Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect & "Themes" Service


  • This topic is locked This topic is locked
6 replies to this topic

#1 CivilAU34

CivilAU34

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 02 July 2010 - 08:25 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/328474/google-search-virus/ ~ OB

boopme, thanks for the help. I did have problems with the gmer application. The first time I ran it, it scanned for a couple minutes and then a dialog box came up saying the program had to be stopped. The second time I tried to run it, it scanned a shorter time, and then the blue window popped up saying Windows encountered an error and it restarted my computer. Now here I am...



DDS (Ver_10-03-17.01) - NTFSx86
Run by MattS at 7:53:23.43 on Fri 07/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.314 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MattS\Desktop\dds.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uStart Page = hxxp://www.mjharris.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Installer] c:\docume~1\matts\locals~1\temp\e.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [EPSON_UD_START] "c:\program files\epson projector\epson usb display v1.4\EMP_UD.exe" -UDCONNECT
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} - hxxp://www.mjharris.com/pw/mpsPwLc7.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxp://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235412909596
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235412900190
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.17.125.148/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: ppeclt - PPEClt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 192.168.23.5 NPIE99FC4

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-9-10 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-9-10 108392]
R2 EMP_UDSA;EMP_UDSA;c:\program files\epson projector\epson usb display v1.4\EMP_UDSA.exe [2009-10-23 94208]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2009-12-24 607624]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-9-10 2234296]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2009-10-23 17664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100701.052\NAVENG.SYS [2010-7-2 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100701.052\NAVEX15.SYS [2010-7-2 1347504]
S0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\ghmon.sys --> c:\windows\system32\drivers\ghmon.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 4FWZ0B7;6JJ1YKZ5KIF;c:\windows\E7CLUVI91G5.txt [2008-11-3 0]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-9-10 23888]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2005-2-2 9344]
S3 K20FD;Z6P40;\??\c:\windows\i35c0v.txt --> c:\windows\I35C0V.txt [?]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 174336]
S4 c.h;ch.;c:\windows\system32\hc.exe --> c:\windows\system32\hc.exe [?]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\documents and settings\matts\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
S4 msc;msc;c:\windows\system32\fkg.exe --> c:\windows\system32\fkg.exe [?]
S4 ngf;ngf;c:\windows\system32\ngf.exe --> c:\windows\system32\ngf.exe [?]
S4 wamn;wamn;c:\windows\system32\wamn.exe --> c:\windows\system32\wamn.exe [?]
S4 woaM;woaM;c:\windows\system32\woam.exe --> c:\windows\system32\woaM.exe [?]

============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-07-02 12:48:43 0 ----a-w- c:\documents and settings\matts\defogger_reenable
2010-07-02 01:27:37 0 d-----w- c:\program files\ESET
2010-07-01 23:02:40 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-01 20:20:19 0 d-----w- c:\docume~1\matts\applic~1\SUPERAntiSpyware.com
2010-07-01 20:20:19 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-01 20:20:14 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-01 20:04:23 0 d--h--w- c:\windows\system32\GroupPolicy
2010-06-28 15:30:23 3974 ----a-w- c:\windows\system32\tmp.reg
2010-06-23 18:02:14 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-07-01 18:39:00 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-05-02 00:03:56 174307 ----a-w- c:\windows\hpoins43.dat
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-12 22:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-06 09:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2008-06-23 20:26:51 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062320080624\index.dat

============= FINISH: 7:54:14.50 ===============

Attached Files


Edited by Orange Blossom, 02 July 2010 - 09:18 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:26 PM

Posted 06 July 2010 - 08:56 AM

Hello, My names Syler and I will be helping you to solve your malware issues.

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#3 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 09 July 2010 - 07:58 AM

OTL logfile created on: 7/9/2010 7:45:53 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\MattS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 9.34 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive J: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive K: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive L: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive M: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive N: | 200.94 Gb Total Space | 95.23 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive O: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive Q: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive T: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS

Computer Name: MASH-LT
Current User Name: MattS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 07:44:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\OTL.exe
PRC - [2009/12/24 22:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 22:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/09/10 10:24:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/09/10 10:24:02 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2008/09/10 10:24:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2008/09/10 10:24:02 | 000,349,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SescLU.exe
PRC - [2008/09/10 10:24:00 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/06/04 18:09:56 | 004,994,288 | ---- | M] (Itiva Digital Media) -- C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2008/06/03 08:28:46 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/05/28 13:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2007/08/11 20:05:27 | 001,418,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
PRC - [2007/08/11 20:05:27 | 000,484,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
PRC - [2006/12/18 16:54:32 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 12:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 14:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/24 15:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/06/28 21:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 07:44:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\woaM.exe -- (woaM)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\wamn.exe -- (wamn)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\ngf.exe -- (ngf)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\fkg.exe -- (msc)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hc.exe -- (c.h)
SRV - [2009/12/24 22:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/10 10:24:04 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2008/09/10 10:24:02 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2008/09/10 10:24:00 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/28 13:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2007/09/20 16:10:02 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\MattS\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/12/18 16:54:32 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\I35C0V.txt -- (K20FD)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ghmon.sys -- (GhMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys -- (EraserUtilDrv10741)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2010/05/26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/10 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/10 14:48:30 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/09/10 14:48:24 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/02/09 11:32:12 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/11/08 07:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\E7CLUVI91G5.txt -- (4FWZ0B7)
DRV - [2008/09/10 10:24:08 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/09/10 10:24:08 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/09/10 10:24:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/10 10:23:54 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/09/10 10:23:54 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/09/10 10:23:52 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/14 20:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/16 20:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/06/06 16:22:54 | 000,020,096 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/27 18:44:24 | 000,150,528 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/09/28 18:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/02/02 14:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/09/09 06:00:36 | 000,337,184 | R--- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mjharris.com/
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BC CF 50 FB CA 01 [binary data]
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2007/09/24 13:19:14 | 000,000,758 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.23.5 NPIE99FC4
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796..\Run: [Installer] C:\DOCUME~1\MattS\LOCALS~1\Temp\e.exe File not found
O4 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} http://www.mjharris.com/pw/mpsPwLc7.CAB (mpsPwLc7.PMWebSiteLogin)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1235412909596 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235412900190 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://69.17.125.148/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.6 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mail.mjharris.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ppeclt: DllName - PPEClt.dll - C:\WINDOWS\System32\PPEClt.dll (ANIXIS)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MJHI.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{115ce5da-13c2-11dc-abeb-00188bc3416c}\Shell\AutoRun\command - "" = E:\PCConnect.exe -- File not found
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell - "" = AutoRun
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell\AutoRun\command - "" = E:\EMP_UDSe.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 07:44:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\OTL.exe
[2010/07/01 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/01 18:02:40 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/01 15:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MattS\Application Data\SUPERAntiSpyware.com
[2010/07/01 15:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/01 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/01 15:04:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/28 07:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/09 07:44:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\OTL.exe
[2010/07/09 07:38:50 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/09 07:38:00 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 07:36:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 07:35:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 07:35:39 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/08 12:02:26 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\MattS\NTUSER.DAT
[2010/07/08 12:02:22 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MattS\ntuser.ini
[2010/07/08 12:01:39 | 005,367,170 | -H-- | M] () -- C:\Documents and Settings\MattS\Local Settings\Application Data\IconCache.db
[2010/07/07 21:30:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 09:01:26 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\MattS\My Documents\Default.rdp
[2010/07/06 22:02:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/06 12:43:41 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\MattS\Desktop\Microsoft Office Outlook 2003.lnk
[2010/07/02 10:19:25 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\MattS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/02 10:19:12 | 000,525,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 10:19:12 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/02 10:19:12 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 07:48:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MattS\defogger_reenable
[2010/07/01 18:37:54 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 18:34:11 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 18:32:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/28 10:30:24 | 000,003,974 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/23 08:33:01 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\MattS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/02 07:48:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MattS\defogger_reenable
[2010/07/01 16:50:46 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/28 10:30:23 | 000,003,974 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/23 13:02:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/13 16:17:41 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/24 11:57:13 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/03 21:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/11/03 15:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\winsawids.sys
[2008/11/03 14:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\snmp.sys
[2008/06/03 08:29:25 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/03 08:29:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/03 08:29:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2008/01/08 19:00:08 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/09/24 13:18:27 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/09/24 13:18:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/09/21 16:03:45 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/21 16:03:33 | 000,000,713 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/21 16:01:29 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/05/30 12:54:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/05/24 13:58:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/05/24 13:57:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2007/05/24 13:57:47 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2007/05/10 11:51:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/11 18:59:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/11 18:27:32 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/08 08:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2004/08/11 17:24:19 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 11:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/09/10 10:24:12 | 000,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/09/10 10:24:12 | 000,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2008/11/08 07:53:37 | 000,000,000 | ---- | M] () -- C:\h.exe
[2008/11/08 07:53:37 | 000,000,000 | ---- | M] () -- C:\s.exe
< End of report >


