Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OTL logs - couldn't run DDS or GMER


  • This topic is locked This topic is locked
34 replies to this topic

#1 PNO

PNO

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 07 July 2010 - 06:50 PM


The moderator who suggested I run the OTL app mentioned that I should state that I couldn't run the DDS or GMER apps.

My earlier post at the "Am I infected" thread is here:
http://www.bleepingcomputer.com/forums/topic329682.html

The OTL logs follow:


OTL logfile created on: 7/7/2010 3:41:22 PM - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 92.00 Mb Available Physical Memory | 36.00% Memory free
625.00 Mb Paging File | 202.00 Mb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.64 Gb Total Space | 10.01 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENDEJO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/03/07 22:22:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2001/11/18 14:00:16 | 000,196,608 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe
PRC - [2001/11/06 19:46:13 | 000,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
PRC - [2001/09/20 09:32:00 | 000,028,729 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/11/06 19:46:13 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpcnet5u.sys -- (DPCNET5U)
DRV - [2010/07/07 01:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\navex15.sys -- (NAVEX15)
DRV - [2010/07/07 01:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100707.002\naveng.sys -- (NAVENG)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/11 21:28:44 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/03/07 22:22:53 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/02/20 20:27:34 | 000,018,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2002/02/20 20:26:14 | 000,185,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/11/06 19:15:08 | 000,026,996 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001/10/15 12:05:50 | 000,044,544 | ---- | M] (Zero-Knowledge Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\FREEDOM.sys -- (Freedom)
DRV - [2001/10/12 12:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 17:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 11:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 05:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 07:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 07:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 07:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 07:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 07:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 07:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 07:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 07:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 07:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 07:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)
DRV - [2001/01/29 16:57:04 | 000,207,296 | ---- | M] (Adaptec) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:83

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 09:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2004/04/04 16:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/06/27 07:46:54 | 000,000,000 | ---D | M]

[2008/08/25 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/22 12:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\extensions
[2010/06/22 11:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 07:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/16 08:35:56 | 000,081,920 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/05/12 07:52:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/17 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\ShellBrowser: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: fnismls.com ([samls] http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: prospector.metrolist.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([login] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([media] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([search] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([tarmls] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: snismls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([]www in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.avrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.barstowmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.cincymls.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.columbianortherndutchessmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.dabr.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.firelandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.fresnomls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.gniarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.greenemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivbor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lbarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lvarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.mariposabor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.marmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.midlandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernarizonamls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernkentuckymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.nwmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.odbrmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ojaivalleymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.portervillemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.somls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.swmric.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.tcmls.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.vvmls.com ([]http in Trusted sites)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} http://samls.fnismls.com/Paragon/Codebase/...rintControl.cab (PrintPreview Class)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file://C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097799494515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://tm.sureclose.com/include/xupload.ocx (Persits Software XUpload)
O16 - DPF: {FFCF75D1-CDB4-4ED8-AEAC-BC103FCAF159} http://imagedrec.water.az.gov/pwfiles/PowerWeb.cab (GetClient Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 14:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/07 15:37:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/07/01 20:23:29 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/27 21:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/27 19:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/27 19:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/27 18:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/22 11:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/06/22 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/22 11:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/10 08:52:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 15:52:32 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForOwner.bmp
[2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/07 11:50:46 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/07 11:50:09 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/07 11:49:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 11:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/07 11:49:49 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/07 11:48:25 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/07 11:48:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/05 15:48:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:32 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/05 00:33:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 20:23:26 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/29 21:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:47:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:49:45 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 21:49:44 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 21:49:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 21:35:49 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 07:47:05 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/22 12:14:35 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 15:48:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/29 21:00:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/22 12:14:35 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/22 12:06:03 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 21:12:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\FILEMAGC.INI
[2005/01/21 17:26:24 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2005/01/21 17:26:24 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2004/03/01 15:17:08 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/03/01 15:17:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/03/01 15:16:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/05/24 09:19:55 | 000,000,229 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/05/24 09:16:41 | 000,001,013 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/24 09:16:41 | 000,000,605 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/30 10:25:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/13 13:17:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/15 15:29:58 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2002/03/08 20:26:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2002/03/08 20:26:47 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/07 22:23:12 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/07 22:22:07 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2002/03/07 22:21:44 | 000,000,528 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/02/20 21:21:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/11/09 11:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 20:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 19:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 19:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 19:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 19:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 19:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 19:21:26 | 000,000,603 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 19:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 19:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 18:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 18:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 18:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 14:40:54 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 14:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 06:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 11:44:16 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/10/15 11:44:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/08/08 07:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 18:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 18:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 10:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/07/11 00:00:00 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\mapi32x.dll
[1997/06/06 03:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
< End of report >


The 'Extras' log:




OTL Extras logfile created on: 7/7/2010 3:41:23 PM - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 92.00 Mb Available Physical Memory | 36.00% Memory free
625.00 Mb Paging File | 202.00 Mb Available in Paging File | 32.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.64 Gb Total Space | 10.01 Gb Free Space | 30.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENDEJO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\Netscape\Netscape 6\netscp6.exe (Netscape Communications Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n ()
http [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP6.EXE -url "%1" (Netscape Communications Corporation)
https [open] -- C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCP6.EXE -url "%1" (Netscape Communications Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\DIRECWAY\BIN\websetup.exe" = C:\Program Files\DIRECWAY\BIN\websetup.exe:*:Enabled:websetup -- File not found
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Disabled:Core FTP App -- (Core FTP)
"C:\Program Files\DIRECWAY\BIN\dpcnav.exe" = C:\Program Files\DIRECWAY\BIN\dpcnav.exe:*:Disabled:Navigator -- File not found
"C:\Program Files\Netscape\Netscape 6\netscp6.exe" = C:\Program Files\Netscape\Netscape 6\netscp6.exe:*:Disabled:Netscape -- (Netscape Communications Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 Try Before You Buy
"{2A3E87C5-ED9D-427F-9E0F-C06E8EAD6351}" = Quicken 2003 Premier Home & Business
"{2B5DDB2C-0807-47FD-9C11-80EA761902C0}" = Easy Internet Sign-up
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35845E72-E34A-11D4-817D-005004D0F1FA}" = MarketBrowser
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{691652E3-D900-49C8-843B-2EB459A13653}" = Rapattoni MLS PDF Creator
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B4BB888-B44E-4B91-BEE9-FE14B312B58C}" = Sonic Foundry Super Duper Music Looper XPress
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = hp psc 2100 series
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF0DBCA4-1DBA-4507-89CC-883B25920FFB}" = War Games Virtual Warfare Demo
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F4536148-B779-4675-98A8-7DD474DDBDA7}" = Form Viewer
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDE1D2A0-3457-4A4F-BB9C-E3BD508DAB2F}" = PowerWeb ActiveX
"Adaptec UDF Reader" = Adaptec UDF Reader
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BackWeb-137903 Uninstaller" = hp center
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 1.3c" = Core FTP LE 1.3c
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Instant Support" = hp instant support
"HP Learning Adventure" = HP Learning Adventure
"HP PSC 2100 Series" = HP Photo and Imaging 2.0 - hp psc 2100 series
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"InstallShield_{2A3E87C5-ED9D-427F-9E0F-C06E8EAD6351}" = Quicken 2003 Premier Home & Business
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"JRE 1.3.1" = Java 2 Runtime Environment Standard Edition v1.3.1
"KazooStudio" = KazooStudio
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"My Photo Center" = My Photo Center
"Net2Phone_10_0" = Net2Phone
"Netscape 6 (6.2.1)" = Netscape 6 (6.2.1)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PCDoctor" = PC-Doctor for Windows
"PCPitstop Panda AntiVirus Scan" = PCPitstop Panda AntiVirus Scan (remove only)
"PS2" = PS2
"Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions
"Python 1.5.2 (final)" = Python 1.5.2 (final)
"Quicken Financial Center" = Quicken Financial Center
"RealPlayer 6.0" = RealPlayer Basic
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WeatherBug" = WeatherBug
"Webshots" = Webshots!
"WildTangentDDC" = WildTangent Channel Manager
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002 Try Before You Buy" = WordPerfect Office 2002 Try Before You Buy
"Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zero-Knowledge Freedom" = Zero-Knowledge Freedom

