Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP Pro very slow loading personal settings

Started by dirkab , Mar 22 2010 08:38 AM

Please log in to reply

#1
dirkab

Posted 22 March 2010 - 08:38 AM

Member

Member
19 posts

I belong to forum for my local newspaper, I received a personal message claiming to be from the forum administrator saying my account would be deleted because of spam that was discovered from my account. In the pm was a link that claimed to be to a website that would scan my cpu for problems...and I was stupid enough to fall for it.

Since then my cpu is running pretty slow, especially when I log onto my profile it takes like 2-3 minutes to "load my personal network."

I run avast free edition and regularly use ccleaner. I took the reccomended steps except the GMER scanner wouldn't work, also I tried scanning with Trend Micro online but the exe file wouldn't run. Here are the logs:

OTL logfile created on: 3/22/2010 9:13:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Dirk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.13 Gb Total Space | 13.67 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
Drive D: | 5.38 Gb Total Space | 0.69 Gb Free Space | 12.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP
Current User Name: Dirk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
PRC - [2010/03/09 05:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/16 11:28:11 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/04/18 20:35:38 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 20:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/07 02:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/09 16:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007/01/05 22:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/02/27 17:02:06 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/02/27 17:00:58 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/01/17 00:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2005/12/20 17:51:40 | 001,187,840 | ---- | M] () -- C:\WINDOWS\SMINST\Recguard.exe
PRC - [2005/08/31 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe

========== Modules (SafeList) ==========

MOD - [2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/02/26 04:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
MOD - [2006/12/04 10:31:00 | 000,090,112 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PCA)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/16 11:28:11 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/18 20:53:56 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\imapihp.exe -- (ImapiService)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/06/08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/18 20:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 02:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/22 06:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlservr.exe -- (MSSQL$TRANSAMERICA)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe -- (MSSQL$ALZMOBILITY)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlagent.EXE -- (SQLAgent$TRANSAMERICA)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlagent.EXE -- (SQLAgent$ALZMOBILITY)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...FORM=VE3D01&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {031d3073-ff27-44d8-a805-a78e9664b53e}:1.3.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.4.6
FF - prefs.js..keyword.URL: "http://www.bing.com/...FORM=VE3D01&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/02/21 13:41:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/02/21 13:41:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/18 10:56:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/21 13:41:55 | 000,000,000 | ---D | M]

