2009/04/03 18:25:06 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2009/04/03 18:25:00 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2009/04/03 18:24:56 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2009/04/03 18:24:52 | 000,108,784 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2009/03/09 10:36:58 | 006,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/02/03 16:23:46 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/01/27 04:57:51 | 000,022,136 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CSVirtA.sys -- (CSVirtA)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/10/31 17:23:11 | 000,033,408 | ---- | M] (F5 Networks, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2008/10/31 17:22:36 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2008/08/21 11:11:36 | 000,537,856 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/08/21 11:11:36 | 000,320,128 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/28 21:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 01:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 01:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 01:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 02:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/31 19:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/10/01 19:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/04/10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/04/09 01:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 03:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 03:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 03:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2007/04/03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/23 16:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/01/23 15:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/01/23 11:11:38 | 000,441,472 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/10/19 02:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2006/10/17 11:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 11:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/21 11:22:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/04 14:50:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [lkvgpsuk] C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRESET] C:\Program Files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe (Avaya Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [lkvgpsuk] C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe ()
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Documents and Settings\Joel\My Documents\My Downloads\RunAsDate\RunAsDate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.chh] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.chh] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.hou] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.hou] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwa...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} https://remote.opensolutions.com/CACHE/stc/...ries/stcweb.cab (STCWeb Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.chh.opensolutionsasp.com/vdesk/...,2008,1031,2121 (F5 Networks VPN Manager)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://camera.mesalands.edu:60007/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.chh.opensolutionsasp.com/vdesk/...0,2009,327,1558 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.chh.opensolutionsasp.com/vdesk/...,2009,0327,1604 (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://remote.opensolutions.com/CACHE/stc/...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.chh.opensolutionsasp.com/vdesk/...,2009,0327,1547 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226427097125 (WUWebControl Class)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://212.92.19.221/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} http://75.147.44.206:9000/SonySncMView.cab (SonySncMView Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.chh.opensolutionsasp.com/vdesk/...,2008,1031,2112 (F5 Networks SuperHost Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://195.86.127.26/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.chh.opensolutionsasp.com/vdesk/...0,2009,327,1548 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.chh.opensolutionsasp.com/policy...,2009,0327,1557 (F5 Networks OS Policy Agent)
O16 - DPF: {FA478DB9-803F-4154-9DDB-765EA9E35333} http://222.124.220.243/program/SonySncP1View.cab (Sony SNC-P1 Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 20:42:38 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell - "" = AutoRun
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 22:54:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/04/04 16:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/04 15:16:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/04 14:49:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/04 14:42:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/04 14:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/04 14:41:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/04 14:41:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/04 14:41:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/04 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/04 14:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/04 08:10:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/03 09:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy
[2010/03/13 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\sunday
[2010/03/13 11:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 12:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/16 17:49:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Joel\Application Data\pcouffin.sys
[2009/06/16 17:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/28 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/11 14:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/11 12:20:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/11 12:19:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/11 12:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 04:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/04/08 22:54:07 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/08 22:53:00 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 22:53:00 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 22:53:00 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 22:49:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 22:48:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/04 18:47:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 18:47:06 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/04 18:47:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/04 18:47:03 | 000,000,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/04/04 18:46:16 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B67B1A40-EE5E-44F2-8CF9-501CDE77E650}.job
[2010/04/04 18:45:37 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/04 15:06:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1647877149-725345543-1003UA.job
[2010/04/04 14:50:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/04 14:50:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/04 14:43:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/04 14:29:00 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 09:57:33 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/22 13:06:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1647877149-725345543-1003Core.job
[2010/03/13 16:05:42 | 016,818,470 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp007.mp4
[2010/03/13 15:57:59 | 010,844,029 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp009.mp4
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 08:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 08:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 08:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 08:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 08:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 08:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 08:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 08:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/10 09:18:46 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/10 09:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/10 09:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/03/10 09:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/03/10 09:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/03/10 08:29:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 08:27:26 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/04 14:43:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/04 14:43:02 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/04 14:41:58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/04 14:41:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/04 14:41:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/04 14:41:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/04 14:41:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/04 14:29:00 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/03/15 20:56:39 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/13 16:04:56 | 016,818,470 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp007.mp4
[2010/03/13 15:57:33 | 010,844,029 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp009.mp4
[2010/03/10 08:33:06 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/20 16:32:12 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/01/09 17:34:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/02 14:09:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2009/12/13 21:01:35 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/12/13 20:57:38 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\__FileUploader.log
[2009/12/13 20:42:38 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2009/12/13 20:42:38 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2009/12/13 20:42:38 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2009/12/13 20:42:38 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2009/12/13 20:42:38 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2009/12/02 13:02:50 | 001,632,887 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/12/02 12:56:10 | 004,840,081 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/11/17 20:49:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\fusioncache.dat
[2009/11/17 20:34:12 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/04 14:45:44 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/11/04 14:43:20 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/11/03 16:11:22 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/11/03 16:11:00 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/11/03 16:10:42 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/11/03 16:09:18 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/11/03 16:08:58 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/11/03 16:08:12 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/11/03 16:07:16 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/11/03 15:36:06 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/11/03 15:34:56 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/11/03 15:34:38 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/03 14:07:24 | 000,895,308 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/03 14:05:02 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/09/06 11:47:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\FnF4.txt
[2009/08/26 09:51:40 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/09 09:33:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCP1.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/19 12:14:00 | 000,000,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/16 17:49:42 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.log
[2009/06/16 17:49:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.cat
[2009/06/16 17:49:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.inf
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/13 12:08:57 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/11 16:42:17 | 000,000,055 | ---- | C] () -- C:\WINDOWS\ATTWKTOP.INI
[2008/11/11 16:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\QSwitch.txt
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DSwitch.txt
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\AtStart.txt
[2008/11/11 13:03:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/11 13:03:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/11 13:03:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/11 13:03:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/11 13:03:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/11 13:03:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/11 13:02:39 | 000,000,387 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/11 12:46:11 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/11/11 12:46:11 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/11/11 12:24:56 | 000,610,304 | -H-- | C] () -- C:\Documents and Settings\Joel\ntuser.dat.LOG
[2008/11/11 12:24:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Joel\ntuser.ini
[2008/11/11 12:24:55 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/06 11:07:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/02/12 22:21:28 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2007/02/06 16:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 15:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >