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2010 12:16:32 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Pidief in File: C:\Documents and Settings\Owner\Local
Settings\Temp\plugtmp-44\plugin-all.pdf by: Manual scan. Action: Clean failed
: Leave Alone succeeded :

Error - 7/7/2010 12:15:40 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\DOCUME~1\Owner\LOCALS~1\Temp\sDyyKSs4.scr.part
by: Manual scan. Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:40 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\Documents and Settings\Owner\Local
Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\38B01B0Bd01
by: Manual scan. Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:44 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Bugbear.B@mm in File: C:\DOCUME~1\OWNER\LOCALS~1\TEMP\pbczyuwv.scr
by: Manual scan. Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:45 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.PDF!gen in File: C:\Documents and
Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-newplayer.pdf by: Manual scan.
Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:46 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.PDF.21 in File: C:\Documents and
Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-all.pdf by: Manual scan.
Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:47 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Pidief.G in File: C:\Documents and
Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\04928B22d01
by: Manual scan. Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:47 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: W32.Erkez.B@mm in File: C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\uwk36ptj.slt\Cache\BCC3A8ECd01 by: Manual scan.
Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:48 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Bloodhound.PDF.23 in File: C:\Documents and
Settings\Owner\Local Settings\Temp\plugtmp-30\plugin-airhead.pdf by: Manual scan.
Action: Clean failed : Leave Alone succeeded :

Error - 7/7/2010 12:15:48 PM | Computer Name = PENDEJO | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Pidief in File: C:\Documents and Settings\Owner\Local
Settings\Temp\plugtmp-44\plugin-all.pdf by: Manual scan. Action: Clean failed
: Leave Alone succeeded :

[ System Events ]
Error - 7/5/2010 11:13:03 PM | Computer Name = PENDEJO | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 7/5/2010 11:25:03 PM | Computer Name = PENDEJO | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 7/5/2010 11:37:03 PM | Computer Name = PENDEJO | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 7/5/2010 11:42:21 PM | Computer Name = PENDEJO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/6/2010 2:56:51 AM | Computer Name = PENDEJO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/6/2010 7:18:43 PM | Computer Name = PENDEJO | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 7/6/2010 7:25:00 PM | Computer Name = PENDEJO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'gmer070610.log' on the volume 'HarddiskVolume2'. It
has stopped monitoring the volume.

Error - 7/6/2010 7:29:06 PM | Computer Name = PENDEJO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/7/2010 3:03:10 AM | Computer Name = PENDEJO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/7/2010 2:51:01 PM | Computer Name = PENDEJO | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >

*******

Thanks in advance for any assistance you can provide!

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 11 July 2010 - 06:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Since you're having issues with GMER< please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 July 2010 - 06:33 PM

Hello etavares,

Here is the OTL scan you requested:

OTL logfile created on: 7/12/2010 12:12:52 PM - Run 2
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 56.00%
Memory free
662.00 Mb Paging File | 332.00 Mb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.64 Gb Total Space | 10.72 Gb Free Space | 32.84% Space Free |
Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENDEJO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program
Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) --
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) --
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) --
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) --
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\explorer.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) --
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) --
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) --
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/03/07 22:22:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) --
C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) --
C:\Program Files\NavNT\rtvscan.exe
PRC - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) --
C:\Program Files\NavNT\defwatch.exe
PRC - [2001/11/18 14:00:16 | 000,196,608 | ---- | M] (The Webshots Corporation) --
C:\Program Files\Webshots\WebshotsTray.exe
PRC - [2001/11/06 19:46:13 | 000,016,384 | ---- | M] () -- C:\Program Files\hp
center\137903\Program\BackWeb-137903.exe
PRC - [2001/09/20 09:32:00 | 000,028,729 | ---- | M] (Intel® Corporation) --
C:\WINDOWS\SYSTEM32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/11/06 19:46:13 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and
Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll --
(HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll --
(AppMgmt)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.)
[On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto |
Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL --
(HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto |
Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll --
(hpqddsvc)
SRV - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) [Auto |
Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto |
Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --
C:\WINDOWS\System32\DRIVERS\dpcnet5u.sys -- (DPCNET5U)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel
| On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
[Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel |
System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand |
Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/11 21:28:44 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel
| On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/03/07 22:22:53 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider)
[Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/02/20 20:27:34 | 000,018,000 | ---- | M] () [Kernel | Auto | Running] --
C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/11/06 19:15:08 | 000,026,996 | ---- | M] (MusicMatch, Inc.) [Kernel |
Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001/10/15 12:05:50 | 000,044,544 | ---- | M] (Zero-Knowledge Systems Inc.)
[Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\FREEDOM.sys --
(Freedom)
DRV - [2001/10/12 12:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel |
On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 17:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel |
On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 11:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel |
On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel
| On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 05:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel |
On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 07:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 07:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 07:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 07:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 07:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 07:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 07:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 07:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 07:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 07:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company)
[Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)
DRV - [2001/01/29 16:57:04 | 000,207,296 | ---- | M] (Adaptec) [File_System | System
| Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://srch-us4.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://srch-us4.hpwis.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://us4.hpwis.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://us4.hpwis.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0

IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet
Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page = about:blank
IE -
HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyEnable" = 0
IE -
HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyOverride" = localhost
IE -
HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings: "ProxyServer" = http=127.0.0.1:83

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com
:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com
: C:\Program
Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11
09:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program
Files\Mozilla Firefox\components [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program
Files\Mozilla Firefox\plugins [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program
Files\Netscape\Netscape 6\Components [2004/04/04 16:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program
Files\Netscape\Netscape 6\Plugins [2010/06/27 07:46:54 | 000,000,000 | ---D | M]