[2008/12/08 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Extensions
[2008/12/08 15:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Extensions\[email protected]
[2010/01/14 15:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions
[2009/12/03 15:32:54 | 000,000,000 | ---D | M] (AlphaTicker) -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\{031d3073-ff27-44d8-a805-a78e9664b53e}
[2009/08/29 13:03:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/14 15:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\[email protected]
[2009/12/16 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\extensions\[email protected]
[2009/08/06 10:55:50 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\searchplugins\bing.xml
[2008/12/16 10:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/11/20 16:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr...ads/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://mt202.centra....raUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} http://www.j2kdvr.co...B/WebPlayer.cab (WebBackupPlayer Control)
O16 - DPF: {439AF17B-E5CF-41D4-963A-87F849576092} https://www.securian.../SOConfig32.cab (SOConfig Class)
O16 - DPF: {517049B1-E505-11D6-A0DA-00500484D146} https://www.lockwood...hirlPoolMPS.cab (Decline Class)
O16 - DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} http://www.j2kdvr.co.../RemoteWeb2.cab (RemoteWeb2 Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1192418731812 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {82082E6E-1C85-11D5-9370-0002B30B243A} https://www.lockwood...h/pwcontrol.CAB (AARiskAnalyzer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {964448D5-2CE6-4B1D-87B2-E5C877D48674} https://www.lockwood...Wealth/WAPE.CAB (WAPE.CashFlowGraph)
O16 - DPF: {9C57F717-5659-4657-89B7-5BA6F0EB37E1} https://www.securian...tOfficeLink.cab (SmartBridge Class)
O16 - DPF: {B757DCF1-8CD9-4E0A-B96D-784AEFA6D55E} https://www.lockwood.../XActivator.cab (CObjectActivator Object)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CBB030D5-4C7C-4341-A132-5B5F42903C3D} https://clientconnec.../wordbinder.cab (WordBinder Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.na.black...ls/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://securian.web...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 04:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/01 18:10:02 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/22 08:59:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454785745649664)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/21 12:53:52 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/03/21 12:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/03/20 14:43:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dirk\Recent
[2010/03/16 09:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dirk\Local Settings\Application Data\Citrix
[2010/03/16 09:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/03/15 09:35:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/15 09:35:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/15 09:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/15 09:34:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/15 09:19:11 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
[2010/03/15 09:15:57 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\TFC.exe
[2010/03/14 11:15:24 | 000,344,064 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX4OLE11.OCX
[2010/03/14 11:15:23 | 000,661,504 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\System32\TDBG5.OCX
[2010/03/14 11:15:23 | 000,659,456 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GRAPHS32.OCX
[2010/03/14 11:15:23 | 000,465,920 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSTABS32.OCX
[2010/03/14 11:15:23 | 000,324,600 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED20.OCX
[2010/03/14 11:15:23 | 000,323,584 | ---- | C] (Sax Software Corporation.) -- C:\WINDOWS\System32\CSTEXT32.OCX
[2010/03/14 11:15:23 | 000,237,568 | ---- | C] (SoftArtisans, Inc. (http://www.softartisans.com)) -- C:\WINDOWS\System32\SAXFILE.DLL
[2010/03/14 11:15:23 | 000,218,112 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\SSDOCK32.OCX
[2010/03/14 11:15:23 | 000,208,896 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_png.flt
[2010/03/14 11:15:23 | 000,172,032 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_jpg.flt
[2010/03/14 11:15:23 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_tif.flt
[2010/03/14 11:15:23 | 000,049,152 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_gif.flt
[2010/03/14 11:15:23 | 000,033,280 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_wmf.flt
[2010/03/14 11:15:23 | 000,030,720 | ---- | C] (DBS GmbH) -- C:\WINDOWS\System32\PGRUL.OCX
[2010/03/14 11:15:22 | 000,667,648 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSPROP32.DLL
[2010/03/14 11:15:22 | 000,495,616 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_PDF.DLL
[2010/03/14 11:15:22 | 000,348,160 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_DOC.DLL
[2010/03/14 11:15:22 | 000,339,968 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_OBJ.DLL
[2010/03/14 11:15:22 | 000,303,104 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_XML.DLL
[2010/03/14 11:15:22 | 000,294,912 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_CSS.DLL
[2010/03/14 11:15:22 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_RTF.DLL
[2010/03/14 11:15:22 | 000,208,896 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_HTM.DLL
[2010/03/14 11:15:22 | 000,122,880 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_TLS.DLL
[2010/03/14 11:15:22 | 000,102,400 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_IC.DLL
[2010/03/14 11:15:22 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\TX11_WND.DLL
[2010/03/14 11:15:22 | 000,049,152 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx11_bmp.flt
[2010/03/14 11:15:21 | 000,434,176 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSW32.EXE
[2010/03/14 11:15:21 | 000,253,952 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSWAG32.DLL
[2010/03/14 11:15:21 | 000,200,704 | ---- | C] (EllTech Development, Inc.) -- C:\WINDOWS\System32\CP5DLL32.DLL
[2010/03/14 11:15:21 | 000,167,936 | ---- | C] (Graphics Server Technologies) -- C:\WINDOWS\System32\GSWDLL32.DLL
[2010/03/14 11:15:21 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL
[2010/03/14 11:15:21 | 000,022,528 | ---- | C] (Blue Sky Software Corp.) -- C:\WINDOWS\System32\RHMMPLAY.DLL
[2009/09/01 14:04:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/01 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/12/19 11:50:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2008/08/29 10:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/09 21:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/05/24 13:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/05/10 12:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ApplicationHistory
[2008/05/10 12:03:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/05/10 12:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/06/22 12:06:46 | 000,010,240 | ---- | C] ( ) -- C:\Program Files\Common Files\JH_Killer.exe

