Hello schrauber
Here is what you asked for I think.
mbam-log-2010-07-14 (15-23-31)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4314
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/14/2010 3:23:31 PM
mbam-log-2010-07-14 (15-23-31).txt
Scan type: Quick scan
Objects scanned: 182867
Time elapsed: 10 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
***************************
***************************
***************************eset virus removal
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152544.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152557.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152559.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152600.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152601.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152602.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152603.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152604.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152605.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152608.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152609.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152610.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152728.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152732.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152733.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152734.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152735.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152736.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152737.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191547.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191602.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191603.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191604.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191605.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191606.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191607.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191608.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191609.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191610.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191726.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191733.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191734.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191735.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191736.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191737.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192020.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192227.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192347.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192348.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192417.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193529.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193537.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193539.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193540.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193541.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193542.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193543.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193544.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193545.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123351.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123421.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123441.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123445.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123456.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123512.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123914.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123931.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124016.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124041.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124131.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124143.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124250.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124253.backup Win32/Qhost trojan cleaned by deleting - quarantined
******************************
******************************
******************************ESETlog.txt
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=aeb0499bdad3a240ae4d56eab67c6268
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-14 11:44:28
# local_time=2010-07-14 04:44:28 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 9953210 9953210 0 0
# compatibility_mode=3585 16777214 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52456
# found=63
# cleaned=63
# scan_time=2960
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152544.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152557.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152559.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152600.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152601.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152602.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152603.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152604.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152605.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152608.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152609.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152610.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152728.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152732.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152733.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152734.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152735.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152736.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-152737.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191547.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191602.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191603.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191604.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191605.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191606.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191607.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191608.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191609.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191610.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191726.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191733.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191734.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191735.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191736.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-191737.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192020.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192227.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192347.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192348.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-192417.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193529.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193537.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193539.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193540.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193541.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193542.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193543.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193544.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100623-193545.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123351.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123421.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123441.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123445.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123456.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123512.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123914.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-123931.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124016.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124041.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124131.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124143.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124250.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\etc\hosts.20100705-124253.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
***************************************
***************************************
***************************************OTL.txt
OTL logfile created on: 7/14/2010 4:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 22.45 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 35.44 Gb Total Space | 33.77 Gb Free Space | 95.29% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.75 Gb Free Space | 99.47% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-C7FE788950
Current User Name: tom bright
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/07/11 19:28:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/06/10 18:04:58 | 000,689,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWUCli.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/20 14:42:44 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
========== Modules (SafeList) ========== MOD - [2010/07/11 19:28:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/26 15:43:14 | 001,251,720 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/13 17:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/02/05 01:03:16 | 000,139,936 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2006/02/03 18:29:36 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/12/19 20:41:56 | 000,198,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
========== Driver Services (SafeList) ========== DRV - [2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/01/18 21:07:34 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 22:59:42 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20091217.003\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2007/02/13 02:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/02/01 03:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/07 10:40:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/21 01:10:44 | 004,011,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/07/18 15:16:08 | 000,990,592 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 15:15:18 | 000,256,128 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 15:15:10 | 000,728,192 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/06/16 04:56:38 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/22 20:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/22 20:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/08/17 03:45:00 | 001,094,848 | R--- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/05 19:59:58 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/07/10 13:13:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/...b?1157651218218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftupdat...b?1157652195656 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.13.198.2 10.13.198.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\tom bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\tom bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/06 16:20:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ========== [2010/07/14 15:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/14 15:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Application Data\Malwarebytes
[2010/07/14 15:08:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/14 15:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/14 15:07:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/14 15:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/14 03:02:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/10 12:56:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/10 12:51:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/10 12:51:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/10 12:51:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/10 12:51:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/10 12:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/10 12:49:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/29 22:07:13 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/16 13:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Local Settings\Application Data\Temp