[2008/08/25 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/22 12:30:59 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\extensions
[2010/06/22 11:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla
Firefox\extensions
[2010/05/12 07:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/16 08:35:56 | 000,081,920 | ---- | M] (Coupons, Inc.) -- C:\Program
Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/05/12 07:52:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) --
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/17 22:00:00 | 000,000,734 | ---- | M]) -
C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program
Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
(Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program
Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program
Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
(Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Zero-Knowledge Freedom) -
{FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero
Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\ShellBrowser:
(&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program
Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\WebBrowser:
(Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album
Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software
Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
(RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [Microsoft Works
Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp
center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP
Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc
2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
(Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start
Menu\Programs\Startup\AutoPlay.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start
Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The
Webshots Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start
Menu\Programs\Startup\Webshots.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O7 -
HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program
Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA}
- C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program
Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -
C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra Button: Show or hide HP Smart Web Printing -
{DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital
Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -
C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
(InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: ([]msn
in My Computer)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
fnismls.com ([samls] http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
prospector.metrolist.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
rapmls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
rapmls.com ([login] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
rapmls.com ([media] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
rapmls.com ([search] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
rapmls.com ([tarmls] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
snismls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
tarmls.com ([]www in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
tarmls.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.avrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.barstowmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.cincymls.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.columbianortherndutchessmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.dabr.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.firelandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.fresnomls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.gniarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.greenemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.ivbor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.ivrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.lbarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.lvarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.mariposabor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.marmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.midlandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.northernarizonamls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.northernkentuckymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.nwmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.odbrmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.ojaivalleymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.portervillemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.somls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.swmric.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.tcmls.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains:
www.vvmls.com ([]http in Trusted sites)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7}
http://samls.fnismls.com/Paragon/Codebase/...rintControl.cab (PrintPreview Class)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551}
file://C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\setup.cab (PowerTeam HTML Printing
Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://v5.windowsupdate.microsoft.com/v5co...b?1097799494515
(WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in
1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in
1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg
Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in
1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in
1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash
Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003}
https://tm.sureclose.com/include/xupload.ocx (Persits Software XUpload)
O16 - DPF: {FFCF75D1-CDB4-4ED8-AEAC-BC103FCAF159}
http://imagedrec.water.az.gov/pwfiles/PowerWeb.cab (GetClient Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab
(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft
Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll -
C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local
Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 14:36:00 | 000,000,000 | ---- | M] () -
C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Billminder.lnk - C:\Program Files\Quicken\billmind.exe -
(Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^hp center UI.lnk - C:\Program Files\hp
center\137903\Shadow\ShadowBar.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^hp center.lnk - C:\Program Files\hp
center\137903\Program\BackWeb-137903.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft
Office\Office\OSA.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Quicken Scheduled Updates.lnk - C:\Program
Files\Quicken\bagent.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE -
(Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start
Menu^Programs^Startup^Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe -
(The Webshots Corporation)
MsConfig - StartUpReg: DDCActiveMenu - hkey= - key= - C:\Program
Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe File not found
MsConfig - StartUpReg: DDCM - hkey= - key= - C:\Program
Files\WildTangent\DDC\DDCManager\DDCMan.exe File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: hpsysdrv - hkey= - key= -
c:\WINDOWS\SYSTEM\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KBD.EXE
(Hewlett-Packard Company)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= -
c:\Program Files\Microsoft Works\WkDetect.exe File not found
MsConfig - StartUpReg: Mozilla Quick Launch - hkey= - key= - C:\Program
Files\Netscape\Netscape 6\Netscp6.exe (Netscape Communications Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program
Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: PS2 - hkey= - key= - File not found
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program
Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= -
C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: S3TRAY2 - hkey= - key= - File not found
MsConfig - StartUpReg: vptray - hkey= - key= - C:\Program
Files\NavNT\vptray.exe (Symantec Corporation)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program
Files\Winamp\Winampa.exe ()
MsConfig - StartUpReg: Zero Knowledge Freedom - hkey= - key= - C:\Program
Files\Zero Knowledge\Freedom\Freedom.exe (Zero-Knowledge Systems Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut
Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/07 15:37:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and
Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:50:34 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Owner\Desktop\gmer
[2010/07/01 20:23:29 | 000,161,296 | ---- | C] (Trend Micro Inc.) --
C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/27 21:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/27 19:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/27 19:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/27 18:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/22 11:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All
Users\Desktop\Adobe Reader 9 Installer
[2010/06/22 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common
Files\Adobe AIR
[2010/06/22 11:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All
Users\Application Data\NOS
[2010/06/03 07:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My
Documents\Temp 10
[2010/05/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My
Documents\Temp9
[2010/05/12 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/04 10:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My
Documents\BeamYourScreen
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/12 12:16:22 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForOwner.bmp
[2010/07/12 00:58:59 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/12 00:58:28 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/12 00:58:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 00:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 00:58:07 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 00:56:30 | 005,767,168 | ---- | M] () -- C:\Documents and
Settings\Owner\ntuser.dat
[2010/07/12 00:56:30 | 000,000,178 | -HS- | M] () -- C:\Documents and
Settings\Owner\ntuser.ini
[2010/07/11 14:31:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and
Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:48:55 | 000,284,915 | ---- | M] () -- C:\Documents and
Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:32 | 000,525,824 | ---- | M] () -- C:\Documents and
Settings\Owner\Desktop\dds.scr
[2010/07/01 20:23:26 | 000,161,296 | ---- | M] (Trend Micro Inc.) --
C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/29 21:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and
Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:47:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:49:45 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 21:49:44 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 21:49:37 | 000,441,626 | ---- | M] () --
C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 21:35:49 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 07:47:05 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All
Users\Desktop\Adobe Reader 9.lnk
[2010/06/22 12:14:35 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All
Users\Desktop\Acrobat_com.lnk
[2010/05/31 22:39:25 | 000,006,656 | ---- | M] () -- C:\Documents and
Settings\Owner\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 15:48:29 | 000,284,915 | ---- | C] () -- C:\Documents and
Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:13 | 000,525,824 | ---- | C] () -- C:\Documents and
Settings\Owner\Desktop\dds.scr
[2010/06/29 21:00:26 | 000,000,036 | ---- | C] () -- C:\Documents and
Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/22 12:14:35 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All
Users\Desktop\Acrobat_com.lnk
[2010/06/22 12:06:03 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All
Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 21:12:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\FILEMAGC.INI
[2005/01/21 17:26:24 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2005/01/21 17:26:24 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2004/03/01 15:17:08 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/03/01 15:17:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/03/01 15:16:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/05/24 09:19:55 | 000,000,229 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/05/24 09:16:41 | 000,001,013 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/24 09:16:41 | 000,000,605 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/30 10:25:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/13 13:17:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/15 15:29:58 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2002/03/08 20:26:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2002/03/08 20:26:47 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/07 22:23:12 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/07 22:22:07 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2002/03/07 22:21:44 | 000,000,528 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/02/20 21:21:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/11/09 11:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 20:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 19:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 19:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 19:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 19:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 19:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 19:21:26 | 000,000,603 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 19:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 19:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 18:50:13 | 000,249,921 | ---- | C] () --
C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 18:50:13 | 000,065,536 | ---- | C] () --
C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 18:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 14:40:54 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 14:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 06:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 11:44:16 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/10/15 11:44:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/08/08 07:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 18:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 18:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 10:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/07/11 00:00:00 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\mapi32x.dll
[1997/06/06 03:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[1999/06/01 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default
User\Application Data\InterTrust
[2007/10/09 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\CoreFTP
[2002/05/26 18:10:49 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\Freedom
[2009/07/21 14:50:34 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\ImgBurn
[1999/06/01 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\InterTrust
[2007/03/26 08:16:08 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\Leadertech
[2002/04/05 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\Template
[2003/06/01 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Owner\Application Data\VERITAS
[2004/07/10 19:14:15 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task
#Hewlett-Packard#hp psc 2100 series#1081123683.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) --
C:\WINDOWS\SYSTEM32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/06 06:25:04 | 000,090,112 | ---- | M] () --
C:\WINDOWS\SYSTEM32\config\default.sav
[2001/11/06 06:25:04 | 000,606,208 | ---- | M] () --
C:\WINDOWS\SYSTEM32\config\software.sav
[2001/11/06 06:25:04 | 000,380,928 | ---- | M] () --
C:\WINDOWS\SYSTEM32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2001/11/06 14:36:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/10/14 19:58:51 | 000,000,201 | RHS- | M] () -- C:\BOOT.INI
[2001/11/06 14:36:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/18 23:41:39 | 000,002,868 | ---- | M] () -- C:\eandump.txt
[2002/09/15 17:13:30 | 000,004,972 | -H-- | M] () -- C:\ffastun.ffa
[2002/09/15 17:13:30 | 000,385,024 | -H-- | M] () -- C:\ffastun.ffl
[2002/09/15 17:13:30 | 000,208,896 | -H-- | M] () -- C:\ffastun.ffo
[2002/09/15 17:13:30 | 001,196,032 | -H-- | M] () -- C:\ffastun0.ffx
[2002/09/15 19:16:06 | 000,385,024 | ---- | M] () -- C:\ffastunT.ffl
[2001/11/09 11:36:10 | 000,007,887 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/07/12 00:58:07 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2004/04/01 09:42:35 | 000,202,868 | ---- | M] () -- C:\hpfr5550.log
[2010/01/09 08:21:19 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/03/25 11:49:28 | 000,000,433 | ---- | M] () -- C:\INSTALL.LOG
[2001/11/06 14:36:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/11/28 19:34:53 | 000,000,126 | -H-- | M] () -- C:\IPH.PH
[2001/11/06 14:36:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/03/07 22:21:47 | 000,000,000 | ---- | M] () -- C:\N2PActiveX.log
[2002/03/07 22:22:09 | 000,014,737 | ---- | M] () -- C:\N2pInst.log
[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\NPSWF32.dll
[2004/10/14 19:32:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 01:16:38 | 441,450,496 | -HS- | M] () -- C:\pagefile.sys
[2001/11/09 15:44:03 | 000,000,008 | ---- | M] () -- C:\USER
[2002/07/13 12:50:37 | 000,003,249 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) --
C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\hpfpp082.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp2.cab:AGP440.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp3.cab:AGP440.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file --
C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file --
C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB --
C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB --
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation)
MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB --
C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/04/13 15:35:18 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp1.cab:atapi.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp2.cab:atapi.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver
Cache\i386\sp3.cab:atapi.sys
[2004/04/13 15:35:18 | 012,091,533 | ---- | M] () .cab file --
C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file --
C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file --
C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation)
MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation)
MD5=CDFE4411A69C224BD1D11B2DA92DAC51 --
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
MD5=6D4FEB43EE538FC5428CC7F0565AA656 --
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation)
MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation)
MD5=82B24CB70E5944E6E34662205A2A5B78 --
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
MD5=1B7F071C51B77C272875C3A23E1E4550 --
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation)
MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation)
MD5=6C476D33D82F1054849790181E8F7772 --
C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation)
MD5=6C476D33D82F1054849790181E8F7772 --
C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation)
MD5=96353FCECBA774BB8DA74A1C6507015A --
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation)
MD5=0F78E27F563F2AAF74B91A49E2ABF19A --
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation)
MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation)
MD5=1800F293BCCC8EDE8A70E12B88D80036 --
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2002/11/01 15:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation)
MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002/11/01 15:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation)
MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$xpsp1hfm$\Q328310\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation)
MD5=7AA4F6C00405DFC4B70ED4214E7D687B --
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation)
MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation)
MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[2001/08/17 22:36:34 | 000,561,152 | ---- | M] (Microsoft Corporation)
MD5=BE57A5C3ABD240514B98F6BCA872FB21 --
C:\WINDOWS\$NtUninstallQ328310_RTM$\user32.dll
[2004/08/04 00:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation)
MD5=C72661F8552ACE7C5C85E16A3CF505C4 --
C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 00:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation)
MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2002/08/29 03:41:18 | 000,560,128 | ---- | M] (Microsoft Corporation)
MD5=DD9269230C21EE8FB7FD3FCCC3B1CFCB -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation)
MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation)
MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation)
MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2004/08/04 00:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation)
MD5=2ED0B7F12A60F90092081C50FA0EC2B2 --
C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2001/08/17 22:36:36 | 000,075,264 | ---- | M] (Microsoft Corporation)
MD5=8529C295DF59B564D37A73B5629162B1 -- C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll

< %systemroot%\*. /mp /s >

<
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

As to the GMER scan... I ran it yesterday in Safe Mode - took 6 hours to complete. As the instructions detail - I used the 'Save' button and selected the Desktop and named the file ark.txt. I clicked the 'Save' button on the dialogue box and the box disappeared (as one would expect). I looked at the Desktop for the file but didn't see it - nor was it in the Desktop folder for any of the users (admin, owner, all users). About that time the PC 'froze' and didn't respond to mouse clicks. I finally had to do a hard shut-down. On reboot there was no file by the name I gave it on any of the user Desktops and a search of 'all files and folders' yielded no file by that name. I checked again this morning and searched for all .txt files created yesterday - nada. I'm currently running the scan again (I'm writing this from my own PC now - nto the one in question) in Safe Mode and will report back either tonight or tomorrow with my results.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 13 July 2010 - 06:46 PM

OK, i'll keep an eye out for the GMER log. Since you had a rootkit detection, I really want to try. Let me know if this doesn't work.

Also, can you please repost the OTL log in Notepad, turn off word wrap (in the edit menu), then copy and paste it into your reply? Word Wrap makes it very difficult to deal with as the board keeps it in the form.

thanks!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 14 July 2010 - 01:03 AM

Hello etavares,

Below I'll post the OTL log without the word-wrap. Incidentally - when running the OTL a second time - it simply overwrote the first text file from the first run - but I noticed that the extras file was not overwritten - nor was a new one generated. I assume that was to be expected...?

As far as the GMER log I was running today in Safe Mode... It again ran for about 6 hours. When it completed I went to Save it - but rec'd a dialogue box that stated that My Documents was not available as the system didn't have enough resources. I clicked the OK on that pop-up and the next one stated that the Desktop was not available for the same reason. I then clicked to OK the pop-up and the Save dialogue box then came up - I named the file and pressed Save - but nothing was saved to the Desktop as I'd specified. I was also unable to pull up a blank Notepad to paste the result into - I rec'd the same message - Notepad wasn't available as the system didn't have the resources. I was unable to find any way to Save or Copy the GMER results and the PC eventually locked up (wouldn't respond to mouse clicks, Esc, or a Ctrl,Alt,Del) and I was forced to do a hard shut down as happened yesterday when I ran the GMER in Safe mode. The only difference that I can think of is that I don't recall getting the 'Desktop/My Docs/Notepad not available' message yesterday. (I can give you the exact wording of these pop-ups if you think that would be helpful)

I'll try again with the GMER either tomorrow or the following day in Safe Mode with 'Devices' unchecked as you'd suggested earlier.