EXTRAS.TXT:
OTL Extras logfile created on: 4/8/2010 10:57:57 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.83 Gb Total Space | 103.34 Gb Free Space | 73.90% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 6.76 Gb Free Space | 88.21% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHH-6710B
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe" = C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe:*:Enabled:Avaya IP Softphone R6 -- (Avaya Inc.)
"C:\WINDOWS\Downloaded Program Files\TunnelServer.exe" = C:\WINDOWS\Downloaded Program Files\TunnelServer.exe:*:Enabled:TunnelServer -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06DBEADF-8AA7-46A1-A708-D0BE16EEF6DA}" = Avaya IP Softphone R6
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}" = Comcast Universal Caller ID
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{20A1D306-CE83-492A-8525-D6DF50B5944A}" = Embedded Security for HP ProtectTools
"{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}" = HP PCMCIA Smart Card Reader
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2B618178-930B-46FA-9C93-0AE2EEB89EBC}" = DocProc
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{38D56396-298F-4874-B4EC-16B530B07879}" = HP Scanjet G4000 series 8.0
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{6005535D-8A83-4108-A757-E1AB9886AECA}" = Cisco AnyConnect VPN Client
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D8367E4-9EF5-40F5-BECD-32615B0FE215}" = Samsung USB Driver (MCCI 3.40)
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E91B85-9A4A-4B1E-930E-3429D146FEB3}" = ScannerCopy
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0BC6CF7-B3CC-6699-0351-F845AC6D24DC}" = Comcast Access
"{C1704101-D142-42A4-83E5-F938F13DBD94}" = hpg4000QFolder
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{E0742446-2B18-4204-8A46-DA70BB003318}" = HP Broadband Wireless Modules
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F240855E-57B8-4807-9A00-7047211D9793}" = Curitel PC Card Software
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F7128E13-D676-41D2-A4DA-9EF2069A62B1}" = VMware View Client
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FD7F3626-80DE-4E99-A11D-0BFB4350A00C}" = hpG4000
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Applian Director1.1" = Applian Director
"AXIS Media Control" = AXIS Media Control
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CaptureWiz" = CaptureWizPro 4.30
"Cisco Systems SSL VPN Client" = Cisco SSL VPN Client
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Universal Caller ID
"Cygnus Hex Editor FREE EDITION" = Cygnus Hex Editor FREE EDITION 1.00
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.27
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ieSpell" = ieSpell
"InstallShield_{7D8367E4-9EF5-40F5-BECD-32615B0FE215}" = Samsung USB Driver (MCCI 3.40)
"JPEG Recovery Pro 4.0" = JPEG Recovery Pro 4.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OPSWAT AV Libraries" = OPSWAT AntiVirus and Firewall Integration Libraries
"PDF Complete" = PDF Complete
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2009 7:00:22 AM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/14/2009 6:26:35 AM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/14/2009 6:58:31 AM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/16/2009 7:58:40 AM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/16/2009 3:31:30 PM | Computer Name = CHH-6710B | Source = Application Hang | ID = 1002
Description = Hanging application ipsoftphone.exe, version 6.0.1.21, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/16/2009 3:33:57 PM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/17/2009 2:13:04 PM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/17/2009 2:22:44 PM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 10/19/2009 5:25:30 PM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