========== Files - Modified Within 14 Days ==========

[2010/03/22 09:02:44 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Dirk\NTUSER.DAT
[2010/03/22 09:02:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/22 08:59:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/22 08:59:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/22 08:59:05 | 3623,276,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/22 08:58:01 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\Dirk\NTUSER.bak
[2010/03/22 08:58:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dirk\ntuser.ini
[2010/03/20 19:41:07 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/03/19 23:59:50 | 000,000,551 | ---- | M] () -- C:\WINDOWS\RemoteWebInfo.INF
[2010/03/16 19:56:06 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices2.doc
[2010/03/16 16:27:09 | 000,784,960 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\IV01CS1008.pdf
[2010/03/16 16:23:11 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices.doc
[2010/03/16 09:13:43 | 000,402,060 | ---- | M] () -- C:\Documents and Settings\Dirk\My Documents\cc_20100316_091330.reg
[2010/03/15 15:08:46 | 003,553,035 | ---- | M] () -- C:\Documents and Settings\Dirk\My Documents\Backup-(2010-03-15).ipd
[2010/03/15 15:04:05 | 271,060,312 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\501_b049_multilanguage.exe
[2010/03/15 09:35:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/15 09:33:32 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\NTREGOPT.lnk
[2010/03/15 09:33:32 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\ERUNT.lnk
[2010/03/15 09:20:13 | 000,084,684 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Virus Instructions.pdf
[2010/03/15 09:19:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\OTL.exe
[2010/03/15 09:15:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dirk\Desktop\TFC.exe
[2010/03/15 08:59:02 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/14 11:15:02 | 000,000,906 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/14 11:02:53 | 000,617,494 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 11:02:53 | 000,509,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 11:02:53 | 000,096,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/13 14:44:09 | 000,053,169 | ---- | M] () -- C:\Documents and Settings\Dirk\Desktop\Tire replace reciept.pdf
[2010/03/09 05:24:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 05:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 05:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 05:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 05:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/03/21 12:34:57 | 3623,276,544 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/21 12:02:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\gmer.exe
[2010/03/16 19:56:05 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices2.doc
[2010/03/16 16:27:05 | 000,784,960 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\IV01CS1008.pdf
[2010/03/16 09:13:34 | 000,402,060 | ---- | C] () -- C:\Documents and Settings\Dirk\My Documents\cc_20100316_091330.reg
[2010/03/15 23:36:15 | 000,000,551 | ---- | C] () -- C:\WINDOWS\RemoteWebInfo.INF
[2010/03/15 23:10:01 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Snap Fitness Corporate Prices.doc
[2010/03/15 15:08:46 | 003,553,035 | ---- | C] () -- C:\Documents and Settings\Dirk\My Documents\Backup-(2010-03-15).ipd
[2010/03/15 15:03:57 | 271,060,312 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\501_b049_multilanguage.exe
[2010/03/15 09:35:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/15 09:33:32 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\NTREGOPT.lnk
[2010/03/15 09:33:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\ERUNT.lnk
[2010/03/15 09:20:11 | 000,084,684 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Virus Instructions.pdf
[2010/03/14 11:15:23 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\TX11.DLL
[2010/03/14 11:15:23 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\TX11_IC.INI
[2010/03/14 11:15:22 | 001,683,456 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13N.DLL
[2010/03/14 11:15:22 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/03/14 11:15:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/03/14 11:15:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WH2ROBO.DLL
[2010/03/13 14:44:07 | 000,053,169 | ---- | C] () -- C:\Documents and Settings\Dirk\Desktop\Tire replace reciept.pdf
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/22 09:44:37 | 000,000,087 | ---- | C] () -- C:\WINDOWS\System32\Transware.ini
[2008/12/19 11:50:46 | 000,000,098 | ---- | C] () -- C:\WINDOWS\ISP.INI
[2008/12/19 11:50:42 | 000,000,037 | ---- | C] () -- C:\WINDOWS\SIEngine.INI
[2008/12/19 11:50:24 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Docobj.dll
[2008/12/19 11:50:21 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/12/08 12:15:55 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\fusioncache.dat
[2008/07/24 10:55:26 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 10:28:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dirk\Local Settings\Application Data\AtStart.txt
[2008/05/10 12:03:19 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2008/03/27 18:32:06 | 001,044,480 | ---- | C] () -- C:\WINDOWS\System32\SkinManager.dll
[2008/03/27 18:05:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\RemoteSocket.dll
[2008/02/27 10:50:28 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/06 14:49:35 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2007/10/22 09:22:20 | 000,005,244 | ---- | C] () -- C:\WINDOWS\System32\TX162011.DLL
[2007/10/22 09:22:09 | 000,012,154 | ---- | C] () -- C:\WINDOWS\System32\GS162011.DLL
[2007/10/15 15:40:38 | 000,000,982 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/15 00:06:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/10/15 00:06:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/10/14 23:58:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/14 23:58:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/14 23:58:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/14 23:58:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/14 23:58:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/14 23:58:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/14 23:56:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll
[2007/10/14 23:54:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/06/08 09:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2006/09/20 02:45:34 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/27 16:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 14:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/06/01 04:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2003/12/09 10:14:40 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\msioq32.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/02/27 09:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 09:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 09:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/28 18:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/01/31 13:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/12 13:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brentmark
[2009/12/01 17:53:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/01 18:10:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2007/10/14 23:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008/12/08 12:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JohnHancock
[2009/01/12 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leimberg
[2008/12/19 11:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetLife
[2007/10/17 09:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnesota Life
[2007/12/20 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/04/22 09:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transamerica
[2010/02/21 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/28 09:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/05 17:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Amazon
[2008/09/04 08:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Blackberry Desktop
[2008/11/14 09:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Centra
[2008/10/02 10:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/20 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\eM Client
[2008/12/21 19:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Foxit
[2008/07/19 10:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Infineon
[2010/02/12 14:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\IsolatedStorage
[2009/01/12 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Leimberg
[2009/01/14 12:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Liveoffice
[2008/12/19 11:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\MetLife
[2010/02/23 01:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Pershing
[2008/12/08 15:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Prism
[2008/08/27 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Research In Motion
[2008/11/18 14:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Saba
[2006/09/20 03:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\SampleView
[2008/07/20 09:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Smith Micro
[2009/01/08 10:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\SumatraPDF
[2008/12/20 17:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Thunderbird
[2009/09/01 13:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Windows Desktop Search
[2009/09/02 09:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dirk\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\I386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\i386\sp2.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:AGP440.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\I386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 14-10-07 2108\WINDOWS\i386\sp2.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\i386\sp2.cab:atapi.sys
[2008/08/29 09:47:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 19:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\SwSetup\HDD\iastor.sys
[2005/10/12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\WINDOWS\SMINST\RPFiles\MiniNT\System32\Drivers\iastor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\drivers\iaStor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005/10/12 07:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 14-10-07 2108\WINDOWS\system32\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/10/16 21:05:56 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/07 00:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/07 00:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