OTL Log follows:



OTL logfile created on: 7/12/2010 12:12:52 PM - Run 2
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 143.00 Mb Available Physical Memory | 56.00% Memory free
662.00 Mb Paging File | 332.00 Mb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.64 Gb Total Space | 10.72 Gb Free Space | 32.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENDEJO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/03/07 22:22:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2001/11/18 14:00:16 | 000,196,608 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe
PRC - [2001/11/06 19:46:13 | 000,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
PRC - [2001/09/20 09:32:00 | 000,028,729 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/11/06 19:46:13 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpcnet5u.sys -- (DPCNET5U)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/11 21:28:44 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/03/07 22:22:53 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/02/20 20:27:34 | 000,018,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/11/06 19:15:08 | 000,026,996 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001/10/15 12:05:50 | 000,044,544 | ---- | M] (Zero-Knowledge Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\FREEDOM.sys -- (Freedom)
DRV - [2001/10/12 12:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 17:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 11:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 05:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 07:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 07:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 07:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 07:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 07:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 07:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 07:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 07:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 07:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 07:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)
DRV - [2001/01/29 16:57:04 | 000,207,296 | ---- | M] (Adaptec) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:83

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 09:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/27 16:57:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2004/04/04 16:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/06/27 07:46:54 | 000,000,000 | ---D | M]

[2008/08/25 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/22 12:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\extensions
[2010/06/22 11:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 07:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/16 08:35:56 | 000,081,920 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/05/12 07:52:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/17 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\ShellBrowser: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: fnismls.com ([samls] http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: prospector.metrolist.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([login] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([media] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([search] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([tarmls] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: snismls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([]www in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.avrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.barstowmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.cincymls.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.columbianortherndutchessmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.dabr.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.firelandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.fresnomls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.gniarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.greenemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivbor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lbarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lvarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.mariposabor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.marmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.midlandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernarizonamls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernkentuckymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.nwmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.odbrmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ojaivalleymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.portervillemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.somls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.swmric.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.tcmls.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.vvmls.com ([]http in Trusted sites)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} http://samls.fnismls.com/Paragon/Codebase/...rintControl.cab (PrintPreview Class)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file://C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097799494515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://tm.sureclose.com/include/xupload.ocx (Persits Software XUpload)
O16 - DPF: {FFCF75D1-CDB4-4ED8-AEAC-BC103FCAF159} http://imagedrec.water.az.gov/pwfiles/PowerWeb.cab (GetClient Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 14:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk - C:\Program Files\Quicken\billmind.exe - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk - C:\Program Files\hp center\137903\Shadow\ShadowBar.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk - C:\Program Files\Quicken\QWDLLS.EXE - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe - (The Webshots Corporation)
MsConfig - StartUpReg: DDCActiveMenu - hkey= - key= - C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe File not found
MsConfig - StartUpReg: DDCM - hkey= - key= - C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\WINDOWS\SYSTEM\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KBD.EXE (Hewlett-Packard Company)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - c:\Program Files\Microsoft Works\WkDetect.exe File not found
MsConfig - StartUpReg: Mozilla Quick Launch - hkey= - key= - C:\Program Files\Netscape\Netscape 6\Netscp6.exe (Netscape Communications Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: PS2 - hkey= - key= - File not found
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: S3TRAY2 - hkey= - key= - File not found
MsConfig - StartUpReg: vptray - hkey= - key= - C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\Winampa.exe ()
MsConfig - StartUpReg: Zero Knowledge Freedom - hkey= - key= - C:\Program Files\Zero Knowledge\Freedom\Freedom.exe (Zero-Knowledge Systems Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/07 15:37:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/07/01 20:23:29 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/27 21:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/27 19:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/27 19:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/27 18:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/06/22 11:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/06/22 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/22 11:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/03 07:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Temp 10
[2010/05/22 17:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Temp9
[2010/05/12 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/04 10:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BeamYourScreen
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/12 12:16:22 | 001,440,054 | ---- | M] () -- C:\WINDOWS\WebshotsForOwner.bmp
[2010/07/12 00:58:59 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/12 00:58:28 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/12 00:58:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 00:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 00:58:07 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 00:56:30 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/12 00:56:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/11 14:31:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:48:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:32 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/01 20:23:26 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/29 21:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:47:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:49:45 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 21:49:44 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 21:49:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 21:35:49 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 07:47:05 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/22 12:14:35 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/05/31 22:39:25 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/05 15:48:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/29 21:00:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/22 12:14:35 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/06/22 12:06:03 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/31 21:12:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\FILEMAGC.INI
[2005/01/21 17:26:24 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2005/01/21 17:26:24 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2004/03/01 15:17:08 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/03/01 15:17:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/03/01 15:16:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/05/24 09:19:55 | 000,000,229 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/05/24 09:16:41 | 000,001,013 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/24 09:16:41 | 000,000,605 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/30 10:25:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/13 13:17:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/15 15:29:58 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2002/03/08 20:26:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2002/03/08 20:26:47 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/07 22:23:12 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/07 22:22:07 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2002/03/07 22:21:44 | 000,000,528 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/02/20 21:21:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/11/09 11:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 20:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 19:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 19:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 19:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 19:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 19:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 19:21:26 | 000,000,603 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 19:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 19:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 18:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 18:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 18:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 14:40:54 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 14:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 06:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 11:44:16 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/10/15 11:44:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/08/08 07:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 18:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 18:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 10:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/07/11 00:00:00 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\mapi32x.dll
[1997/06/06 03:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL

========== LOP Check ==========

[1999/06/01 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2007/10/09 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CoreFTP
[2002/05/26 18:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2009/07/21 14:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[1999/06/01 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2007/03/26 08:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2002/04/05 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2003/06/01 16:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2004/07/10 19:14:15 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1081123683.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/06 06:25:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2001/11/06 06:25:04 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2001/11/06 06:25:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2001/11/06 14:36:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/10/14 19:58:51 | 000,000,201 | RHS- | M] () -- C:\BOOT.INI
[2001/11/06 14:36:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/18 23:41:39 | 000,002,868 | ---- | M] () -- C:\eandump.txt
[2002/09/15 17:13:30 | 000,004,972 | -H-- | M] () -- C:\ffastun.ffa
[2002/09/15 17:13:30 | 000,385,024 | -H-- | M] () -- C:\ffastun.ffl
[2002/09/15 17:13:30 | 000,208,896 | -H-- | M] () -- C:\ffastun.ffo
[2002/09/15 17:13:30 | 001,196,032 | -H-- | M] () -- C:\ffastun0.ffx
[2002/09/15 19:16:06 | 000,385,024 | ---- | M] () -- C:\ffastunT.ffl
[2001/11/09 11:36:10 | 000,007,887 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/07/12 00:58:07 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2004/04/01 09:42:35 | 000,202,868 | ---- | M] () -- C:\hpfr5550.log
[2010/01/09 08:21:19 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/03/25 11:49:28 | 000,000,433 | ---- | M] () -- C:\INSTALL.LOG
[2001/11/06 14:36:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/11/28 19:34:53 | 000,000,126 | -H-- | M] () -- C:\IPH.PH
[2001/11/06 14:36:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/03/07 22:21:47 | 000,000,000 | ---- | M] () -- C:\N2PActiveX.log
[2002/03/07 22:22:09 | 000,014,737 | ---- | M] () -- C:\N2pInst.log
[2004/06/09 16:03:02 | 000,832,728 | ---- | M] () -- C:\NPSWF32.dll
[2004/10/14 19:32:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/12 01:16:38 | 441,450,496 | -HS- | M] () -- C:\pagefile.sys
[2001/11/09 15:44:03 | 000,000,008 | ---- | M] () -- C:\USER
[2002/07/13 12:50:37 | 000,003,249 | -H-- | M] () -- C:\_NavCClt.Log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/08/12 10:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\hpfpp082.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
[2004/08/03 23:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/04/13 15:35:18 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/04/13 15:35:18 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/10/14 19:18:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/06/27 18:08:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2004/08/03 22:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 00:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 00:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 11:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2002/11/01 15:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation) MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002/11/01 15:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation) MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$xpsp1hfm$\Q328310\user32.dll
[2007/03/08 08:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[2001/08/17 22:36:34 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=BE57A5C3ABD240514B98F6BCA872FB21 -- C:\WINDOWS\$NtUninstallQ328310_RTM$\user32.dll
[2004/08/04 00:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2004/08/04 00:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2002/08/29 03:41:18 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=DD9269230C21EE8FB7FD3FCCC3B1CFCB -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
[2005/03/02 11:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2004/08/04 00:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2001/08/17 22:36:36 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=8529C295DF59B564D37A73B5629162B1 -- C:\WINDOWS\$NtUninstallKB817778$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 14 July 2010 - 05:42 PM