Error - 11/5/2009 4:17:16 AM | Computer Name = CHH-6710B | Source = STCAgent | ID = 50331650
Description = Termination reason code 10 [FAST_USER_SWITCH]

[ Cisco AnyConnect VPN Client Events ]
Error - 11/29/2009 1:00:02 PM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 12/21/2009 9:36:10 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
1271 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 12/21/2009 9:36:10 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331669
Description = Failed Route change: Action: AddRoute Destination: 192.168.0.255 Netmask:
255.255.255.255 Gateway: 172.17.244.1 Interface: 172.17.244.60 Metric: 1

Error - 12/21/2009 9:36:10 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
Line:
222 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

Error - 12/21/2009 9:37:15 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: CDtlsProtocol::retransmit Return code: 0xFE1C000E File: .\DtlsProtocol.cpp
Line:
409 Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED

Error - 12/21/2009 9:37:15 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: initiateTunnel Return code: 0xFE1C000E File: .\CdtpProtocol.cpp
Line:
507 Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED

Error - 12/21/2009 9:37:15 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: ITunnelProtocol::initiateTunnel Return code: 0xFE1C000E File:
.\TunnelStateMgr.cpp Line: 1040 Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED
callback

Error - 12/21/2009 9:37:15 AM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331649
Description = Function: CTunnelStateMgr::initiateTunnel Return code: 0xFE1C000E File:
.\TunnelMgr.cpp Line: 600 Description: TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED
callback

Error - 12/23/2009 2:46:12 PM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 12/30/2009 4:41:59 PM | Computer Name = CHH-6710B | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

[ System Events ]
Error - 4/5/2010 6:57:26 PM | Computer Name = CHH-6710B | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1076.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 4/5/2010 7:52:06 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/8/2010 10:49:10 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/8/2010 10:50:21 PM | Computer Name = CHH-6710B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm MpFilter

Error - 4/8/2010 10:54:04 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/8/2010 10:54:56 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/8/2010 10:59:08 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/8/2010 10:59:08 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/8/2010 10:59:09 PM | Computer Name = CHH-6710B | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1076.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.5605.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 4/8/2010 11:01:36 PM | Computer Name = CHH-6710B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 09 April 2010 - 10:18 AM

Hi snj2000,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [lkvgpsuk] C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe ()
    O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [lkvgpsuk] C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe ()
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://212.92.19.221/activex/AMC.cab (AxisMediaControl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://195.86.127.26/activex/AMC.cab (AxisMediaControlEmb Class)
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#5 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 09 April 2010 - 12:05 PM

ok, so I did the OTL - RUN FIX in SAFEMODE as that is the only way I could do anything at that point

All processes killed
========== OTL ==========
Unable to set value : HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lkvgpsuk deleted successfully.
C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\lkvgpsuk deleted successfully.
File C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy\yfjmvfctssd.exe not found.
Starting removal of ActiveX control {745395C8-D0E1-4227-8586-624CA9A10A8D}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745395C8-D0E1-4227-8586-624CA9A10A8D}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
C:\WINDOWS\Downloaded Program Files\setup.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 33133 bytes
->Temporary Internet Files folder emptied: 4532420 bytes
->Flash cache emptied: 42319 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Joel
->Temp folder emptied: 690400 bytes
->Temporary Internet Files folder emptied: 19736588 bytes
->Java cache emptied: 50583975 bytes
->Google Chrome cache emptied: 366336977 bytes
->Flash cache emptied: 144583 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 39584 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 248857 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1638 bytes

Total Files Cleaned = 424.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Joel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04092010_124001

Files\Folders moved on Reboot...
C:\Documents and Settings\Joel\Local Settings\Temporary Internet Files\Content.IE5\MZ6HZY5N\iframe[1].htm moved successfully.
C:\Documents and Settings\Joel\Local Settings\Temporary Internet Files\Content.IE5\7ARZLWNM\topic307223[1].htm moved successfully.
C:\Documents and Settings\Joel\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...