< >
< End of report >

OTL Extras logfile created on: 3/22/2010 9:13:00 AM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Dirk\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.13 Gb Total Space | 13.67 Gb Free Space | 19.77% Space Free | Partition Type: NTFS
Drive D: | 5.38 Gb Total Space | 0.69 Gb Free Space | 12.75% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP
Current User Name: Dirk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\Minnesota Life\Harmony\illus.exe" = C:\Program Files\Minnesota Life\Harmony\illus.exe:*:Enabled:Harmony Illustrations Application -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Lincoln Financial Group\Lincoln DesignIt - Lincoln Financial Distributors\bin\DesktopController.exe" = C:\Program Files\Lincoln Financial Group\Lincoln DesignIt - Lincoln Financial Distributors\bin\DesktopController.exe:*:Enabled:Lincoln DesignIt Desktop -- (Lincoln Financial Group)
"C:\Fiserv Life Portraits\FipWebServer.exe" = C:\Fiserv Life Portraits\FipWebServer.exe:*:Enabled:FipWebServer -- (FIPSCO)
"C:\Program Files\LiveOffice\IMC Messenger\mtc.exe" = C:\Program Files\LiveOffice\IMC Messenger\mtc.exe:*:Enabled:IMC Meeting -- (Liveoffice Corp)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\Dirk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Dirk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07E5F8FF-EA1C-1CBC-A7E4-27893B7C281D}" = Catalyst Control Center Localization Polish
"{09908B2B-C536-731B-5598-B113BC084ABC}" = Catalyst Control Center Graphics Full Existing
"{0CD37EDD-A8E8-A5FB-4F40-1EB45EA4AB2D}" = CCC Help Danish
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 08.6.5
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{116E1853-BB7C-C687-3467-37F671924292}" = Catalyst Control Center Localization Spanish
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{126A97A2-D56E-324B-07D0-D09C939E675E}" = CCC Help German
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18649553-A2D8-3C4E-44B0-B8B387E19E66}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2460F42B-8315-FFE5-C895-F34C25298F8D}" = Skins
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 15
"{2ACC38C3-BF3C-4D41-BE50-44D993CDBF05}" = MetWINS
"{2D28AB6E-87C6-4CDE-AB20-79D6F78C5A28}" = HP User Guides 0021
"{2D69DEF9-3CEC-4980-9A8E-28276A385ABF}" = LPES Desktop - AVIVA USA
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31EDCBB1-22DF-7CE2-651F-1B70084B045B}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33E26EA7-8EBA-0199-1682-B61491A06640}" = CCC Help Portuguese
"{3437885F-0A95-4C2C-AAEB-B6BFBDE7A31C}" = NetX360
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F93B2BA-18EC-462B-9ACD-396599353EE1}" = Catalyst Control Center - Branding
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42311A03-EC26-4D23-F27C-F0F18B9BF92A}" = CCC Help Chinese Standard
"{4459FAA9-4313-12FE-75CC-E639E5EE805E}" = CCC Help Finnish
"{44AF704F-E94E-04D9-5601-CAAC23602E8A}" = CCC Help English
"{491A1587-7C4C-5D8A-6440-FF11E2C11AA2}" = Catalyst Control Center Localization Norwegian
"{49A98DB5-1EBE-F4A4-F938-B6896F6520FD}" = Catalyst Control Center Localization Thai
"{4B326775-476E-4856-8418-C74565BA174F}" = JH Illustrator Crystal Report net
"{4DFAB9CA-0168-042A-7004-43BF08C47017}" = CCC Help Thai
"{4E506833-6266-07AF-59E3-46B2970866F1}" = Catalyst Control Center Localization Chinese Traditional
"{5000DC20-6CF9-5000-AE08-500F40FE5000}" = JH Illustrator - John Hancock's Illustration System
"{5020DC20-6CF9-5020-AE09-502F40FE5020}" = JH Illustrator - John Hancock's Illustration System
"{50A8B257-F83A-37C0-7BAA-A9D94AA570A5}" = Catalyst Control Center Localization Turkish
"{522DAB8E-9ED2-4737-9557-E4DE8E7191F7}" = Windows Live Sync
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{55C98239-914A-46C1-B19D-83E90F7E00CC}" = Fingerprint Sensor Minimum Install
"{5646121C-36D4-FF4C-3FFB-C21F1B8050FE}" = CCC Help Chinese Traditional
"{589FC32F-0AC7-069C-1706-C1AF6D1ED2F1}" = Catalyst Control Center Localization Czech
"{594CEB81-AE2F-66F4-17D6-7A4CD49E3F62}" = CCC Help Russian
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{63ED7A1D-6DED-1E09-290C-E49160DC7D56}" = Catalyst Control Center Localization Portuguese
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{674A8796-3464-4785-A245-9C759F5BEDDF}" = Catalyst Control Center Localization Finnish
"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (TRANSAMERICA)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E6F4A80-B698-2FB1-3D73-A8F1C3D2AD0A}" = Catalyst Control Center Localization Japanese
"{71676F9D-5EC9-A413-AE93-CD9D0571EA5D}" = CCC Help Turkish
"{71FA95D1-AE8B-DBD8-A85B-D919F45FE9C0}" = Catalyst Control Center Localization German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736278ED-A2F7-EFCE-04C6-E169F1979F3C}" = CCC Help Greek
"{746F4376-04A8-BA11-30F7-FF59E1BEF830}" = CCC Help Spanish
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}" = HP Broadband Wireless Modules
"{7869EC3D-E579-40F6-94BB-15D666FA5700}" = Transamerica Life Products Illustration System- TransWare