OK, thanks for posting...no worries about the extra log not being overwritten. Now...please let me know if GMEr still doesn't work after doing in Safe Mode with 'Devices' unchecked. I strongly prefer those results so we know what we're dealing with in case we have issues later. We can still proceed without it, but there is slightly higher risk since I'm not entirely sure all that we're facing.

EDIT: PS> Do you know what this program is? C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe

Edited by etavares, 14 July 2010 - 05:51 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 16 July 2010 - 01:35 AM

Hello etavares,

I ran the GMER again today in Safe Mode with 'devices' unchecked. As per usual - it still took about 6 hours to run. When I went to 'save' I rec'd the same pop-ups that I'd mentioned last time about My Docs/Desktop being unavailable as the system didn't have the resources. I went ahead and tried the save anyway as the Save dialogue box still came up. This time I did see a file by the name of 'ark' on the desktop. I went ahead and tried to save a couple more copies (just in case...) but none of those appeared on the desktop - same pop-ups about system resources each time. I then shut down GMER and restarted the PC. After 15-20 minutes of waiting for the restart - I finally did a hard shut-down as I've had to do each time I've run the GMER in Safe Mode.

Once I'd restarted the PC and navigated to the right desktop to find the 'ark' file - all I had was a blank Notepad file.

I've noticed that when working with this PC that it's incredibly slow lately - it takes a good 15 minutes for the Systems Tray to fully load on start-up. (there's a lot of junk on it) My Computer takes 5-10 minutes to come up and populate - and Spybot - S&D took over 30 minutes to load. The browsers (FF and IE) still seem to load relatively quickly and web usage doesn't seem to be affected.

I'd gone into Spybot to see if the file you'd asked about - autoplay.exe - was listed in the system start-up list - but found no reference to it. Didn't see a reference to it in the 'processes' or 'applications' tab of the system box that comes up with Ctrl,Alt,Del either. They've got Real Player and some kind of screen saver program (webshots) in the System Tray - so it ~may~ be related to those...?

I also took a look at the Norton AV control panel while I had time with the PC and saw that it still hasn't completed a scheduled scan since 5/13. In yesterday's scan it again identified the viruses and trojans I'd listed in my first post - and as before - left them alone despite 'repair' being selected as the first option for discovered malware during the scheduled scan and 'quarantine' as the second option. I only mention this as these are the first things that made me suspicious when this whole business began.

So - Within the next couple days I'll again try the GMER scan - this time with only 'files' and 'sections' checked. Btw - I'm a little surprised that GMER seems such a resource hog - particularly in Safe Mode. Is this a somewhat 'normal' thing? Also - is there any chance that the scan will take less time with the new criteria?

Edited by PNO, 16 July 2010 - 01:37 AM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 16 July 2010 - 05:55 PM

Hello, PNO.

Hi PNO-

OK, let's push on without GMER. I dont' want to cause another delay. (If you see this after you have a GMER log, please IGNORE this and let me look over the GMER log, but if you read this before trying again, please continue). GMER can be difficult to run...sometimes it's viruses, other times its related to what it needs to do to look for rootkits. A GMER log is a key tool so it's worth a few tries.

I don't think that file is related to either of the programs you mention since I see other startup items for them. We'll come back to this.

You also have MarketBrowser installed...it's legimate, but it does have tracking functionality. It's up to you if you want to uninstall it via Add/remove programs.

You also have Backweb installed (It's HP Center). Again, legimate software made by HP, but it does delivers ads to your computer. It's up to you to keep or remove.









Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 18 July 2010 - 02:27 AM

Hello etavares,

Below I'll post the CF log. Thanks for mentioning some of the issues you'd noticed about the system - I'll go over these with the owner and see what can be done. I noticed that the Norton AV ran and completed the last couple days for the scheduled scan - it hasn't done this for a couple months. (completed a scheduled scan) I can think of nothing that would have brought about this behaviour - but I thought I'd mention it.

I ran the CF with no difficulties - but didn't have enough time to see if anything changed after it was run. If I or the regular users notice anything different tomorrow I'll note it here.

Combo Fix Log:

ComboFix 10-07-16.01 - Owner 07/17/2010 21:29:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.110 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\etavaresCF.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\MYDOCU~1\JDBUSI~1\DGLAss~1.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\AutoPlay.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-18 to 2010-07-18 )))))))))))))))))))))))))))))))
.

2010-07-14 05:23 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 20:37 . 2010-07-12 20:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2010-07-12 20:30 . 2010-07-12 20:30 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-02 03:23 . 2010-07-02 03:23 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-28 02:15 . 2010-06-28 02:15 -------- d-----w- c:\windows\system32\scripting
2010-06-28 02:15 . 2010-06-28 02:15 -------- d-----w- c:\windows\l2schemas
2010-06-28 02:15 . 2010-06-28 02:15 -------- d-----w- c:\windows\system32\en
2010-06-22 18:44 . 2010-06-22 18:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-22 18:32 . 2010-06-22 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 19:05 . 1999-06-02 04:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-12 14:52 . 2010-05-12 14:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-06 10:41 . 2004-02-07 01:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2001-08-18 05:24 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2001-08-17 21:55 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-03-27 21:19 . 2009-03-27 21:19 1878888 ----a-w- c:\program files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-03-08 26112]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2002-3-15 196608]
Webshots.lnk.disabled [2004-2-27 729]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2001-11-6 16384]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center UI.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp center UI.lnk
backup=c:\windows\pss\hp center UI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=c:\windows\pss\hp center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2001-08-08 00:36 90112 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 17:04 52736 ----a-w- c:\windows\SYSTEM\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2001-08-08 01:25 143360 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2001-07-06 22:56 61440 ----a-w- c:\hp\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
2001-11-28 22:03 380928 ----a-w- c:\program files\Netscape\Netscape 6\netscp6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2001-07-03 22:13 81920 ----a-w- c:\windows\SYSTEM32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2002-03-08 05:22 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2001-06-15 23:34 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
2001-10-04 19:06 69632 ----a-w- c:\windows\SYSTEM32\S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2002-02-21 04:22 73728 ----a-w- c:\program files\NavNT\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2001-04-30 20:57 10752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zero Knowledge Freedom]
2001-10-15 19:04 127030 ----a-w- c:\program files\Zero Knowledge\Freedom\Freedom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\Netscape\\Netscape 6\\netscp6.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