It rebooted and I did not go into SAFE MODE - This is the first time in a week that it came up ok in NORMAL mode thumbup.gif

I ran the scan (I selected ALL USERS)


OTL logfile created on: 4/9/2010 12:47:35 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Joel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 67.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.83 Gb Total Space | 101.70 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive D: | 7.67 Gb Total Space | 6.76 Gb Free Space | 88.21% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 85.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHH-6710B
Current User Name: Joel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
PRC - [2010/02/21 06:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 19:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/11/13 08:29:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/22 15:09:02 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Replay Media Catcher\FLVSrvc.exe
PRC - [2009/08/26 18:07:00 | 000,151,552 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2009/02/13 10:10:00 | 001,133,040 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/01/27 04:57:51 | 000,226,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
PRC - [2008/12/21 11:22:30 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/09/04 19:14:24 | 000,226,576 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2008/08/26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/23 03:30:36 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/18 11:11:34 | 000,368,640 | ---- | M] (AVAYA Communication) -- C:\WINDOWS\system32\qosservm.exe
PRC - [2007/05/08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/05/08 09:38:44 | 000,331,552 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2007/04/03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/02/15 08:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/01/24 15:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/23 16:15:14 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/01/05 12:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/04 17:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
PRC - [2006/10/16 14:50:16 | 000,202,312 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2006/02/19 03:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/09/19 10:02:26 | 001,968,446 | ---- | M] () -- C:\Novadigm\ManagementAgent\nvdkit.exe