"{7F06FB3E-C21D-5BD9-E613-3BC824219A3C}" = CCC Help Norwegian
"{7F2DA597-5F9C-4D63-5E8B-010E3E8A1592}" = Catalyst Control Center Localization Italian
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82B1AC0A-004C-A393-C423-D13C20C9C4DB}" = CCC Help Japanese
"{84C88205-C97A-8697-7FEB-E4B5520525F6}" = CCC Help Dutch
"{858C52B5-33C9-3550-71BB-CB03A98A18AE}" = Catalyst Control Center Localization Hungarian
"{88E8B29D-5F57-9F86-076B-03DEDC353596}" = Catalyst Control Center Localization Dutch
"{899DDD05-3440-5C6D-8E85-20B6651C54ED}" = Catalyst Control Center Localization Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94FEACDA-6450-441D-A4F4-77B6A94B3BD2}" = Transamerica Life Products Illustration System TransWare Prerequisite
"{9598741E-CA95-BFE9-4B90-84D4EF9CD759}" = CCC Help French
"{962C52AD-2E43-2E98-F974-1C7405371E06}" = CCC Help Swedish
"{A0D167EF-163B-260E-6001-76627CC18F35}" = Catalyst Control Center Graphics Full New
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}" = HP Notebook Accessories Product Tour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB418484-7892-6EF7-30F9-AD47C368B973}" = CCC Help Hungarian
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9 Lite
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 G1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE92BC4A-A018-09BB-0D2A-882F0D5C4769}" = CCC Help Polish
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B256C753-09EB-40AA-B6CA-AC72F4D1B543}" = BlackBerry USB Drivers
"{B55C1C58-D28C-EEBE-78A7-2593C1675B50}" = ccc-core-static
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C5A2EFB8-2D96-D4FA-8243-CC3087DD4BE1}" = Catalyst Control Center Localization Greek
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5A879-9647-4A05-A366-29E6DBF0D868}" = Laser App Enterprise
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDC0B97-C98E-4449-A08F-B8AF3F4E29C8}" = Fingerprint Sensor Minimum Install
"{CD038E1D-1823-50AC-ACCC-AACBD04BC04B}" = Catalyst Control Center Localization Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D906FDC5-C96E-AAB2-2F82-241F180F6D75}" = Catalyst Control Center Core Implementation
"{D9835F86-E1A6-893A-63D4-64DF64D30771}" = Catalyst Control Center Localization Danish
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DE01F047-C168-4C9A-F9C2-06C385383E92}" = CCC Help Czech
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E27FEFC6-E659-0B3F-8617-D2CC2A3B6B63}" = Catalyst Control Center Localization Swedish
"{E7485CE5-C004-44D6-AA3E-7EE4DFE2B70E}" = HP Support Phone Numbers
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2AA62A1-9E2D-828D-F113-627CCAC4D2D9}" = CCC Help Italian
"{F378039C-4330-19BF-F960-7F941211A725}" = Catalyst Control Center Localization French
"{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}" = Embedded Security for HP ProtectTools
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8599AC9-2F28-6C85-4BE2-FAA8B0722778}" = ccc-core-preinstall
"{FAE43BBC-3A2B-095D-E8E1-3C6E1F53EDD5}" = Catalyst Control Center Localization Russian
"{FAE4E0F4-AA19-148E-213E-F6C72F2B6625}" = ccc-utility
"{FF580DE1-02C0-4A46-869A-E1E4F6FB79F1}" = Google Desktop Plugin - leCalendar
"ActiveScan 2.0" = Panda ActiveScan 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Multilife Processor (AMP)" = Advanced Multilife Processor (AMP)
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CentraClient" = Centra Client
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"ForeSight ULSG Wrapper" = ForeSight ULSG Wrapper
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ING Presents" = ING Presents
"InstallShield_{5000DC20-6CF9-5000-AE08-500F40FE5000}" = JH Illustrator - John Hancock's Illustration System
"InstallShield_{5020DC20-6CF9-5020-AE09-502F40FE5020}" = JH Illustrator - John Hancock's Illustration System
"InstallShield_{7869EC3D-E579-40F6-94BB-15D666FA5700}" = Transamerica Life Products Illustration System- TransWare
"InstallShield_{94FEACDA-6450-441D-A4F4-77B6A94B3BD2}" = Transamerica Life Products Illustration System TransWare Prerequisite
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Integrated Software Platform (ISP) System and Components" = Integrated Software Platform (ISP) System and Components
"Keir Practice Test_is1" = Keir Practice Test 2.04.49
"Kettley's Professional Advisor Series for 2009" = Kettley's Professional Advisor Series for 2009
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lincoln DesignIt - Lincoln Financial Distributors" = Lincoln DesignIt - Lincoln Financial Distributors
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NumberCruncher" = NumberCruncher
"PDF to JPG Converter" = PDF to JPG Converter 1.0
"PruSelect Products" = PruSelect Products
"QuickLink Mobile" = QuickLink Mobile
"State Death Tax Manager" = State Death Tax Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F3B05E3-EBAC-11D4-8839-0008C7E93768}" = Merlin Marketing System 08.6.5
"GoToMeeting" = GoToMeeting 4.5.0.452
"IMCMessenger" = IMC Messenger (remove only)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"pdfsam" = pdfsam