S2 mrtRate;mrtRate; [x]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVAP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2004-07-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B8081123683.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
mSearch Bar = hxxp://srch-us4.hpwis.com/
uInternet Settings,ProxyServer = http=127.0.0.1:83
uInternet Settings,ProxyOverride = localhost
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
LSP: c:\windows\System32\ZKLSPR.DLL
Trusted Zone: fnismls.com\samls
Trusted Zone: prospector.metrolist.net
Trusted Zone: rapmls.com
Trusted Zone: rapmls.com\login
Trusted Zone: rapmls.com\media
Trusted Zone: rapmls.com\search
Trusted Zone: rapmls.com\tarmls
Trusted Zone: snismls.com
Trusted Zone: tarmls.com
Trusted Zone: tarmls.com\www
Trusted Zone: www.avrealestate.com
Trusted Zone: www.barstowmls.com
Trusted Zone: www.cincymls.net
Trusted Zone: www.columbianortherndutchessmls.com
Trusted Zone: www.dabr.com
Trusted Zone: www.firelandsmls.com
Trusted Zone: www.fresnomls.com
Trusted Zone: www.gniarmls.com
Trusted Zone: www.greenemls.com
Trusted Zone: www.ivbor.com
Trusted Zone: www.ivrealestate.com
Trusted Zone: www.lbarmls.com
Trusted Zone: www.lvarmls.com
Trusted Zone: www.mariposabor.com
Trusted Zone: www.marmls.com
Trusted Zone: www.midlandsmls.com
Trusted Zone: www.northernarizonamls.com
Trusted Zone: www.northernkentuckymls.com
Trusted Zone: www.nwmls.com
Trusted Zone: www.odbrmls.com
Trusted Zone: www.ojaivalleymls.com
Trusted Zone: www.portervillemls.com
Trusted Zone: www.somls.com
Trusted Zone: www.swmric.com
Trusted Zone: www.tcmls.org
Trusted Zone: www.vvmls.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} - file://c:\docume~1\Owner\LOCALS~1\Temp\IXP000.TMP\setup.cab
DPF: {FFCF75D1-CDB4-4ED8-AEAC-BC103FCAF159} - hxxp://imagedrec.water.az.gov/pwfiles/PowerWeb.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
MSConfigStartUp-DDCActiveMenu - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
MSConfigStartUp-DDCM - c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
AddRemove-WildTangentDDC - c:\program files\WildTangent\DDC\DDCManager\Uninstall.exe
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
AddRemove-{1E6ADBB1-4D4E-4A02-A269-75243222C467} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{419C98C4-D884-4174-B710-CBF3863767DA} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{6E657D86-77B8-4D97-9E31-7D374469D3CB} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{6F0DE0D5-2556-4A64-9892-07BAE121B7EC} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{AF0DBCA4-1DBA-4507-89CC-883B25920FFB} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{B279B0DA-6F60-4FBD-9847-0C9AB79A3674} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{BF225650-36EB-45E8-9666-572A88F31D59} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{D6CAB2F4-26A4-48F4-A35D-CA83063E3928} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
AddRemove-{D6F6456A-DB80-4769-985C-E4F9342202D0} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\System32\NavLogon.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\System32\ZKLSPR.DLL
c:\windows\system32\sxlrt232.dll
.
Completion time: 2010-07-17 22:18:27
ComboFix-quarantined-files.txt 2010-07-18 05:18

Pre-Run: 11,076,153,344 bytes free
Post-Run: 12,339,486,720 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B69DD21401CFE884845404F35B53F0F7


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 18 July 2010 - 07:11 AM

Ok, before we go any further, in your original thread you listed a bunch of viruses detected, but not removed. Can you please provide that list? I'd like to tell CF to go delete those files in case they're still here. Or did the latest scan get them?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 20 July 2010 - 01:53 AM

Hello etavares,

Sorry to be absent for a while - sometimes it's difficult to get time with the PC in question.

The AV has run its regular scheduled scan for the last four days now - and I initiated a custom scan this evening to see what it might reveal. This time - unlike previous attempts to initiate a custom scan in the last couple weeks - the scan didn't terminate immediately. The results to both my custom scan and the scheduled scans are that no infections are found - but - I also notice 2-3 dozen files that were omitted. Some of the omitted files I understand - like a few files in the Spybot Recovery folder - others I have no idea why the files were omitted from the scan.

As far as providing the list of the viruses found at earlier points by NAV that were left alone (instead of being quarantined as per chosen secondary option) - would you like the file paths to them - names...? The NAV control panel has a few options in the history tab: virus history, scan history, and event log. These logs can be exported in a comma delineated format -would that be useful?

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 20 July 2010 - 08:06 PM

Well...it depends. Do you still have items that are "left alone"? I'd also like to see the list of omitted files. CSV is fine. If you can't attach it, let me know and I'll PM you my email address. Some file types can't be attached...CSV should be OK I think.

I just want to make sure we've cleared this up for real before we move on. Also...you had viruses in your temp folder, so let's clean that out.

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

Please download TFC by OldTimer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Edited by etavares, 20 July 2010 - 08:06 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 23 July 2010 - 06:52 PM

Hello, PNO.

Ok, got hte CSV. let's try a few things. After this, please run the onboard AV scan again and let me know if it detected these or not.



Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
    • This is first Mirror
    • [urhttp://www.itxassociates.com/OT-Tools/OTL.exe]This is the second mirror[/url]
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:83
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\dpcnet5u.sys -- (DPCNET5U)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
    :files
    C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-44\plugin-all.pdf
    C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-30\plugin-airhead.pdf
    C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\uwk36ptj.slt\Cache\BCC3A8ECd01
    C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\04928B22d01
    C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-all.pdf
    C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-newplayer.pdf
    C:\DOCUME~1\OWNER\LOCALS~1\TEMP\pbczyuwv.scr
    C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\38B01B0Bd01
    C:\DOCUME~1\Owner\LOCALS~1\Temp\sDyyKSs4.scr.part
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 23 July 2010 - 09:28 PM

Hello etavares,

Below you'll find the OTL script/fix log you requested earlier today.

I ran the TFC earlier today as you'd requested a couple days ago - that'd probably account for the small number of temp files addressed in this OTL fix you'd asked for.

After 5 days of successfully completing the scheduled scans - I noticed today that the Norton AV did not complete the scan from last night. No idea why...

I'll run the second OTL report once I'm done posting this and will likely post it later tonight.

OTL log of script/fix:

All processes killed
========== OTL ==========
HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll not found.
Service DPCNET5U stopped successfully!
Service DPCNET5U deleted successfully!
File C:\WINDOWS\System32\DRIVERS\dpcnet5u.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-44\plugin-all.pdf not found.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-30\plugin-airhead.pdf not found.
File\Folder C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\uwk36ptj.slt\Cache\BCC3A8ECd01 not found.
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\04928B22d01 not found.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-all.pdf not found.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\plugtmp-34\plugin-newplayer.pdf not found.
File\Folder C:\DOCUME~1\OWNER\LOCALS~1\TEMP\pbczyuwv.scr not found.
File\Folder C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\Cache\38B01B0Bd01 not found.
File\Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\sDyyKSs4.scr.part not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 182902 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9104811 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6733 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


OTL by OldTimer - Version 3.2.8.0 log created on 07232010_190349

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll moved successfully.