========== Modules (SafeList) ==========

MOD - [2010/04/09 12:44:14 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Joel\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/12/09 19:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/26 18:07:00 | 000,151,552 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV - [2009/02/03 16:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/01/27 04:57:51 | 000,226,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe -- (STCAgent)
SRV - [2008/12/01 11:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/08/26 20:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/09/18 11:11:34 | 000,368,640 | ---- | M] (AVAYA Communication) [Auto | Running] -- C:\WINDOWS\system32\qosservm.exe -- (iClarityQoSService)
SRV - [2007/08/28 20:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/05/08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/15 08:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/04 17:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
SRV - [2005/09/19 10:02:26 | 001,968,446 | ---- | M] () [Auto | Running] -- C:/Novadigm/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 16:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/08/26 18:01:46 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WSUSBDMAN.sys -- (WSUSBDMAN)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/03 18:26:28 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2009/04/03 18:25:18 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2009/04/03 18:25:14 | 000,093,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2009/04/03 18:25:10 | 000,098,480 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2009/04/03 18:25:06 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2009/04/03 18:25:00 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2009/04/03 18:24:56 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2009/04/03 18:24:52 | 000,108,784 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2009/03/09 10:36:58 | 006,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2009/02/03 16:23:46 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/01/27 04:57:51 | 000,022,136 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CSVirtA.sys -- (CSVirtA)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/10/31 17:23:11 | 000,033,408 | ---- | M] (F5 Networks, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2008/10/31 17:22:36 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2008/08/21 11:11:36 | 000,537,856 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/08/21 11:11:36 | 000,320,128 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/28 21:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 01:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 01:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 01:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 01:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 02:14:00 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/31 19:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/10/01 19:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/04/10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/04/09 01:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 03:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 03:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 03:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2007/04/03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/27 11:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/02/14 10:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 10:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/23 16:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/01/23 15:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/01/23 11:11:38 | 000,441,472 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/10/19 02:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
DRV - [2006/10/17 11:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 11:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/21 11:22:37 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/04 14:50:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRESET] C:\Program Files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe (Avaya Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-861567501-1647877149-725345543-1003..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\Joel\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Documents and Settings\Joel\My Documents\My Downloads\RunAsDate\RunAsDate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.chh] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.chh] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.hou] http in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: opensolutionsasp.com ([vpn.hou] https in Trusted sites)
O15 - HKU\S-1-5-21-861567501-1647877149-725345543-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwa...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} https://remote.opensolutions.com/CACHE/stc/...ries/stcweb.cab (STCWeb Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.chh.opensolutionsasp.com/vdesk/...,2008,1031,2121 (F5 Networks VPN Manager)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://camera.mesalands.edu:60007/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://vpn.chh.opensolutionsasp.com/vdesk/...0,2009,327,1558 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.chh.opensolutionsasp.com/vdesk/...,2009,0327,1604 (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://remote.opensolutions.com/CACHE/stc/...ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://vpn.chh.opensolutionsasp.com/vdesk/...,2009,0327,1547 (F5 Networks Policy Agent Host Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1226427097125 (WUWebControl Class)
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab (PlayerOCX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} http://75.147.44.206:9000/SonySncMView.cab (SonySncMView Control)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.chh.opensolutionsasp.com/vdesk/...,2008,1031,2112 (F5 Networks SuperHost Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.chh.opensolutionsasp.com/vdesk/...0,2009,327,1548 (F5 Networks Host Control)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://vpn.chh.opensolutionsasp.com/policy...,2009,0327,1557 (F5 Networks OS Policy Agent)
O16 - DPF: {FA478DB9-803F-4154-9DDB-765EA9E35333} http://222.124.220.243/program/SonySncP1View.cab (Sony SNC-P1 Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/13 20:42:38 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell - "" = AutoRun
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aca25301-77ec-11de-ba5b-001a4b914de2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 12:40:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/08 22:54:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/04/04 16:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/04 15:16:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/04 14:49:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/04 14:42:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/04 14:41:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/04 14:41:58 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/04 14:41:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/04 14:41:58 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/04 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/04 14:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/04 08:10:00 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/03 09:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Local Settings\Application Data\qkvuvcqqy
[2010/03/13 11:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joel\Desktop\sunday
[2010/03/13 11:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 12:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/16 17:49:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Joel\Application Data\pcouffin.sys
[2009/06/16 17:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/28 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/11 14:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/11 12:20:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/11 12:19:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/11 12:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 04:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/09 12:50:02 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/09 12:49:03 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/09 12:49:03 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/09 12:49:03 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/09 12:45:59 | 000,000,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/04/09 12:45:42 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B67B1A40-EE5E-44F2-8CF9-501CDE77E650}.job
[2010/04/09 12:44:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 12:44:16 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/04/09 12:43:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 12:43:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 12:43:55 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 12:43:04 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2010/04/09 12:43:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joel\ntuser.ini
[2010/04/08 22:54:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joel\Desktop\OTL.exe
[2010/04/04 15:06:05 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1647877149-725345543-1003UA.job
[2010/04/04 14:50:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/04 14:50:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/04 14:43:04 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/04 14:29:00 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/27 09:57:33 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Google Chrome.lnk
[2010/03/22 13:06:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1647877149-725345543-1003Core.job
[2010/03/13 16:05:42 | 016,818,470 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp007.mp4
[2010/03/13 15:57:59 | 010,844,029 | ---- | M] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp009.mp4
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 08:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 08:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 08:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 08:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 08:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 08:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 08:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 08:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 08:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 08:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 08:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 08:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 08:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 08:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 08:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 08:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 08:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 08:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 08:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 08:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 08:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 08:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 08:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 08:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 08:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 08:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll

========== Files Created - No Company Name ==========

[2010/04/09 12:43:55 | 2138,361,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/04 14:43:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/04 14:43:02 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/04 14:41:58 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/04 14:41:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/04 14:41:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/04 14:41:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/04 14:41:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/04 14:29:00 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/03/15 20:56:39 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/03/13 16:04:56 | 016,818,470 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp007.mp4
[2010/03/13 15:57:33 | 010,844,029 | ---- | C] () -- C:\Documents and Settings\Joel\Desktop\Videoklipp009.mp4
[2010/02/20 16:32:12 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/01/09 17:34:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/01/02 14:09:21 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2009/12/13 21:01:35 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2009/12/13 20:57:38 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\__FileUploader.log
[2009/12/13 20:42:38 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2009/12/13 20:42:38 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2009/12/13 20:42:38 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2009/12/13 20:42:38 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2009/12/13 20:42:38 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2009/12/02 13:02:50 | 001,632,887 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2009/12/02 12:56:10 | 004,840,081 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/11/17 20:49:10 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\fusioncache.dat
[2009/11/17 20:34:12 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/04 14:45:44 | 000,611,638 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/11/04 14:43:20 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/11/03 16:11:22 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/11/03 16:11:00 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/11/03 16:10:42 | 000,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/11/03 16:09:18 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/11/03 16:08:58 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/11/03 16:08:12 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/11/03 16:07:16 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/11/03 15:36:06 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/11/03 15:34:56 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/11/03 15:34:38 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/03 14:07:24 | 000,895,308 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/03 14:05:02 | 000,957,047 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/09/06 11:47:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\FnF4.txt
[2009/08/26 09:51:40 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/09 09:33:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SonySNCP1.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/19 12:14:00 | 000,000,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/06/16 17:49:42 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.log
[2009/06/16 17:49:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.cat
[2009/06/16 17:49:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Joel\Application Data\pcouffin.inf
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/13 12:08:57 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/11 16:42:17 | 000,000,055 | ---- | C] () -- C:\WINDOWS\ATTWKTOP.INI
[2008/11/11 16:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\QSwitch.txt
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\DSwitch.txt
[2008/11/11 14:08:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joel\Local Settings\Application Data\AtStart.txt
[2008/11/11 13:03:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/11 13:03:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/11 13:03:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/11 13:03:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/11 13:03:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/11 13:03:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/11 13:02:39 | 000,000,387 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/11 12:46:11 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/11/11 12:46:11 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/11/11 12:24:56 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Joel\ntuser.dat.LOG
[2008/11/11 12:24:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Joel\ntuser.ini
[2008/11/11 12:24:55 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\Joel\NTUSER.DAT
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/06 11:07:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/04/03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/02/12 22:21:28 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2007/02/06 16:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/06 15:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/19 10:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/06 22:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
< End of report >

Then did the MBR CMD:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK


It looks to be running normally now, but Iwill wait to hear back before I do anything more. THANKS SO MUCH FOR YOUR HELP!!!!



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 09 April 2010 - 01:14 PM

That's looking better lets just make sure we got it all, btw you don't need to post with enormous text, my eye sight
is fine thanks smile.gif


You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#7 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 11 April 2010 - 12:23 PM

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joel at 13:17:59.73 on Sun 04/11/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1206 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\QosServM.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip softphone\AvayaWebDial.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Google Update] "c:\documents and settings\joel\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [PWRESET] c:\program files\avaya\avaya ip softphone\ip service provider\pwreset.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ask and Record FLV Service] "c:\program files\replay media catcher\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\joel\startm~1\programs\startup\captur~1.lnk - c:\documents and settings\joel\my documents\my downloads\runasdate\RunAsDate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: microsoft.com\*.update
Trusted Zone: opensolutionsasp.com\vpn.chh
Trusted Zone: opensolutionsasp.com\vpn.hou
Trusted Zone: windowsupdate.com\download
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - hxxps://remote.opensolutions.com/CACHE/stc/1/binaries/stcweb.cab
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/urxvpn.cab#version=6030,2008,1031,2121
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://camera.mesalands.edu:60007/kxhcm10.ocx
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,327,1558
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0327,1604
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://remote.opensolutions.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0327,1547
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226427097125
DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} - hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8D7AFAB7-42D6-4671-A53E-CD355673F026} - hxxp://75.147.44.206:9000/SonySncMView.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/urxshost.cab#version=6030,2008,1031,2112
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vpn.chh.opensolutionsasp.com/vdesk/terminal/urxhost.cab#version=6030,2009,327,1548
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://vpn.chh.opensolutionsasp.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0327,1557
DPF: {FA478DB9-803F-4154-9DDB-765EA9E35333} - hxxp://222.124.220.243/program/SonySncP1View.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 149040]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-11-11 540448]
R2 rma;Radia Management Agent;c:\novadigm\managementagent\nvdkit.exe [2005-9-19 1968446]
R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2009-8-26 151552]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-11-11 36608]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2008-9-4 33408]
R3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [2009-8-26 22016]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\drivers\CSVirtA.sys [2009-1-27 22136]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2008-12-5 10752]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-11-11 33024]
S3 PTDWBus;Curitel PC Card Composite Device driver (UDP);c:\windows\system32\drivers\PTDWBus.sys [2008-12-17 27392]
S3 PTDWMdm;Curitel PC Card Drivers (UDP);c:\windows\system32\drivers\PTDWMdm.sys [2008-12-17 41728]
S3 PTDWVsp;Curitel PC Card Diagnostic Serial Port (UDP);c:\windows\system32\drivers\PTDWVsp.sys [2008-12-17 39808]
S3 PWCTLDRV;The NECHostController Filter Driver;c:\windows\system32\drivers\PWCTLDRV.sys [2008-12-17 5888]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-04-11 13:07:01 0 d-----w- c:\program files\ESET
2010-04-09 16:40:01 0 d-----w- C:\_OTL
2010-04-04 18:42:58 0 d-sha-r- C:\cmdcons
2010-04-04 18:41:58 98816 ----a-w- c:\windows\sed.exe
2010-04-04 18:41:58 77312 ----a-w- c:\windows\MBR.exe
2010-04-04 18:41:58 161792 ----a-w- c:\windows\SWREG.exe