[2010/06/06 15:29:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\tom bright\Recent
[2010/06/06 15:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Application Data\VSRevoGroup
[2010/06/06 11:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/06/06 08:21:19 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/06 08:21:18 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/06 08:21:17 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/06 08:21:16 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/06 08:21:15 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/06 08:21:15 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/06 08:21:15 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/06 08:21:02 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/05 23:20:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\SMLNAV
[2010/06/05 23:20:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\ce2669b
[2010/06/05 21:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Application Data\HPAppData
[2010/06/05 20:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/06/05 20:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Application Data\HP
[2010/06/05 20:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\tom bright\Local Settings\Application Data\HP
[2010/06/05 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/06/05 19:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/06/05 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/06/05 19:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/06/05 19:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpoj4500g510a-f
[2010/06/05 19:49:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/05 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ========== [2010/07/14 16:49:10 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\tom bright\NTUSER.DAT
[2010/07/14 16:37:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/14 15:08:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/14 13:37:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/10 13:18:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/10 13:13:58 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/10 13:13:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 12:56:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/10 02:36:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 20:30:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 20:30:26 | 468,176,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 19:22:36 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\tom bright\Local Settings\Application Data\IconCache.db
[2010/07/05 12:48:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\tom bright\ntuser.ini
[2010/06/29 22:07:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 13:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 13:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 13:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 13:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 13:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 13:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 13:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 13:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 13:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 14:01:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\tom bright\defogger_reenable
[2010/06/23 13:55:00 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\tom bright\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/23 13:55:00 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\tom bright\Desktop\Spybot - Search & Destroy.lnk
[2010/06/11 03:19:38 | 000,092,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 03:03:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:41:03 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\tom bright\Desktop\Revo Uninstaller.lnk
[2010/06/06 08:21:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/05 21:24:55 | 000,013,488 | ---- | M] () -- C:\Documents and Settings\tom bright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/05 20:16:21 | 000,170,601 | ---- | M] () -- C:\WINDOWS\hpwins27.dat
[2010/06/05 20:03:56 | 000,171,542 | ---- | M] () -- C:\WINDOWS\hpwins27.dat.temp
[2010/06/05 20:03:45 | 000,000,512 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/05 19:59:34 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2010/06/05 19:55:34 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/05 19:54:10 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/07/14 15:08:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/10 12:56:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/10 12:56:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/10 12:51:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/10 12:51:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/10 12:51:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/10 12:51:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/10 12:51:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/25 14:01:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\tom bright\defogger_reenable
[2010/06/23 13:55:00 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\tom bright\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/23 13:55:00 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\tom bright\Desktop\Spybot - Search & Destroy.lnk
[2010/06/06 08:21:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/05 20:15:51 | 000,171,542 | ---- | C] () -- C:\WINDOWS\hpwins27.dat.temp
[2010/06/05 20:15:51 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat.temp
[2010/06/05 19:59:34 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2010/06/05 19:55:34 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/06/05 19:54:10 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/06/05 19:46:53 | 000,170,601 | ---- | C] () -- C:\WINDOWS\hpwins27.dat
[2010/06/05 19:46:52 | 000,000,385 | ---- | C] () -- C:\WINDOWS\hpwmdl27.dat
[2009/12/27 13:36:12 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/12/27 13:36:12 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/12/26 15:05:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/20 14:38:16 | 000,000,107 | ---- | C] () -- C:\WINDOWS\RCAMPEG4VC.ini
[2008/04/04 13:26:06 | 000,000,729 | ---- | C] () -- C:\WINDOWS\VRQCleanup.ini
[2008/02/07 09:51:08 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/01/25 12:52:33 | 000,000,919 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/25 12:08:24 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/25 12:08:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/16 14:55:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/08/13 17:49:56 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/05/09 14:52:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/02/01 08:21:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2007.ini
[2007/01/06 17:37:54 | 000,004,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\VolumeFilter.sys
[2007/01/06 17:37:54 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\DiskFilter.sys
[2006/09/23 15:20:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/07 09:28:56 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/06 16:01:03 | 000,001,042 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
========== LOP Check ========== [2010/06/06 08:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/06 16:19:38 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ce2669b
[2009/03/22 16:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/08/13 17:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/05 23:20:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SMLNAV
[2010/01/18 18:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/18 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/10/06 14:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/08/18 17:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/12/27 11:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tom bright\Application Data\IObit
[2010/01/18 16:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tom bright\Application Data\MSNInstaller
[2010/02/27 14:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tom bright\Application Data\Uniblue
[2010/06/06 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tom bright\Application Data\VSRevoGroup
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/29 14:59:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/12/29 14:59:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/29 14:59:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/02/28 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/12/29 14:59:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2006/02/28 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >[2006/02/28 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2006/09/06 09:10:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/06 09:10:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/06 09:10:03 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemdrive%\*.sys /90 /md5 >[2010/07/09 20:30:26 | 468,176,896 | -HS- | M] ()
Unable to obtain MD5 -- C:\hiberfil.sys
[2010/07/09 20:30:22 | 704,643,072 | -HS- | M] ()
Unable to obtain MD5 -- C:\pagefile.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
*********************************************
*********************************************
*********************************************extras.txt
OTL Extras logfile created on: 7/14/2010 4:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = E:\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 127.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.20 Gb Total Space | 22.45 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 35.44 Gb Total Space | 33.77 Gb Free Space | 95.29% Space Free | Partition Type: NTFS
Drive E: | 3.77 Gb Total Space | 3.75 Gb Free Space | 99.47% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-C7FE788950
Current User Name: tom bright
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.0
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office Keyboard 2.2" = Office Keyboard 2.2
"Revo Uninstaller" = Revo Uninstaller 1.88
"Shop for HP Supplies" = Shop for HP Supplies
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0297
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/22/2010 4:15:30 AM | Computer Name = YOUR-C7FE788950 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10d.ocx, version 10.0.42.34, fault address 0x00281d56.
Error - 3/28/2010 2:13:59 PM | Computer Name = YOUR-C7FE788950 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 -- Error 25007.Error occurred
while initializing fusion. Setup could not load fusion with LoadLibraryShim().
Error: 0x80131702
Error - 3/28/2010 2:14:15 PM | Computer Name = YOUR-C7FE788950 | Source = MsiInstaller | ID = 11935
Description = Product: ESScore -- Error 1935.An error occurred during the installation
of assembly component {26D149B5-DE47-41A1-89B3-121769423104}. HRESULT: 0x8002802F.
assembly interface: , function: CreateAssemblyNameObject, assembly name: VirtualCollectionBase-Defs-PlatReq,Version="1.0.5227.4054",PublicKeyToken="B0CFD8589C27B05F",Culture="neutral",FileVersion="1.0.0.0",ProcessorArchitecture="MSIL"
[ System Events ]
Error - 7/13/2010 5:36:03 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 12:11:57 AM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 1:41:01 AM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 3:06:24 AM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 12:26:57 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 1:58:30 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 3:10:36 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 4:46:27 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 6:22:21 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
Error - 7/14/2010 7:22:26 PM | Computer Name = YOUR-C7FE788950 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
FIREBALL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{9EEE6F3C-4757-4F87-. The master browser is stopping or an election
is being forced.
< End of report >
***********************************************
***********************************************
***********************************************I think that is everything you asked for.