Registry entries deleted on Reboot...


#15 PNO

PNO
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 23 July 2010 - 11:13 PM

Hello etavares,

Below is the OTL report you requested today. I'm not going to have a chance to run the AV this eve - but it is scheduled to run a scan early tomorrow morning. I can let you know the results of that tomorrow afternoon - or I may run a custom scan - particularly if the scheduled scan doesn't finish as it did today.

OTL report:

OTL logfile created on: 7/23/2010 7:48:31 PM - Run 3
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 56.00 Mb Available Physical Memory | 22.00% Memory free
744.00 Mb Paging File | 296.00 Mb Available in Paging File | 40.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.64 Gb Total Space | 11.85 Gb Free Space | 36.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PENDEJO
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2009/05/21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/16 20:11:26 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 20:11:26 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 19:23:30 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/13 17:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/04/06 00:37:10 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/03/07 22:22:49 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2001/11/18 14:00:16 | 000,196,608 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe
PRC - [2001/11/06 19:46:13 | 000,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
PRC - [2001/09/20 09:32:00 | 000,028,729 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/11/06 19:46:13 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/05/21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/10/16 19:30:28 | 000,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 19:24:24 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2002/02/20 21:12:52 | 000,471,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2002/02/20 21:08:32 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/21 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\navex15.sys -- (NAVEX15)
DRV - [2010/07/21 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\naveng.sys -- (NAVENG)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/11 21:28:44 | 000,058,032 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/03/07 22:22:53 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/02/20 20:27:34 | 000,018,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2002/02/20 20:26:14 | 000,185,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/11/06 19:15:08 | 000,026,996 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001/10/15 12:05:50 | 000,044,544 | ---- | M] (Zero-Knowledge Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\FREEDOM.sys -- (Freedom)
DRV - [2001/10/12 12:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 17:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 11:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 05:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 07:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 07:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 07:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 07:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 07:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 07:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 07:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 07:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 07:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 07:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/04 08:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)
DRV - [2001/01/29 16:57:04 | 000,207,296 | ---- | M] (Adaptec) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr.sys -- (UdfReadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 09:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 07:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 07:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2004/04/04 16:33:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.2.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2010/06/27 07:46:54 | 000,000,000 | ---D | M]

[2008/08/25 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/22 12:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rnhq51oa.default\extensions
[2010/06/22 11:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 07:57:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/04/16 08:35:56 | 000,081,920 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/05/12 07:52:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/17 21:58:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZKBho Class) - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll (Zero-Knowledge Systems Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\ShellBrowser: (&Zero-Knowledge Freedom) - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll (Zero-Knowledge Systems Inc.)
O3 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy ()
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: fnismls.com ([samls] http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: prospector.metrolist.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([login] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([media] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([search] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: rapmls.com ([tarmls] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: snismls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([]www in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: tarmls.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.avrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.barstowmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.cincymls.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.columbianortherndutchessmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.dabr.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.firelandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.fresnomls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.gniarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.greenemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivbor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ivrealestate.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lbarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.lvarmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.mariposabor.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.marmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.midlandsmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernarizonamls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.northernkentuckymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.nwmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.odbrmls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.ojaivalleymls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.portervillemls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.somls.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.swmric.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.tcmls.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1779672970-568186159-1426590395-1003\..Trusted Domains: www.vvmls.com ([]http in Trusted sites)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} http://samls.fnismls.com/Paragon/Codebase/...rintControl.cab (PrintPreview Class)
O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} file://C:\DOCUME~1\Owner\LOCALS~1\Temp\IXP000.TMP\setup.cab (PowerTeam HTML Printing Behavior)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1097799494515 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.1/jinstall-...indows-i586.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://tm.sureclose.com/include/xupload.ocx (Persits Software XUpload)
O16 - DPF: {FFCF75D1-CDB4-4ED8-AEAC-BC103FCAF159} http://imagedrec.water.az.gov/pwfiles/PowerWeb.cab (GetClient Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.82.4.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 14:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 19:03:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/22 22:41:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/22 16:39:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/07/17 21:16:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/17 21:09:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/17 21:09:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/17 21:09:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/17 21:09:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/17 21:09:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/17 21:08:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/13 22:23:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/07 15:37:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/07/01 20:23:29 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/27 21:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/06/27 19:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/06/27 19:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/27 18:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

========== Files - Modified Within 30 Days ==========

[2010/07/23 19:16:35 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/23 19:15:08 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/23 19:13:52 | 001,296,054 | ---- | M] () -- C:\WINDOWS\WebshotsForOwner.bmp
[2010/07/23 19:08:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 19:06:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 19:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 19:06:30 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 19:05:44 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/23 19:05:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/22 16:39:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/07/17 21:58:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/17 21:58:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/17 21:16:49 | 000,000,272 | RHS- | M] () -- C:\BOOT.INI
[2010/07/17 20:55:01 | 003,738,205 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe
[2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:48:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:32 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/01 20:23:26 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/06/29 21:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:47:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:49:45 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 21:49:44 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 21:49:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 21:35:49 | 000,178,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 18:40:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/27 07:47:05 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/07/17 21:16:48 | 000,000,201 | ---- | C] () -- C:\Boot.bak
[2010/07/17 21:16:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/17 21:09:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/17 21:09:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/17 21:09:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/17 21:09:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/17 21:09:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/17 20:53:50 | 003,738,205 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe
[2010/07/15 21:03:54 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/05 15:48:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:13 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/29 21:00:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/03/31 21:12:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\FILEMAGC.INI
[2005/01/21 17:26:24 | 000,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2005/01/21 17:26:24 | 000,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2004/03/01 15:17:08 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/03/01 15:17:07 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/03/01 15:16:21 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2003/05/24 09:19:55 | 000,000,229 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/05/24 09:16:41 | 000,001,013 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/24 09:16:41 | 000,000,605 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/30 10:25:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/13 13:17:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/15 15:29:58 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2002/03/08 20:26:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2002/03/08 20:26:47 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/07 22:23:12 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2002/03/07 22:22:07 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2002/03/07 22:21:44 | 000,000,528 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2002/02/20 21:21:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/11/09 11:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 20:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 19:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 19:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 19:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 19:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 19:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 19:21:26 | 000,000,603 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 19:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 19:21:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 18:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 18:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 18:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 14:40:54 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 14:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 06:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 11:44:16 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/10/15 11:44:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/08/08 07:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 18:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 18:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 10:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/07/11 00:00:00 | 000,005,088 | ---- | C] () -- C:\WINDOWS\System32\mapi32x.dll
[1997/06/06 03:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
< End of report >
[2010/07/23 19:16:35 | 000,000,006 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2010/07/23 19:15:08 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2010/07/23 19:13:52 | 001,296,054 | ---- | M] () -- C:\WINDOWS\WebshotsForOwner.bmp
[2010/07/23 19:08:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/23 19:06:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/23 19:06:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/23 19:05:44 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/23 19:05:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/22 16:39:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/07/17 21:58:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/17 20:55:01 | 003,738,205 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\etavaresCF.exe
[2010/07/07 15:38:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/07/05 15:48:55 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/07/05 15:19:32 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/06/29 21:00:26 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/06/28 00:47:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/27 21:49:45 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 21:49:44 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 21:49:37 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 07:47:05 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users