==================== Find3M ====================

2010-04-11 12:58:54 6400 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 02:52:21 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-24 02:52:20 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE

============= FINISH: 13:18:15.76 ===============

ATTACH file is attached.

ESETscan:
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Search Settings\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined


Computer looks to be running "normal" I do have to attach to router using ethernet now as my wireless shows "disabled" and will not "enable" but I will try to uninstall and reinstall that later.

Thanks for your help, let me know what you think from here.

Joel

I

Attached Files



#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 11 April 2010 - 01:34 PM

Hi Joel,

Your logs are looking ok, you have a usless proxy setting that you should clear out, as for you wireless goes let's make sure that
the wireless service is running.

Go to Start >> Control panel >> Internet options.
Select the Connections tab and click on LAN Settings.
Delete the settings in the Address and Port boxes under "Use a proxy server for your LAN"
Then Uncheck "Use a proxy server for your LAN" and click OK.

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c sc query WZCSVC >"%userprofile%\desktop\log.txt"
  • This will make a file called log.txt on your desktop, please post it in your next reply.

Thanks

unite.jpg


#9 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 12 April 2010 - 07:14 AM


Delete the settings in the Address and Port boxes under "Use a proxy server for your LAN" - Nothing was in these boxes.
Then Uncheck "Use a proxy server for your LAN" and click OK. - This was NOT checked to begin with.



SERVICE_NAME: WZCSVC
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0


I am still working on the wireless thing. I think the service was running. I rebooted and it detected my network, I entered my security key but it didn't connect and now shows deisabled, however my HP wireless assistant indicates the device is on. It I try to enable it through network connections, it just hangs. (I am less worried about that right now, unless you think it indicates other trouble)

Thanks!

Joel

#10 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 12 April 2010 - 07:35 AM

Wireless is working now. After the hang, I rebooted and it just came up. First time wireless has worked since the virus. Not sure if it is related or not but wanted to let you know. I will keep an eye on it.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 12 April 2010 - 12:59 PM

The proxy settings must be set under a different user you can run this reg fix that should clear it. Im glad to here you
got the wireless sorted, your logs all look in order so your good to go smile.gif
  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
CODE
REGEDIT4

[HKU\S-1-5-21-861567501-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=""
  • Click on the File tab, and select Save.
  • In the box that opens type fix.reg for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this )
  • Double click fix.reg, Select yes when it prompts you, then Ok.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer
is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does
not block outbound connections. So if Malware manages to get onto your computer it will be able to send data out when
it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of
protection. You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't
have active protection, unless you have a paid version, so in that case you can have more than one installed for
scanning purposes but you also don't want to bloat your computer with these programs, so I would recommend having
no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that,
what you are doing will not make a permenant changes to your system, unless you allow it too. So you can be surfing
the web inside Sandboxie then if you happen to stumble upon a bad site and get infected, you can simply delete the
Sanbox and all is gone. Having said that, it can not be considered 100% secure as no program can be, but it can be
a great help and is an excellent program. You can find a download link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and install
some addons that will make the browser even safer. You can download the latest version of Firefox here, if you already
have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#12 snj2000

snj2000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 14 April 2010 - 06:31 AM

Thanks Syler!

I am all clean now & working well. I have followed your final instructions to remove support programs, create restore point update windows etc.

I will also implement the other steps suggested to help reduce re-infection.

Great service, saved me from a full re-installation!!!!


Joel

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 14 April 2010 - 06:35 AM

That's great im glad I could help smile.gif

unite.jpg


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:16 PM

Posted 16 April 2010 - 07:36 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users