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 5/15/2008 11:23:32 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 7/1/2008 12:09:30 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 8/3/2008 10:43:18 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 12/31/2008 1:50:46 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 2/11/2009 5:10:45 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 2/12/2009 6:08:39 PM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 4/7/2009 11:11:10 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

Error - 9/3/2009 10:11:02 AM | Computer Name = HP | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3/4/2010 10:52:15 AM | Computer Name = HP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\SCANS\NEW FOLDER> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 3/4/2010 10:52:17 AM | Computer Name = HP | Source = Windows Search Service | ID = 3013
Description = The entry <C:\SCANS\NEW FOLDER> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 3/7/2010 12:35:20 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x0000980f.

Error - 3/16/2010 5:26:41 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.

Error - 3/16/2010 5:26:52 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.

Error - 3/16/2010 5:27:12 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.

Error - 3/16/2010 5:27:27 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 9.0.0.332, faulting module
acroform.api, version 9.0.0.332, fault address 0x0019d98b.

Error - 3/20/2010 4:02:33 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/20/2010 4:04:27 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/21/2010 1:04:15 PM | Computer Name = HP | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Credential Manager Events ]
Error - 3/14/2009 11:56:16 AM | Computer Name = HP | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
Dirk@HP Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.

Error - 9/5/2009 9:57:15 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.

Error - 9/5/2009 9:57:25 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.

Error - 9/5/2009 9:57:36 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.

Error - 12/9/2009 1:19:35 PM | Computer Name = HP | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Dirk@HP Credentials:
Fingerprints Error: (0xC5161001) The fingerprints provided do not match.

[ System Events ]
Error - 3/21/2010 1:20:06 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm SASDIFSV SASKUTIL

Error - 3/21/2010 1:22:52 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/21/2010 1:30:56 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/21/2010 1:34:08 PM | Computer Name = HP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/21/2010 1:35:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3

Error - 3/21/2010 1:35:30 PM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 3/22/2010 9:31:34 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3

Error - 3/22/2010 9:31:40 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 3/22/2010 9:59:30 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The PC Angel service failed to start due to the following error: %%3

Error - 3/22/2010 9:59:37 AM | Computer Name = HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

< End of report >

Malwarebytes' Anti-Malware 1.44
Database version: 3870
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/15/2010 9:45:17 AM
mbam-log-2010-03-15 (09-45-17).txt

Scan type: Quick Scan
Objects scanned: 156907
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender Platinum\backup\6_1_2008.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

#2
RKinner

Posted 23 March 2010 - 02:29 PM

Malware Expert

Expert
24,625 posts

Rerun MalwareBytes AntiMalware but this time let it do a full scan. Will probably take about an hour.