OTL Extras logfile created on: 7/9/2010 7:46:23 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\MattS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 367.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 9.34 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive J: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive K: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive L: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive M: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive N: | 200.94 Gb Total Space | 95.23 Gb Free Space | 47.39% Space Free | Partition Type: NTFS
Drive O: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive Q: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 67.46 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive T: | 1527.00 Gb Total Space | 317.86 Gb Free Space | 20.82% Space Free | Partition Type: NTFS

Computer Name: MASH-LT
Current User Name: MattS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:5400 Series Server -- File not found
"C:\Program Files\Symantec\Ghost\ngctw32.exe" = C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent -- (Symantec Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04f6ffea-6702-11dc-8314-0800200c9a66}" = Inter-Tel Collaboration Client 2.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{236C3863-4A50-4121-8B57-CBB85D58C5C3}" = Sprint Mobile Broadband (Novatel Wireless)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26502D04-57B1-4A2D-8D5D-9DE36FC99355}" = Mobile Broadband Generic Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 20
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384A291D-1138-4218-A41B-87CBAE22CFBA}" = hppFaxUtility
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCC6529-F3CA-4A3B-9B8E-EC7B0FF1041E}" = UnitConverter
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{7650F538-6274-44EA-8F50-843479073333}" = EPSON USB Display
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Standard 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0FEF031-E464-4B30-0AB3-00000DB3717B}" = Symantec Ghost Console Client
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B74B63A3-DF69-46EA-BFB8-08912C00CE11}" = Cisco ASDM Launcher
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4DDEB52-654D-4358-92EC-F550D088C1D7}" = Password Policy Client 6.0
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo Printer 720" = Dell Photo Printer 720
"DWG TrueView 2008" = DWG TrueView 2008
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"Itiva Media Accelerator" = Itiva Media Accelerator
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"VBAcodePrint" = VBAcodePrint
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1235366873-1825184392-1757479407-1796\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2010 10:10:54 PM | Computer Name = MASH-LT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/7/2010 10:11:15 PM | Computer Name = MASH-LT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/8/2010 6:10:53 AM | Computer Name = MASH-LT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/8/2010 10:58:22 AM | Computer Name = MASH-LT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/8/2010 10:58:25 AM | Computer Name = MASH-LT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/8/2010 10:58:47 AM | Computer Name = MASH-LT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/8/2010 11:09:27 AM | Computer Name = MASH-LT | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 7/9/2010 8:36:14 AM | Computer Name = MASH-LT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/9/2010 8:36:18 AM | Computer Name = MASH-LT | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/9/2010 8:37:49 AM | Computer Name = MASH-LT | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 7/8/2010 8:40:12 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:40:49 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:40:51 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:40:53 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:41:30 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:41:32 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 8:41:34 AM | Computer Name = MASH-LT | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer nsh-conf using any
of the configured protocols.

Error - 7/8/2010 10:58:22 AM | Computer Name = MASH-LT | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MJH_DOMAIN due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 7/8/2010 10:58:25 AM | Computer Name = MASH-LT | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.1.70 for the Network Card with network
address 0019D2BC9ADC has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/9/2010 8:36:14 AM | Computer Name = MASH-LT | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MJH_DOMAIN due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.


< End of report >


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:26 PM

Posted 09 July 2010 - 12:05 PM

A few things there to clean up. Can you let me know in your next reply how the computer is running and if you are
still having any problems.


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\woaM.exe -- (woaM)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\wamn.exe -- (wamn)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\ngf.exe -- (ngf)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\fkg.exe -- (msc)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hc.exe -- (c.h)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys -- (Nmea)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\I35C0V.txt -- (K20FD)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ghmon.sys -- (GhMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys -- (EraserUtilDrv10741)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2008/11/08 07:51:54 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\E7CLUVI91G5.txt -- (4FWZ0B7)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796..\Run: [Installer] C:\DOCUME~1\MattS\LOCALS~1\Temp\e.exe File not found
    O4 - HKU\S-1-5-21-1235366873-1825184392-1757479407-1796..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    [2008/11/03 21:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008/11/03 15:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\winsawids.sys
    [2008/11/03 14:12:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\snmp.sys
    [2008/01/08 19:00:08 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2008/11/08 07:53:37 | 000,000,000 | ---- | M] () -- C:\h.exe
    [2008/11/08 07:53:37 | 000,000,000 | ---- | M] () -- C:\s.exe
    :Reg
    [HKU\S-1-5-21-1235366873-1825184392-1757479407-1796\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\explorer.exe"=-
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"=-
    "C:\Program Files\AIM6\aim6.exe"=-
    "C:\WINDOWS\system32\lxctcoms.exe"=-
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please run a BitDefender Online Scan