Then
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

#3
dirkab

Posted 24 March 2010 - 09:48 PM

Member

Topic Starter
Member
19 posts

ComboFix 10-03-24.02 - Dirk 03/24/2010 22:03:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2652 [GMT -5:00]
Running from: c:\documents and settings\Dirk\Desktop\george.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\recycler\S-1-5-21-4141339173-3245511589-4181983071-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-22 21:31 . 2010-03-22 21:31 -------- d-----w- c:\documents and settings\Dirk\Local Settings\Application Data\NetX360Updates
2010-03-22 20:53 . 2010-03-22 20:53 -------- d-----w- c:\windows\system32\Resource
2010-03-21 17:53 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-03-21 17:22 . 2010-03-21 17:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-16 14:51 . 2010-03-16 14:51 -------- d-----w- c:\documents and settings\Dirk\Local Settings\Application Data\Citrix
2010-03-16 14:51 . 2010-03-22 20:53 -------- d-----w- c:\program files\Citrix
2010-03-15 14:35 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 14:35 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 14:35 . 2010-03-15 14:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 14:33 . 2010-03-15 14:33 -------- d-----w- c:\program files\ERUNT
2010-03-12 19:54 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 17:26 . 2008-12-20 22:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-23 16:09 . 2009-10-23 17:32 -------- d-----w- c:\documents and settings\Dirk\Application Data\HpUpdate
2010-03-21 17:53 . 2008-05-11 01:19 -------- d-----w- c:\program files\Panda Security
2010-03-21 00:41 . 2008-05-29 02:38 256 ----a-w- c:\windows\system32\pool.bin
2010-03-19 19:05 . 2009-09-04 15:02 -------- d-----w- c:\program files\Laser App Enterprise
2010-03-14 16:15 . 2007-10-22 14:21 -------- d-----w- c:\program files\KPC
2010-03-09 10:24 . 2007-10-15 16:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-09 10:24 . 2007-10-15 16:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 10:12 . 2007-10-15 16:24 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 10:12 . 2008-04-06 02:51 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 10:09 . 2007-10-15 16:24 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 10:08 . 2007-10-15 16:24 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 10:08 . 2007-10-15 16:24 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 10:08 . 2008-04-06 02:51 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 10:08 . 2007-10-15 16:24 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-23 06:07 . 2007-10-15 05:06 -------- d-----w- c:\program files\NetExchange Pro3.0
2010-02-23 06:06 . 2009-02-05 23:24 -------- d-----w- c:\documents and settings\Dirk\Application Data\Pershing
2010-02-21 19:24 . 2008-08-03 18:23 -------- d-----w- c:\documents and settings\Dirk\Application Data\Apple Computer
2010-02-21 18:43 . 2010-02-21 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-21 18:43 . 2010-02-21 18:43 -------- d-----w- c:\program files\iTunes
2010-02-21 18:43 . 2010-02-21 18:43 -------- d-----w- c:\program files\iPod
2010-02-21 18:43 . 2008-01-24 17:21 -------- d-----w- c:\program files\Common Files\Apple
2010-02-21 18:41 . 2010-02-21 18:41 -------- d-----w- c:\program files\QuickTime
2010-02-21 18:37 . 2010-02-21 18:37 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-15 15:04 . 2008-05-15 05:19 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2010-02-12 19:52 . 2010-02-12 19:52 -------- d-----w- c:\documents and settings\Dirk\Application Data\IsolatedStorage
2010-02-12 17:36 . 2010-02-12 17:36 -------- d-----w- c:\program files\Pershing
2010-02-11 15:21 . 2010-02-11 15:21 53248 ----a-r- c:\documents and settings\Dirk\Application Data\Microsoft\Installer\{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}\ARPPRODUCTICON.exe
2010-02-11 15:21 . 2008-08-03 15:21 -------- d-----w- c:\program files\Common Files\Research in Motion
2010-01-31 18:16 . 2007-10-15 16:24 -------- d-----w- c:\program files\Alwil Software
2010-01-31 18:14 . 2010-01-31 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-21 00:41 . 2008-08-15 12:48 32 ----a-w- c:\windows\system32\kijuyb.dat
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2007-06-22 17:06 . 2007-06-22 17:06 10240 ----a-w- c:\program files\Common Files\JH_Killer.exe
2008-04-10 01:59 . 2008-04-10 01:59 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-05-23 677408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 14:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 07:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-21 08:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-16 00:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaserAppUpdate]
2009-04-20 17:10 1533720 ----a-w- c:\program files\Laser App Enterprise\laupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-10-09 17:23 697976 ----a-w- c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2005-11-08 17:59 184320 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Lincoln Financial Group\\Lincoln DesignIt - Lincoln Financial Distributors\\bin\\DesktopController.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Fiserv Life Portraits\\FipWebServer.exe"=