Note: Only works with internet explorer
  • Click on the Start Scanner button.
  • Check I Agree to agree to the EULA, then click start here.
  • Allow the ActiveX control to install when prompted.
  • Click Start scan to begin scanning.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on more details, then click the detected problems tab and click, click here to export the scan report.
  • Save the report to your desktop as results.txt and post it in your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • bitdefender report

Thanks

unite.jpg


#5 CivilAU34

CivilAU34
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 12 July 2010 - 09:43 AM

Well, when I ran the first OTL, and rebooted my computer, a report opened; unfortunately I closed the report before I saved it, and have not been able to locate this report. I turned the "themes" service back on and rebooted. I've noticed that shutdown and startup takes a little time, and the "themes" service was automatically turned back off when the computer rebooted. I have included the New OTL log as well as the bitDefender log. Thanks.


OTL logfile created on: 7/9/2010 2:16:46 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\MattS\Desktop\Unused Desktop Icons\Fix\07-09-10
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 426.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.20 Gb Total Space | 12.47 Gb Free Space | 33.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 200.00 Gb Total Space | 66.51 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive J: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive K: | 200.00 Gb Total Space | 66.51 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
Drive L: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive M: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive N: | 200.94 Gb Total Space | 95.31 Gb Free Space | 47.43% Space Free | Partition Type: NTFS
Drive O: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive Q: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.51 Gb Free Space | 33.25% Space Free | Partition Type: NTFS
Drive T: | 1527.00 Gb Total Space | 318.04 Gb Free Space | 20.83% Space Free | Partition Type: NTFS

Computer Name: MASH-LT
Current User Name: MattS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 07:44:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\Unused Desktop Icons\Fix\07-09-10\OTL.exe
PRC - [2009/12/24 22:52:00 | 000,206,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngtray.exe
PRC - [2009/12/24 22:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Ghost\ngctw32.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/09/10 10:24:06 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/09/10 10:24:02 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2008/09/10 10:24:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2008/09/10 10:24:00 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/06/04 18:09:56 | 004,994,288 | ---- | M] (Itiva Digital Media) -- C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2008/06/03 08:28:46 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/05/28 13:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/18 16:54:32 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
PRC - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/03/24 16:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/10/07 12:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 14:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/24 15:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/06/28 21:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 07:44:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MattS\Desktop\Unused Desktop Icons\Fix\07-09-10\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/24 22:51:58 | 000,607,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/09/10 10:24:08 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/10 10:24:04 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2008/09/10 10:24:02 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2008/09/10 10:24:00 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/28 13:19:10 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2007/09/20 16:10:02 | 000,032,768 | ---- | M] (Inter-Tel (Delaware), Inc) [Disabled | Stopped] -- C:\Documents and Settings\MattS\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe -- (LkWebLink)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2006/12/18 16:54:32 | 000,155,648 | ---- | M] (Sprint Spectrum, L.L.C) [Auto | Running] -- C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe -- (OSCM Utility Service)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/05/26 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/10 03:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100709.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 03:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100709.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/10 14:48:30 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/09/10 14:48:24 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/09/10 14:48:24 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/02/09 11:32:12 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/17 01:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 01:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/12/17 01:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 01:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/09/10 10:24:08 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/09/10 10:24:08 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/09/10 10:24:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/09/10 10:23:54 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/09/10 10:23:54 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/09/10 10:23:52 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/14 20:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/28 14:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/16 20:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/06/06 16:22:54 | 000,020,096 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/27 18:44:24 | 000,150,528 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/09/28 18:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/02/02 14:29:28 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/09/09 06:00:36 | 000,337,184 | R--- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070411