"c:\\Program Files\\LiveOffice\\IMC Messenger\\mtc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/21/2010 12:53 PM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/5/2008 9:51 PM 162640]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [4/18/2007 8:32 PM 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/5/2008 9:51 PM 19024]
R2 MSSQL$ALZMOBILITY;MSSQL$ALZMOBILITY;c:\program files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe -sALZMOBILITY --> c:\program files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe -sALZMOBILITY [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [9/20/2006 2:24 AM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 8:26 AM 41216]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [10/18/2009 8:31 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/9/2008 8:59 PM 30192]
S3 MSSQL$TRANSAMERICA;MSSQL$TRANSAMERICA;c:\program files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlservr.exe -sTRANSAMERICA --> c:\program files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlservr.exe -sTRANSAMERICA [?]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SQLAgent$ALZMOBILITY;SQLAgent$ALZMOBILITY;c:\program files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlagent.EXE -i ALZMOBILITY --> c:\program files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlagent.EXE -i ALZMOBILITY [?]
S3 SQLAgent$TRANSAMERICA;SQLAgent$TRANSAMERICA;c:\program files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlagent.EXE -i TRANSAMERICA --> c:\program files\Microsoft SQL Server\MSSQL$TRANSAMERICA\Binn\sqlagent.EXE -i TRANSAMERICA [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://mt202.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {16BC6A51-9F62-49E3-9F96-C842EF2FFE3E} - hxxp://www.j2kdvr.com/CAB/WebPlayer.cab
DPF: {439AF17B-E5CF-41D4-963A-87F849576092} - hxxps://www.securianadvisor.com/java/downloads/SOConfig32.cab
DPF: {4AC2F548-B920-4A3E-BBA0-9F13A952D525} - hxxp://www.j2kdvr.com/CAB/JMRemoteSetupWeb.cab
DPF: {517049B1-E505-11D6-A0DA-00500484D146} - hxxps://www.lockwoodadvisors.com/genmmw/ProbableWealth/AWhirlPoolMPS.cab
DPF: {54CFC975-F9FB-45EB-8D18-D2D04FBC4299} - hxxp://www.j2kdvr.com/CAB/RemoteWeb2.cab
DPF: {82082E6E-1C85-11D5-9370-0002B30B243A} - hxxps://www.lockwoodadvisors.com/genmmw/ProbableWealth/pwcontrol.CAB
DPF: {964448D5-2CE6-4B1D-87B2-E5C877D48674} - hxxps://www.lockwoodadvisors.com/genmmw/ProbableWealth/WAPE.CAB
DPF: {9C57F717-5659-4657-89B7-5BA6F0EB37E1} - hxxps://www.securianadvisor.com/java/downloads/SmartOfficeLink.cab
DPF: {B757DCF1-8CD9-4E0A-B96D-784AEFA6D55E} - hxxps://www.lockwoodadvisors.com/genmmw/library/XActivator.cab
DPF: {CBB030D5-4C7C-4341-A132-5B5F42903C3D} - hxxps://clientconnect.securianadvisor.com/java/downloads/wordbinder.cab
DPF: {CF1572D7-C2DB-456A-8F56-CFAAA4C79251} - hxxp://www.j2kdvr.com/CAB/WEB_BACKUP2.cab
FF - ProfilePath - c:\documents and settings\Dirk\Application Data\Mozilla\Firefox\Profiles\12vmuccf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=VE3D01&q=
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-dvd43 - c:\program files\dvd43\dvd43_tray.exe
MSConfigStartUp-GoBoingo - c:\program files\Alltel\GoBoingo\AlltelWifi.exe
MSConfigStartUp-mSpotAlltelRemix - c:\program files\Alltel Jump Music\Remix\msptcmd.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Dirk\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????T??????(?@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\windows\system32\xenroll.dll
c:\windows\system32\WININET.dll
c:\windows\system32\IFXTSP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\IfxSpArc.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\IFXTCSps.dll
c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
c:\windows\system32\IFXTPMCP.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll
c:\program files\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll
c:\program files\Microsoft CAPICOM 2.1.0.2\Lib\X86\capicom.dll
c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'explorer.exe'(6008)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL$ALZMOBILITY\Binn\sqlservr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-03-24 22:19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-25 03:19

Pre-Run: 14,488,985,600 bytes free
Post-Run: 14,481,551,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 8EED8294F902D244EF1F644A80DA0346

#4
RKinner

Posted 24 March 2010 - 11:42 PM

Malware Expert

Expert
24,625 posts

Were you able to do a Full Scan with MBAM?

Try the free BitDefender online scan. http://www.bitdefend...nline/free.html

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

Ron

#5
dirkab

Posted 25 March 2010 - 01:50 PM

Member

Topic Starter
Member
19 posts

Sorry forgot to post the other log, I'll try bitdefender this evening. Thanks!

Malwarebytes' Anti-Malware 1.44
Database version: 3910
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/24/2010 8:23:36 PM
mbam-log-2010-03-24 (20-23-36).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 349686
Time elapsed: 1 hour(s), 22 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)