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mjharris.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 18 BC CF 50 FB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2007/09/24 13:19:14 | 000,000,758 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.23.5 NPIE99FC4
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NGTray] C:\Program Files\Symantec\Ghost\ngtray.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2FE68711-8830-417D-95E0-EAB307DB0447} http://www.mjharris.com/pw/mpsPwLc7.CAB (mpsPwLc7.PMWebSiteLogin)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/Facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1235412909596 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235412900190 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://69.17.125.148/activex/AMC.cab (AxisMediaControlEmb Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.6 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mail.mjharris.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ppeclt: DllName - PPEClt.dll - C:\WINDOWS\System32\PPEClt.dll (ANIXIS)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MJHI.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{115ce5da-13c2-11dc-abeb-00188bc3416c}\Shell\AutoRun\command - "" = E:\PCConnect.exe -- File not found
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell - "" = AutoRun
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69700f8d-bfd5-11de-b1a0-0019d2bc9adc}\Shell\AutoRun\command - "" = E:\EMP_UDSe.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/09 13:55:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/09 13:40:13 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\MattS\Desktop\JavaRa.exe
[2010/07/09 13:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MattS\Desktop\JavaRa
[2010/07/01 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/01 18:02:40 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/01 15:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MattS\Application Data\SUPERAntiSpyware.com
[2010/07/01 15:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/01 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/01 15:04:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/06/28 07:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2010/07/09 14:09:38 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/07/09 14:09:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 14:08:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 14:08:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/09 14:08:13 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/09 14:07:02 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\MattS\NTUSER.DAT
[2010/07/09 14:06:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MattS\ntuser.ini
[2010/07/09 13:49:06 | 005,347,160 | -H-- | M] () -- C:\Documents and Settings\MattS\Local Settings\Application Data\IconCache.db
[2010/07/09 13:39:24 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\MattS\Desktop\JavaRa.zip
[2010/07/09 13:26:22 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\MattS\Desktop\Microsoft Office Outlook 2003.lnk
[2010/07/07 21:30:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 09:01:26 | 000,001,776 | -H-- | M] () -- C:\Documents and Settings\MattS\My Documents\Default.rdp
[2010/07/06 22:02:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/02 10:19:25 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\MattS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/02 10:19:12 | 000,525,644 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 10:19:12 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/02 10:19:12 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 07:48:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MattS\defogger_reenable
[2010/07/01 18:37:54 | 000,402,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/01 18:34:11 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 18:32:08 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/28 10:30:24 | 000,003,974 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/23 08:33:01 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\MattS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/07/09 13:42:07 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\MattS\Desktop\JavaRa.def
[2010/07/09 13:39:27 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\MattS\Desktop\JavaRa.zip
[2010/07/02 07:48:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MattS\defogger_reenable
[2010/07/01 16:50:46 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/28 10:30:23 | 000,003,974 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/06/23 13:02:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/13 16:17:41 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/24 11:57:13 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/06/03 08:29:25 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/03 08:29:25 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/03 08:29:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2007/09/24 13:18:27 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/09/24 13:18:27 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/09/21 16:03:45 | 000,000,458 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/21 16:03:33 | 000,000,713 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/21 16:01:29 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/05/30 12:54:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/05/24 13:58:05 | 000,000,285 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/05/24 13:57:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2007/05/24 13:57:47 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2007/05/10 11:51:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/11 18:59:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/04/11 18:27:32 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/08 08:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2004/08/11 17:24:19 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 11:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
< End of report >



BitDefender Online Scanner



Scan report generated at: Mon, Jul 12, 2010 - 09:39:20





Scan path: C:\;D:\;







Statistics

Time
01:50:44

Files
399518

Folders
6982

Boot Sectors
0

Archives
9572

Packed Files
23391




Results

Identified Viruses
3

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
7




Engines Info

Virus Definitions
6494500

Engine build
AVCORE v2.1 Windows/i386 11.0.0.33 (Jun 10 2010)

Scan plugins
17

Archive plugins
44

Unpack plugins
10

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\4DEA5761.VBN=>(Quarantine-9)
Infected with: Trojan.Generic.KD.11855

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\4DEA5761.VBN=>(Quarantine-9)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\4DEA5761.VBN
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80001\4DEA5A46.VBN=>(Quarantine-9)
Infected with: Trojan.Generic.KD.11855

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80001\4DEA5A46.VBN=>(Quarantine-9)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80001\4DEA5A46.VBN
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80002\4DEA5CF1.VBN=>(Quarantine-9)
Infected with: Trojan.Generic.4232281

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80002\4DEA5CF1.VBN=>(Quarantine-9)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80002\4DEA5CF1.VBN
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80003\4DEA60B3.VBN=>(Quarantine-9)
Infected with: Gen:Variant.Renos.26

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80003\4DEA60B3.VBN=>(Quarantine-9)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80003\4DEA60B3.VBN=>(Quarantine-9)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80003\4DEA60B3.VBN
Deleted





#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:26 PM

Posted 13 July 2010 - 05:07 AM

Your logs are looking fine to me now. I don't think that the "themes" service problem is being caused by malware, I
have had a look around but can't find a clear answer of what is causing it, I think you would be best asking about
this problem in the XP forum where someone can better assist you with this.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:26 PM

Posted 17 July 2010 - 07:42 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users